1:01 p.m.
This is a multi-part message in MIME format.
--------------FF431EB5B60D11CD4462F1DF
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
I would like to submit a problem with active directory authentication.
Let me make an introduction.
Actually my infrastructure consists in 1 manager and 2 nodes (version
4.0.4).
The active directory forest consists in many subdomains.
In the active directory forest there are 2 type of accounts:
-1- normal users, this account is similar to name.surname(a)domain.it
-2- particular users, this account is similar to s123456(a)subdomain.domain.it
Important note: the subdomain of the account type 2 is an alias domain
for example:
s123456(a)subdomain.domain.it is an alias of s123456(a)domain.it
When I do login from user portal:
- with normal users I login correctly and I can start the vm without problem
- with particular users I login correctly but I can not start the vm
although I have permissions. To solve this problem I must insert the
account in the db of ovirt from administration portal in the users tab
I noticed that, with a particular users (s123456(a)subdomain.domain.it),
the ovirt infrastructure does not automatically insert this account in
the own db.
Also the subdomain.domain.it is not in the list of the subdomains of the
forest, perhaps it is for this reason that does not work properly.
I deduced that is an active directory problem (that in not resolvable
for the complexity of the AD infrastructure), I ask you if exist a
script for insert of many accounts at one time. Something like:
script.sh < list-users.txt
where the file lists-users.txt consists of a sequential list of accounts
like this:
s000001(a)subdomain.polito.it
s000002(a)subdomain.polito.it
s000003(a)subdomain.polito.it
s000004(a)subdomain.polito.it
Thank you very much for your help
Nicola
--------------FF431EB5B60D11CD4462F1DF
Content-Type: text/html; charset=iso-8859-15
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=iso-8859-15">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font size="-1">Hi,<br>
I would like to submit a problem with active directory
authentication.<br>
Let me make an introduction.<br>
Actually my infrastructure consists in 1 manager and 2 nodes
(version 4.0.4).<br>
The active directory forest consists in many subdomains.<br>
In the active directory forest there are 2 type of accounts:<br>
-1- normal users, this account is similar to
<a class="moz-txt-link-abbreviated"
href="mailto:name.surname@domain.it">name.surname@domain.it</a><br>
-2- particular users, this account is similar to
<a class="moz-txt-link-abbreviated"
href="mailto:s123456@subdomain.domain.it">s123456@subdomain.domain.it</a><br>
<br>
Important note: the subdomain of the account type 2 is an alias
domain for example:<br>
<br>
<a class="moz-txt-link-abbreviated"
href="mailto:s123456@subdomain.domain.it">s123456@subdomain.domain.it</a>
is an alias of
<a class="moz-txt-link-abbreviated"
href="mailto:s123456@domain.it">s123456@domain.it</a><br>
<br>
When I do login from user portal:<br>
<br>
- with normal users I login correctly and I can start the vm
without problem<br>
- with particular users I login correctly but I can not start
the vm although I have permissions. To solve this problem I must
insert the account in the db of ovirt from administration portal
in the users tab<br>
<br>
I noticed that, with a particular users
(<a class="moz-txt-link-abbreviated"
href="mailto:s123456@subdomain.domain.it">s123456@subdomain.domain.it</a>),
the ovirt infrastructure does not
automatically insert this account in the own db.<br>
<br>
Also the subdomain.domain.it is not in the list of the
subdomains of the forest, perhaps it is for this reason that
does not work properly.<br>
<br>
I deduced that is an active directory problem (that in not
resolvable for the complexity of the AD infrastructure), I ask
you if exist a script for insert of many accounts at one time.
Something like:<br>
<br>
script.sh < list-users.txt<br>
<br>
where the file lists-users.txt consists of a sequential list of
accounts like this:<br>
<br>
</font><font size="-1"> <a
class="moz-txt-link-abbreviated"
href="mailto:s000001@subdomain.polito.it">s000001@subdomain.polito.it</a></font><br>
<font size="-1"> <a class="moz-txt-link-abbreviated"
href="mailto:s000002@subdomain.polito.it">s000002@subdomain.polito.it</a></font><br>
<font size="-1"> <a class="moz-txt-link-abbreviated"
href="mailto:s000003@subdomain.polito.it">s000003@subdomain.polito.it</a></font><br>
<font size="-1"> <a class="moz-txt-link-abbreviated"
href="mailto:s000004@subdomain.polito.it">s000004@subdomain.polito.it</a></font><br>
<font size="-1"><br>
Thank you very much for your help <br>
<br>
Nicola</font><br>
</p>
</body>
</html>
--------------FF431EB5B60D11CD4462F1DF--