What's you LDAP and what profile did you choose? This looks like you have chosen incorect profile during setup. Are you sure you arent using posix group and using non-posix aaa profile? Sharing a debug log of ovirt-engine-extensions-tool would be helpfull. On Fri, May 25, 2018, 10:04 AM Callum Smith <callum@well.ox.ac.uk> wrote:
Dear All,
I'm having problems getting LDAP running, login works, but I'm getting "user is not authorised to perform login" - this is even if i specify the UserRole specifically to the LDAP group the user is in.
2018-05-25 08:56:16,212+01 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-23) [] User callum@Biomedical Research Computing successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access 2018-05-25 08:56:16,391+01 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-25) [63e60fe9] Running command: CreateUserSessionCommand internal: false. 2018-05-25 08:56:16,430+01 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-25) [63e60fe9] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User callum@Biomedical Research Computing connecting from '192.168.65.254' failed to log in<UNKNOWN>. 2018-05-25 08:56:16,430+01 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-25) [] The user callum@Biomedical Research Computing is not authorized to perform login
on a side note: is it possible to assign permissions to all members of an LDAP tree where they dont have a common group membership?
Regards, Callum
--
Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. callum@well.ox.ac.uk
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org