Alex/Greg, could you please take a look?

Thanks

Martin


On Mon, Oct 24, 2016 at 2:02 PM, Baptiste Agasse <baptiste.agasse@lyra-network.com> wrote:
Hi,

----- Le 24 Oct 16, à 11:25, Martin Perina <mperina@redhat.com> a écrit :


On Mon, Oct 24, 2016 at 11:18 AM, Baptiste Agasse <baptiste.agasse@lyra-network.com> wrote:
Hi Ondra,

----- Le 24 Oct 16, à 10:36, Ondra Machacek omachace@redhat.com a écrit :

> On 10/21/2016 12:00 PM, Baptiste Agasse wrote:
>> Hi all,
>>
>> We use ovirt 4.0.4 with FreeIPA as external provider. The external provider was
>> configured via the 'ovirt-engine-extension-aaa-ldap-setup' command. The
>> authentication works fine, but in the webui, when you go on the 'Active User
>> Sessions', all users uuid is showed as '00000000-0000-0000-0000-000000000000'.
>> Other problem, maybe related, when a user create a VM, by default a permission
>> is created with the role of 'UserVmManager'. On the 'Permissions' pane, we see
>> a line with no value for User, Authorization provider, Namespace. The only
>> value set on this line is the role (UserVmManager in that case). When we try to
>> remove this line, an exception occurs in the webui that prevent deletion of
>> this line.
>
> I've never see such issue with FreeIPA. Can you please share what's
> your IPA version?
>
> Can you also please share the log of error which occurs, when you try
> to remove the permission?

We have multiple ovirt envs, all ovirt version are the same as described, but FreeIPA servers are in different versions on these envs. We have one env with FreeIPA on CentOS 6 (ipa-server-3.0.0-42.el6.centos.x86_64) and the other on FreeIPA on CentOS 7 (ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64). The both envs have the same problem. On our envs, the role mapping in oVirt is done on user groups and not on individual users.

For the permission problem, the problem only occurs when the VM is created via the user webui. Creating VM with API or admin webui is OK. When we try to remove the permission, an UI exception occurs and no logs on the engine.log side. I've attached screenshots and ui.log.

​Unfortunately by default UI code is obfuscated, so we cannot find exact issue. Could you please perform following steps and send us new ui.log?

1. Install UI debug packages
      yum install ovirt-engine-webadmin-portal-debuginfo ovirt-engine-userportal-debuginfo​


​2. Restart ovirt-engine
      systemctl restart ovirt-engine

3. Reproduce the error and share up-to-date ui.log with use


I've reproduced the error, see attached engine.log at VM creation time and the ui.log when trying to remove inconsistent permission.

Thanks.



Thanks

Martin Perina


>
>>
>> This behavior is verified on all our oVirt environments (oVirt 4.0.4 + FreeIPA)
>>
>> Someone hit the same problem ?
>>
>> Have a nice day.
>>
>> Regards.

Regards.

--
Baptiste AGASSE

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



--
Baptiste AGASSE