On Mon, Oct 24, 2016 at 11:18 AM, Baptiste Agasse <
baptiste.agasse(a)lyra-network.com> wrote:
Hi Ondra,
----- Le 24 Oct 16, à 10:36, Ondra Machacek omachace(a)redhat.com a écrit :
> On 10/21/2016 12:00 PM, Baptiste Agasse wrote:
>> Hi all,
>>
>> We use ovirt 4.0.4 with FreeIPA as external provider. The external
provider was
>> configured via the 'ovirt-engine-extension-aaa-ldap-setup' command. The
>> authentication works fine, but in the webui, when you go on the 'Active
User
>> Sessions', all users uuid is showed as '00000000-0000-0000-0000-
000000000000'.
>> Other problem, maybe related, when a user create a VM, by default a
permission
>> is created with the role of 'UserVmManager'. On the
'Permissions' pane,
we see
>> a line with no value for User, Authorization provider, Namespace. The
only
>> value set on this line is the role (UserVmManager in that case). When
we try to
>> remove this line, an exception occurs in the webui that prevent
deletion of
>> this line.
>
> I've never see such issue with FreeIPA. Can you please share what's
> your IPA version?
>
> Can you also please share the log of error which occurs, when you try
> to remove the permission?
We have multiple ovirt envs, all ovirt version are the same as described,
but FreeIPA servers are in different versions on these envs. We have one
env with FreeIPA on CentOS 6 (ipa-server-3.0.0-42.el6.centos.x86_64) and
the other on FreeIPA on CentOS 7 (ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64).
The both envs have the same problem. On our envs, the role mapping in oVirt
is done on user groups and not on individual users.
For the permission problem, the problem only occurs when the VM is created
via the user webui. Creating VM with API or admin webui is OK. When we try
to remove the permission, an UI exception occurs and no logs on the
engine.log side. I've attached screenshots and ui.log.
Unfortunately by default UI code is obfuscated, so we cannot find exact
issue. Could you please perform following steps and send us new ui.log?
1. Install UI debug packages
yum install ovirt-engine-webadmin-portal-debuginfo
ovirt-engine-userportal-debuginfo
2. Restart ovirt-engine
systemctl restart ovirt-engine
3. Reproduce the error and share up-to-date ui.log with use
If needed more info about UI logs can be found at
http://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscat...
Thanks
Martin Perina
>
>>
>> This behavior is verified on all our oVirt environments (oVirt 4.0.4 +
FreeIPA)
>>
>> Someone hit the same problem ?
>>
>> Have a nice day.
>>
>> Regards.
Regards.
--
Baptiste AGASSE
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users