Hi Juan,
On Sat, Nov 23, 2013 at 3:03 PM, Juan Hernandez <jhernand(a)redhat.com> wrote:
Did you change it while the server was running? If so during stop
the
server will probably overwrite the file. Try to change it after stopping
the server:
Yes, it was absolutely because the server was running and was writing out
its configuration upon being stopped.
In fact modifying the file is not good practice, you may prefer to do it
using LDAP:
I guess this method would not have suffered from the clobbered config file
:D. Thanks for the additional tip, I'm quite new to LDAP.
I have just tested this in my local environment and with minssf=1 it
works correctly, including the ability to search for users in the LDAP
directory from the administration GUI and using those users to log in to
both the administration GUI and to the user portal.
I can definitely now confirm that changing minssf to 1 worked around the
issue.
However, I'm faced with either an issue or a misunderstanding of how things
work in oVirt. I was able to add a couple of users to IPA (user A and user
B) and then import them with UserRole into oVirt. What is puzzling is that
both are able to see(!!) and power on/off(!!!!!) all the machines which
were created by and for user admin@internal. Some of these machines are
based on the Blank template and some on a different template (if that
matters). Thankfully, at least the new users are unable to attach to the
console of those machines.
When I created a new virtual machine and in the permissions added user A as
UserRole, user A now has access to the console of that VM. However, what
was again puzzling is that user B can see and power on/off the new virtual
machine, but at least cannot attach to the console (consistent with my
previous findings).
I would have thought that users would "see" and be able to power on/off
only their own VMs, and something tells me that this is the way it was
intended. So what do you think is broken in my test rig?
Thank you very much!
iordan
--
The conscious mind has only one thread of execution.