Re: [ovirt-users] Active Directory (LDAP) user auth is slow

--_000_0d09312977a3465882bf2a2bace95cb0exch24sluse_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 DQpEZW4gMjQgbWFycyAyMDE2IDEzOjQ5IHNrcmV2IE9uZHJhIE1hY2hhY2VrIDxvbWFjaGFjZUBy ZWRoYXQuY29tPjoNCj4NCj4gSGksDQo+DQo+IGlmIHlvdSByZW1vdmUgdXNlciwgdGhlbiBhbHNv IHBlcm1pc3Npb25zIG9mIHRoYXQgdXNlciB0byB2bXMgd2lsbCBiZQ0KPiByZW1vdmVkLg0KPiBB bmQgeWVzLCB5b3Ugd2lsbCBoYXZlIHRvIGFkZCBhbGwgdGhvc2UgcGVybWlzc2lvbnMgYmFjayB0 byB1c2VycyBmcm9tDQo+IG5ldyBwcm9maWxlLg0KPg0KPiBCdXQsIHlvdSBjYW4gdHJ5IG1pZ3Jh dGlvbiB0b29sWzFdLCB0byBtaWdyYXRlIGFsbCB1c2VycyB0byBuZXcgQUFBIHByb2ZpbGUuDQo+ IElmIHlvdSBoYXZlIGFueSBwcm9ibGVtIHdpdGggaXQsIHlvdSBjYW4gYXNrLg0KDQpFaG0sIGhv dyBkbyB5b3UgaW5zdGFsbCBpdD8gKGVsNikNCg0KL0sNCg0KPg0KPiBPbmRyYQ0KPg0KPiBbMV0N Cj4gaHR0cHM6Ly9naXRodWIuY29tL21hY2hhY2Vrb25kcmEvb3ZpcnQtZW5naW5lLWtlcmJsZGFw LW1pZ3JhdGlvbi9ibG9iL21hc3Rlci9SRUFETUUubWQNCj4NCj4gT24gMDMvMjQvMjAxNiAwMTow NiBQTSwgV2lsbCBEZW5uaXMgd3JvdGU6DQo+ID4gSW4gdGhlIFJIRVYgQWRtaW4gR3VpZGUgdGhh dCBNYXJ0aW4gbWVudGlvbmVkLCBpdCBzYXlzOg0KPiA+DQo+ID4gIkxvZyBpbiB0byB0aGUgQWRt aW5pc3RyYXRpb24gUG9ydGFsLCBhbmQgcmVtb3ZlIGFsbCB1c2VycyBhbmQgZ3JvdXBzIHJlbGF0 ZWQgdG8gdGhlIG9sZCBwcm9maWxlLiBVc2VycyBkZWZpbmVkIGluIHRoZSByZW1vdmVkIGRvbWFp biB3aWxsIG5vIGxvbmdlciBiZSBhYmxlIHRvIGF1dGhlbnRpY2F0ZSB3aXRoIHRoZSBSZWQgSGF0 IEVudGVycHJpc2UgVmlydHVhbGl6YXRpb24gTWFuYWdlci4gVGhlIGVudHJpZXMgZm9yIHRoZSBh ZmZlY3RlZCB1c2VycyB3aWxsIHJlbWFpbiBkZWZpbmVkIGluIHRoZSBSZWQgSGF0IEVudGVycHJp c2UgVmlydHVhbGl6YXRpb24gTWFuYWdlciB1bnRpbCB0aGV5IGFyZSBleHBsaWNpdGx5IHJlbW92 ZWQgZnJvbSB0aGUgQWRtaW5pc3RyYXRpb24gUG9ydGFsLuKAnQ0KPiA+DQo+ID4gSSBoYXZlIHNv bWUgVk1zIHJ1bm5pbmcgdW5kZXIgc29tZSBBRCBkb21haW4gdXNlcnM7IGlmIEkgcmVtb3ZlIHRo ZSB1c2VycyBmcm9tIHRoZSBzeXN0ZW0gYXMgYWJvdmUsIHdpbGwgSSBuZWVkIHRvIHJlbW92ZSB0 aGVtIGZyb20gdGhlIFZNIHBlcm1pc3Npb25zLCBvciBpcyB0aGF0IGNsZWFuZWQgdXAgYXMgd2Vs bD8gQW5kIEkgZ3Vlc3MgSeKAmWxsIG5lZWQgdG8gbWFudWFsbHkgcmUtYWRkIHRoZSBwZXJtcyBi YWNrIGFmdGVyIHRoZSBuZXcgZGlyZWN0b3J5IGNvbmZpZyBpcyBpbiBwbGFjZT8gUGxlYXNlIGFk dmlzZS4NCj4gPg0KPiA+IFRoYW5rcywNCj4gPiBXaWxsDQo+ID4NCj4gPiBPbiBNYXIgMjEsIDIw MTYsIGF0IDQ6MjkgQU0sIE1hcnRpbiBQZXJpbmEgPG1wZXJpbmFAcmVkaGF0LmNvbTxtYWlsdG86 bXBlcmluYUByZWRoYXQuY29tPj4gd3JvdGU6DQo+ID4NCj4gPg0KPiA+DQo+ID4gT24gTW9uLCBN YXIgMjEsIDIwMTYgYXQgODoyMCBBTSwgWWVkaWR5YWggQmFyIERhdmlkIDxkaWRpQHJlZGhhdC5j b208bWFpbHRvOmRpZGlAcmVkaGF0LmNvbT4+IHdyb3RlOg0KPiA+IE9uIE1vbiwgTWFyIDIxLCAy MDE2IGF0IDQ6NDcgQU0sIFdpbGwgRGVubmlzIDx3ZGVubmlzQG5lYy1sYWJzLmNvbTxtYWlsdG86 d2Rlbm5pc0BuZWMtbGFicy5jb20+PiB3cm90ZToNCj4gPj4gSGkgYWxsLA0KPiA+Pg0KPiA+PiBJ IGhhdmUgZW5hYmxlZCBBY3RpdmUgRGlyZWN0b3J5IGF1dGhlbnRpY2F0aW9uIGZvciB0aGUgdXNl cnMgaW4gb1ZpcnQgKHZpYSBlbmdpbmUtbWFuYWdlLWRvbWFpbnMgY29tbWFuZCB1c2luZyAtLXBy b3ZpZGVyPWFkKSBhbmQsIGFsdGhvdWdoIGl0IHdvcmtzLCBpdCB0YWtlcyBhYm91dCB+NTAgc2Vj 4oCZcyB0byBwcm9jZXNzIGEgbG9naW4uIEkgaGF2ZSBvdGhlciBPU1Mgc29mdHdhcmUgdGhhdCB1 dGlsaXplcyBBRCBhdXRoLCBhbmQgdGhlcmUgaXMgbm8gc3VjaCBsYWcgd2hlbiBwcm9jZXNzaW5n IGxvZ2lucywgc28gSeKAmW0gZ3Vlc3NpbmcgaXTigJlzIGEgcHJvYmxlbSB3aXRoIHRoZSBvVmly dCBpbXBsZW1lbnRhdGlvbuKApiBBbnkgd2F5IHRvIGRlYnVnIHdoeSB0aGUgYXV0aCBwcm9jZXNz IGlzIHRha2luZyBzbyBsb25nPw0KPiA+DQo+ID4gVGhpcyBpcyBhbiBvbGQsIHVubWFpbnRhaW5l ZCBjb21wb25lbnQuIFlvdSBzaG91bGQgdXNlIHRoZSBuZXcgYWFhLWxkYXAgb25lLg0KPiA+IFNl YXJjaCB0aGUgbGlzdCBhcmNoaXZlcyBmb3IgImFhYS1sZGFwIiBhbmQvb3IgcmVhZCB0aGUgUkVB RE1FIGZpbGUgaW4gdGhlDQo+ID4gc291cmNlcyBbMV0uIEJlc3QsDQo+ID4NCj4gPiBbMV0gaHR0 cHM6Ly9nZXJyaXQub3ZpcnQub3JnL2dpdHdlYj9wPW92aXJ0LWVuZ2luZS1leHRlbnNpb24tYWFh LWxkYXAuZ2l0O2E9YmxvYjtmPVJFQURNRQ0KPiA+DQo+ID4g4oCLWW91IGNvdWxkIGFsc28gdGFr ZSBhIGxvb2sgYXQgUkhFViAzLjYgQWRtaW5pc3RyYXRpb24gR3VpZGUsIGNoYXB0ZXIgMTMgVXNl cnMgYW5kIFJvbGVzIFsyXQ0KPiA+IHdoZXJlIHlvdSBjYW4gZmluZCBkZXRhaWxlZCBzdGVwcyBm b3IgY29tbW9uIGNvbmZpZ3VyYXRpb25zLg0KPiA+DQo+ID4gTWFydGluIFBlcmluYQ0KPiA+DQo+ ID4gWzJdIGh0dHBzOi8vYWNjZXNzLnJlZGhhdC5jb20vZG9jdW1lbnRhdGlvbi9lbi1VUy9SZWRf SGF0X0VudGVycHJpc2VfVmlydHVhbGl6YXRpb24vMy42L2h0bWwvQWRtaW5pc3RyYXRpb25fR3Vp ZGUvY2hhcC1Vc2Vyc19hbmRfUm9sZXMuaHRtbA0KPiA+IOKAiw0KPiA+DQo+ID4NCj4gPj4NCj4g Pj4gV2lsbA0KPiA+PiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXw0KPiA+PiBVc2VycyBtYWlsaW5nIGxpc3QNCj4gPj4gVXNlcnNAb3ZpcnQub3JnPG1haWx0 bzpVc2Vyc0BvdmlydC5vcmc+DQo+ID4+IGh0dHA6Ly9saXN0cy5vdmlydC5vcmcvbWFpbG1hbi9s aXN0aW5mby91c2Vycw0KPiA+DQo+ID4NCj4gPg0KPiA+IC0tDQo+ID4gRGlkaQ0KPiA+IF9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+ID4gVXNlcnMgbWFp bGluZyBsaXN0DQo+ID4gVXNlcnNAb3ZpcnQub3JnPG1haWx0bzpVc2Vyc0BvdmlydC5vcmc+DQo+ ID4gaHR0cDovL2xpc3RzLm92aXJ0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3VzZXJzDQo+ID4NCj4g Pg0KPiA+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+ ID4gVXNlcnMgbWFpbGluZyBsaXN0DQo+ID4gVXNlcnNAb3ZpcnQub3JnDQo+ID4gaHR0cDovL2xp c3RzLm92aXJ0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3VzZXJzDQo+ID4NCj4gX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gVXNlcnMgbWFpbGluZyBsaXN0 DQo+IFVzZXJzQG92aXJ0Lm9yZw0KPiBodHRwOi8vbGlzdHMub3ZpcnQub3JnL21haWxtYW4vbGlz dGluZm8vdXNlcnMNCg== --_000_0d09312977a3465882bf2a2bace95cb0exch24sluse_ Content-Type: text/html; charset="utf-8" Content-ID: <12358A6FAB67B045BC2134D23CE9A03D@ad.slu.se> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5Pg0KPHAgZGlyPSJsdHIi Pjxicj4NCkRlbiAyNCBtYXJzIDIwMTYgMTM6NDkgc2tyZXYgT25kcmEgTWFjaGFjZWsgJmx0O29t YWNoYWNlQHJlZGhhdC5jb20mZ3Q7Ojxicj4NCiZndDs8YnI+DQomZ3Q7IEhpLDxicj4NCiZndDs8 YnI+DQomZ3Q7IGlmIHlvdSByZW1vdmUgdXNlciwgdGhlbiBhbHNvIHBlcm1pc3Npb25zIG9mIHRo YXQgdXNlciB0byB2bXMgd2lsbCBiZSA8YnI+DQomZ3Q7IHJlbW92ZWQuPGJyPg0KJmd0OyBBbmQg eWVzLCB5b3Ugd2lsbCBoYXZlIHRvIGFkZCBhbGwgdGhvc2UgcGVybWlzc2lvbnMgYmFjayB0byB1 c2VycyBmcm9tIDxicj4NCiZndDsgbmV3IHByb2ZpbGUuPGJyPg0KJmd0Ozxicj4NCiZndDsgQnV0 LCB5b3UgY2FuIHRyeSBtaWdyYXRpb24gdG9vbFsxXSwgdG8gbWlncmF0ZSBhbGwgdXNlcnMgdG8g bmV3IEFBQSBwcm9maWxlLjxicj4NCiZndDsgSWYgeW91IGhhdmUgYW55IHByb2JsZW0gd2l0aCBp dCwgeW91IGNhbiBhc2suPC9wPg0KPHAgZGlyPSJsdHIiPkVobSwgaG93IGRvIHlvdSBpbnN0YWxs IGl0PyAoZWw2KTwvcD4NCjxwIGRpcj0ibHRyIj4vSzwvcD4NCjxwIGRpcj0ibHRyIj4mZ3Q7PGJy Pg0KJmd0OyBPbmRyYTxicj4NCiZndDs8YnI+DQomZ3Q7IFsxXSA8YnI+DQomZ3Q7IGh0dHBzOi8v Z2l0aHViLmNvbS9tYWNoYWNla29uZHJhL292aXJ0LWVuZ2luZS1rZXJibGRhcC1taWdyYXRpb24v YmxvYi9tYXN0ZXIvUkVBRE1FLm1kPGJyPg0KJmd0Ozxicj4NCiZndDsgT24gMDMvMjQvMjAxNiAw MTowNiBQTSwgV2lsbCBEZW5uaXMgd3JvdGU6PGJyPg0KJmd0OyAmZ3Q7IEluIHRoZSBSSEVWIEFk bWluIEd1aWRlIHRoYXQgTWFydGluIG1lbnRpb25lZCwgaXQgc2F5czo8YnI+DQomZ3Q7ICZndDs8 YnI+DQomZ3Q7ICZndDsgJnF1b3Q7TG9nIGluIHRvIHRoZSBBZG1pbmlzdHJhdGlvbiBQb3J0YWws IGFuZCByZW1vdmUgYWxsIHVzZXJzIGFuZCBncm91cHMgcmVsYXRlZCB0byB0aGUgb2xkIHByb2Zp bGUuIFVzZXJzIGRlZmluZWQgaW4gdGhlIHJlbW92ZWQgZG9tYWluIHdpbGwgbm8gbG9uZ2VyIGJl IGFibGUgdG8gYXV0aGVudGljYXRlIHdpdGggdGhlIFJlZCBIYXQgRW50ZXJwcmlzZSBWaXJ0dWFs aXphdGlvbiBNYW5hZ2VyLiBUaGUgZW50cmllcyBmb3IgdGhlIGFmZmVjdGVkDQogdXNlcnMgd2ls bCByZW1haW4gZGVmaW5lZCBpbiB0aGUgUmVkIEhhdCBFbnRlcnByaXNlIFZpcnR1YWxpemF0aW9u IE1hbmFnZXIgdW50aWwgdGhleSBhcmUgZXhwbGljaXRseSByZW1vdmVkIGZyb20gdGhlIEFkbWlu aXN0cmF0aW9uIFBvcnRhbC7igJ08YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgSSBoYXZl IHNvbWUgVk1zIHJ1bm5pbmcgdW5kZXIgc29tZSBBRCBkb21haW4gdXNlcnM7IGlmIEkgcmVtb3Zl IHRoZSB1c2VycyBmcm9tIHRoZSBzeXN0ZW0gYXMgYWJvdmUsIHdpbGwgSSBuZWVkIHRvIHJlbW92 ZSB0aGVtIGZyb20gdGhlIFZNIHBlcm1pc3Npb25zLCBvciBpcyB0aGF0IGNsZWFuZWQgdXAgYXMg d2VsbD8gQW5kIEkgZ3Vlc3MgSeKAmWxsIG5lZWQgdG8gbWFudWFsbHkgcmUtYWRkIHRoZSBwZXJt cyBiYWNrIGFmdGVyIHRoZSBuZXcNCiBkaXJlY3RvcnkgY29uZmlnIGlzIGluIHBsYWNlPyBQbGVh c2UgYWR2aXNlLjxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyBUaGFua3MsPGJyPg0KJmd0 OyAmZ3Q7IFdpbGw8YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgT24gTWFyIDIxLCAyMDE2 LCBhdCA0OjI5IEFNLCBNYXJ0aW4gUGVyaW5hICZsdDttcGVyaW5hQHJlZGhhdC5jb20mbHQ7bWFp bHRvOm1wZXJpbmFAcmVkaGF0LmNvbSZndDsmZ3Q7IHdyb3RlOjxicj4NCiZndDsgJmd0Ozxicj4N CiZndDsgJmd0Ozxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyBPbiBNb24sIE1hciAyMSwg MjAxNiBhdCA4OjIwIEFNLCBZZWRpZHlhaCBCYXIgRGF2aWQgJmx0O2RpZGlAcmVkaGF0LmNvbSZs dDttYWlsdG86ZGlkaUByZWRoYXQuY29tJmd0OyZndDsgd3JvdGU6PGJyPg0KJmd0OyAmZ3Q7IE9u IE1vbiwgTWFyIDIxLCAyMDE2IGF0IDQ6NDcgQU0sIFdpbGwgRGVubmlzICZsdDt3ZGVubmlzQG5l Yy1sYWJzLmNvbSZsdDttYWlsdG86d2Rlbm5pc0BuZWMtbGFicy5jb20mZ3Q7Jmd0OyB3cm90ZTo8 YnI+DQomZ3Q7ICZndDsmZ3Q7IEhpIGFsbCw8YnI+DQomZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAm Z3Q7Jmd0OyBJIGhhdmUgZW5hYmxlZCBBY3RpdmUgRGlyZWN0b3J5IGF1dGhlbnRpY2F0aW9uIGZv ciB0aGUgdXNlcnMgaW4gb1ZpcnQgKHZpYSBlbmdpbmUtbWFuYWdlLWRvbWFpbnMgY29tbWFuZCB1 c2luZyAtLXByb3ZpZGVyPWFkKSBhbmQsIGFsdGhvdWdoIGl0IHdvcmtzLCBpdCB0YWtlcyBhYm91 dCB+NTAgc2Vj4oCZcyB0byBwcm9jZXNzIGEgbG9naW4uIEkgaGF2ZSBvdGhlciBPU1Mgc29mdHdh cmUgdGhhdCB1dGlsaXplcyBBRCBhdXRoLCBhbmQgdGhlcmUNCiBpcyBubyBzdWNoIGxhZyB3aGVu IHByb2Nlc3NpbmcgbG9naW5zLCBzbyBJ4oCZbSBndWVzc2luZyBpdOKAmXMgYSBwcm9ibGVtIHdp dGggdGhlIG9WaXJ0IGltcGxlbWVudGF0aW9u4oCmIEFueSB3YXkgdG8gZGVidWcgd2h5IHRoZSBh dXRoIHByb2Nlc3MgaXMgdGFraW5nIHNvIGxvbmc/PGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAm Z3Q7IFRoaXMgaXMgYW4gb2xkLCB1bm1haW50YWluZWQgY29tcG9uZW50LiBZb3Ugc2hvdWxkIHVz ZSB0aGUgbmV3IGFhYS1sZGFwIG9uZS48YnI+DQomZ3Q7ICZndDsgU2VhcmNoIHRoZSBsaXN0IGFy Y2hpdmVzIGZvciAmcXVvdDthYWEtbGRhcCZxdW90OyBhbmQvb3IgcmVhZCB0aGUgUkVBRE1FIGZp bGUgaW4gdGhlPGJyPg0KJmd0OyAmZ3Q7IHNvdXJjZXMgWzFdLiBCZXN0LDxicj4NCiZndDsgJmd0 Ozxicj4NCiZndDsgJmd0OyBbMV0gaHR0cHM6Ly9nZXJyaXQub3ZpcnQub3JnL2dpdHdlYj9wPW92 aXJ0LWVuZ2luZS1leHRlbnNpb24tYWFhLWxkYXAuZ2l0O2E9YmxvYjtmPVJFQURNRTxicj4NCiZn dDsgJmd0Ozxicj4NCiZndDsgJmd0OyDigItZb3UgY291bGQgYWxzbyB0YWtlIGEgbG9vayBhdCBS SEVWIDMuNiBBZG1pbmlzdHJhdGlvbiBHdWlkZSwgY2hhcHRlciAxMyBVc2VycyBhbmQgUm9sZXMg WzJdPGJyPg0KJmd0OyAmZ3Q7IHdoZXJlIHlvdSBjYW4gZmluZCBkZXRhaWxlZCBzdGVwcyBmb3Ig Y29tbW9uIGNvbmZpZ3VyYXRpb25zLjxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyBNYXJ0 aW4gUGVyaW5hPGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7IFsyXSBodHRwczovL2FjY2Vz cy5yZWRoYXQuY29tL2RvY3VtZW50YXRpb24vZW4tVVMvUmVkX0hhdF9FbnRlcnByaXNlX1ZpcnR1 YWxpemF0aW9uLzMuNi9odG1sL0FkbWluaXN0cmF0aW9uX0d1aWRlL2NoYXAtVXNlcnNfYW5kX1Jv bGVzLmh0bWw8YnI+DQomZ3Q7ICZndDsg4oCLPGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7 PGJyPg0KJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyZndDsgV2lsbDxicj4NCiZndDsgJmd0 OyZndDsgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188YnI+ DQomZ3Q7ICZndDsmZ3Q7IFVzZXJzIG1haWxpbmcgbGlzdDxicj4NCiZndDsgJmd0OyZndDsgVXNl cnNAb3ZpcnQub3JnJmx0O21haWx0bzpVc2Vyc0BvdmlydC5vcmcmZ3Q7PGJyPg0KJmd0OyAmZ3Q7 Jmd0OyBodHRwOi8vbGlzdHMub3ZpcnQub3JnL21haWxtYW4vbGlzdGluZm8vdXNlcnM8YnI+DQom Z3Q7ICZndDs8YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgLS08 YnI+DQomZ3Q7ICZndDsgRGlkaTxicj4NCiZndDsgJmd0OyBfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCiZndDsgJmd0OyBVc2VycyBtYWlsaW5nIGxp c3Q8YnI+DQomZ3Q7ICZndDsgVXNlcnNAb3ZpcnQub3JnJmx0O21haWx0bzpVc2Vyc0BvdmlydC5v cmcmZ3Q7PGJyPg0KJmd0OyAmZ3Q7IGh0dHA6Ly9saXN0cy5vdmlydC5vcmcvbWFpbG1hbi9saXN0 aW5mby91c2Vyczxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyBf X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCiZndDsg Jmd0OyBVc2VycyBtYWlsaW5nIGxpc3Q8YnI+DQomZ3Q7ICZndDsgVXNlcnNAb3ZpcnQub3JnPGJy Pg0KJmd0OyAmZ3Q7IGh0dHA6Ly9saXN0cy5vdmlydC5vcmcvbWFpbG1hbi9saXN0aW5mby91c2Vy czxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX188YnI+DQomZ3Q7IFVzZXJzIG1haWxpbmcgbGlzdDxicj4NCiZndDsg VXNlcnNAb3ZpcnQub3JnPGJyPg0KJmd0OyBodHRwOi8vbGlzdHMub3ZpcnQub3JnL21haWxtYW4v bGlzdGluZm8vdXNlcnM8YnI+DQo8L3A+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_0d09312977a3465882bf2a2bace95cb0exch24sluse_--

On 03/24/2016 03:02 PM, Karli Sjöberg wrote:
Den 24 mars 2016 13:49 skrev Ondra Machacek <omachace@redhat.com>:
Hi,
if you remove user, then also permissions of that user to vms will be removed. And yes, you will have to add all those permissions back to users from new profile.
But, you can try migration tool[1], to migrate all users to new AAA
profile.
If you have any problem with it, you can ask.
Ehm, how do you install it? (el6)
yum install -y https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases/do...
/K
Ondra
[1]
https://github.com/machacekondra/ovirt-engine-kerbldap-migration/blob/master...
On 03/24/2016 01:06 PM, Will Dennis wrote:
In the RHEV Admin Guide that Martin mentioned, it says:
"Log in to the Administration Portal, and remove all users and
I have some VMs running under some AD domain users; if I remove the
users from the system as above, will I need to remove them from the VM
Thanks, Will
On Mar 21, 2016, at 4:29 AM, Martin Perina
<mperina@redhat.com<mailto:mperina@redhat.com>> wrote:
On Mon, Mar 21, 2016 at 8:20 AM, Yedidyah Bar David
<didi@redhat.com<mailto:didi@redhat.com>> wrote:
On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis <wdennis@nec-labs.com<mailto:wdennis@nec-labs.com>> wrote:
Hi all,
I have enabled Active Directory authentication for the users in oVirt (via engine-manage-domains command using --provider=ad) and, although it works, it takes about ~50 sec’s to process a login. I have other OSS software that utilizes AD auth, and there is no such lag when
groups related to the old profile. Users defined in the removed domain will no longer be able to authenticate with the Red Hat Enterprise Virtualization Manager. The entries for the affected users will remain defined in the Red Hat Enterprise Virtualization Manager until they are explicitly removed from the Administration Portal.” permissions, or is that cleaned up as well? And I guess I’ll need to manually re-add the perms back after the new directory config is in place? Please advise. processing logins, so I’m guessing it’s a problem with the oVirt implementation… Any way to debug why the auth process is taking so long?
This is an old, unmaintained component. You should use the new
aaa-ldap one.
Search the list archives for "aaa-ldap" and/or read the README file in the sources [1]. Best,
[1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob...
You could also take a look at RHEV 3.6 Administration Guide, chapter 13 Users and Roles [2] where you can find detailed steps for common configurations.
Martin Perina
[2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
Will _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
-- Didi _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

Sorry about the thread-breakage, OWA... ________________________________________ Från: Ondra Machacek <omachace@redhat.com> Skickat: den 24 mars 2016 15:08 Till: Karli Sjöberg Kopia: Martin Perina; Will Dennis; users Ämne: Re: [ovirt-users] Active Directory (LDAP) user auth is slow On 03/24/2016 03:02 PM, Karli Sjöberg wrote:
Den 24 mars 2016 13:49 skrev Ondra Machacek <omachace@redhat.com>:
Hi,
if you remove user, then also permissions of that user to vms will be removed. And yes, you will have to add all those permissions back to users from new profile.
But, you can try migration tool[1], to migrate all users to new AAA
profile.
If you have any problem with it, you can ask.
Ehm, how do you install it? (el6)
yum install -y https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases/do... That worked, plus the migration, but can´t log in since our domain is called like 'baz.foo.bar' but our users´s userPrincipalName are just 'user@foo.bar'. How do you configure that with aaa? /K
/K
Ondra
[1]
https://github.com/machacekondra/ovirt-engine-kerbldap-migration/blob/master...
On 03/24/2016 01:06 PM, Will Dennis wrote:
In the RHEV Admin Guide that Martin mentioned, it says:
"Log in to the Administration Portal, and remove all users and
I have some VMs running under some AD domain users; if I remove the
users from the system as above, will I need to remove them from the VM
Thanks, Will
On Mar 21, 2016, at 4:29 AM, Martin Perina
<mperina@redhat.com<mailto:mperina@redhat.com>> wrote:
On Mon, Mar 21, 2016 at 8:20 AM, Yedidyah Bar David
<didi@redhat.com<mailto:didi@redhat.com>> wrote:
On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis <wdennis@nec-labs.com<mailto:wdennis@nec-labs.com>> wrote:
Hi all,
I have enabled Active Directory authentication for the users in oVirt (via engine-manage-domains command using --provider=ad) and, although it works, it takes about ~50 sec’s to process a login. I have other OSS software that utilizes AD auth, and there is no such lag when
groups related to the old profile. Users defined in the removed domain will no longer be able to authenticate with the Red Hat Enterprise Virtualization Manager. The entries for the affected users will remain defined in the Red Hat Enterprise Virtualization Manager until they are explicitly removed from the Administration Portal.” permissions, or is that cleaned up as well? And I guess I’ll need to manually re-add the perms back after the new directory config is in place? Please advise. processing logins, so I’m guessing it’s a problem with the oVirt implementation… Any way to debug why the auth process is taking so long?
This is an old, unmaintained component. You should use the new
aaa-ldap one.
Search the list archives for "aaa-ldap" and/or read the README file in the sources [1]. Best,
[1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob...
You could also take a look at RHEV 3.6 Administration Guide, chapter 13 Users and Roles [2] where you can find detailed steps for common configurations.
Martin Perina
[2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
Will _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
-- Didi _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

No worries... I only had a few VMs to re-assign, so I did it manually... -----Original Message----- From: Karli Sjöberg [mailto:karli.sjoberg@slu.se] Sent: Thursday, March 24, 2016 11:13 AM To: Ondra Machacek Cc: Martin Perina; Will Dennis; users Subject: SV: [ovirt-users] Active Directory (LDAP) user auth is slow Sorry about the thread-breakage, OWA... ________________________________________ Från: Ondra Machacek <omachace@redhat.com> Skickat: den 24 mars 2016 15:08 Till: Karli Sjöberg Kopia: Martin Perina; Will Dennis; users Ämne: Re: [ovirt-users] Active Directory (LDAP) user auth is slow On 03/24/2016 03:02 PM, Karli Sjöberg wrote:
Den 24 mars 2016 13:49 skrev Ondra Machacek <omachace@redhat.com>:
Hi,
if you remove user, then also permissions of that user to vms will
And yes, you will have to add all those permissions back to users from > new profile.
But, you can try migration tool[1], to migrate all users to new AAA
be > removed. profile.
If you have any problem with it, you can ask.
Ehm, how do you install it? (el6)
yum install -y https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases/do... That worked, plus the migration, but can´t log in since our domain is called like 'baz.foo.bar' but our users´s userPrincipalName are just 'user@foo.bar'. How do you configure that with aaa? /K
/K
Ondra
[1]
https://github.com/machacekondra/ovirt-engine-kerbldap-migration/blob/ master/README.md
On 03/24/2016 01:06 PM, Will Dennis wrote:
In the RHEV Admin Guide that Martin mentioned, it says:
"Log in to the Administration Portal, and remove all users and
I have some VMs running under some AD domain users; if I remove
groups related to the old profile. Users defined in the removed domain will no longer be able to authenticate with the Red Hat Enterprise Virtualization Manager. The entries for the affected users will remain defined in the Red Hat Enterprise Virtualization Manager until they are explicitly removed from the Administration Portal.” the users from the system as above, will I need to remove them from the VM permissions, or is that cleaned up as well? And I guess I’ll need to manually re-add the perms back after the new directory config is in place? Please advise.
Thanks, Will
On Mar 21, 2016, at 4:29 AM, Martin Perina
<mperina@redhat.com<mailto:mperina@redhat.com>> wrote:
On Mon, Mar 21, 2016 at 8:20 AM, Yedidyah Bar David
<didi@redhat.com<mailto:didi@redhat.com>> wrote:
On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis <wdennis@nec-labs.com<mailto:wdennis@nec-labs.com>> wrote:
Hi all,
I have enabled Active Directory authentication for the users in oVirt (via engine-manage-domains command using --provider=ad) and, although it works, it takes about ~50 sec’s to process a login. I have other OSS software that utilizes AD auth, and there is no such lag when processing logins, so I’m guessing it’s a problem with the oVirt implementation… Any way to debug why the auth process is taking so long?
This is an old, unmaintained component. You should use the new aaa-ldap one. Search the list archives for "aaa-ldap" and/or read the README file in the > > sources [1]. Best, > > > > [1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git; a=blob;f=README
You could also take a look at RHEV 3.6 Administration Guide, chapter 13 Users and Roles [2] > > where you can find detailed steps for common configurations.
Martin Perina
[2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtu alization/3.6/html/Administration_Guide/chap-Users_and_Roles.html
Will _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
-- Didi _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (3)
-
Karli Sjöberg
-
Ondra Machacek
-
Will Dennis