Hi all, I have enabled Active Directory authentication for the users in oVirt (via engine-manage-domains command using --provider=ad) and, although it works, it takes about ~50 sec’s to process a login. I have other OSS software that utilizes AD auth, and there is no such lag when processing logins, so I’m guessing it’s a problem with the oVirt implementation… Any way to debug why the auth process is taking so long? Will
On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis <wdennis@nec-labs.com> wrote:
Hi all,
I have enabled Active Directory authentication for the users in oVirt (via engine-manage-domains command using --provider=ad) and, although it works, it takes about ~50 sec’s to process a login. I have other OSS software that utilizes AD auth, and there is no such lag when processing logins, so I’m guessing it’s a problem with the oVirt implementation… Any way to debug why the auth process is taking so long?
This is an old, unmaintained component. You should use the new aaa-ldap one. Search the list archives for "aaa-ldap" and/or read the README file in the sources [1]. Best, [1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob...
Will _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Didi
On Mon, Mar 21, 2016 at 8:20 AM, Yedidyah Bar David <didi@redhat.com> wrote:
On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis <wdennis@nec-labs.com> wrote:
Hi all,
I have enabled Active Directory authentication for the users in oVirt (via engine-manage-domains command using --provider=ad) and, although it works, it takes about ~50 sec’s to process a login. I have other OSS software that utilizes AD auth, and there is no such lag when processing logins, so I’m guessing it’s a problem with the oVirt implementation… Any way to debug why the auth process is taking so long?
This is an old, unmaintained component. You should use the new aaa-ldap one. Search the list archives for "aaa-ldap" and/or read the README file in the sources [1]. Best,
[1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob...
You could also take a look at RHEV 3.6 Administration Guide, chapter 13 Users and Roles [2] where you can find detailed steps for common configurations. Martin Perina [2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
Will _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Didi _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
In the RHEV Admin Guide that Martin mentioned, it says: "Log in to the Administration Portal, and remove all users and groups related to the old profile. Users defined in the removed domain will no longer be able to authenticate with the Red Hat Enterprise Virtualization Manager. The entries for the affected users will remain defined in the Red Hat Enterprise Virtualization Manager until they are explicitly removed from the Administration Portal.” I have some VMs running under some AD domain users; if I remove the users from the system as above, will I need to remove them from the VM permissions, or is that cleaned up as well? And I guess I’ll need to manually re-add the perms back after the new directory config is in place? Please advise. Thanks, Will On Mar 21, 2016, at 4:29 AM, Martin Perina <mperina@redhat.com<mailto:mperina@redhat.com>> wrote: On Mon, Mar 21, 2016 at 8:20 AM, Yedidyah Bar David <didi@redhat.com<mailto:didi@redhat.com>> wrote: On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis <wdennis@nec-labs.com<mailto:wdennis@nec-labs.com>> wrote:
Hi all,
I have enabled Active Directory authentication for the users in oVirt (via engine-manage-domains command using --provider=ad) and, although it works, it takes about ~50 sec’s to process a login. I have other OSS software that utilizes AD auth, and there is no such lag when processing logins, so I’m guessing it’s a problem with the oVirt implementation… Any way to debug why the auth process is taking so long?
This is an old, unmaintained component. You should use the new aaa-ldap one. Search the list archives for "aaa-ldap" and/or read the README file in the sources [1]. Best, [1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob... You could also take a look at RHEV 3.6 Administration Guide, chapter 13 Users and Roles [2] where you can find detailed steps for common configurations. Martin Perina [2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
Will _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
-- Didi _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
Hi, if you remove user, then also permissions of that user to vms will be removed. And yes, you will have to add all those permissions back to users from new profile. But, you can try migration tool[1], to migrate all users to new AAA profile. If you have any problem with it, you can ask. Ondra [1] https://github.com/machacekondra/ovirt-engine-kerbldap-migration/blob/master... On 03/24/2016 01:06 PM, Will Dennis wrote:
In the RHEV Admin Guide that Martin mentioned, it says:
"Log in to the Administration Portal, and remove all users and groups related to the old profile. Users defined in the removed domain will no longer be able to authenticate with the Red Hat Enterprise Virtualization Manager. The entries for the affected users will remain defined in the Red Hat Enterprise Virtualization Manager until they are explicitly removed from the Administration Portal.”
I have some VMs running under some AD domain users; if I remove the users from the system as above, will I need to remove them from the VM permissions, or is that cleaned up as well? And I guess I’ll need to manually re-add the perms back after the new directory config is in place? Please advise.
Thanks, Will
On Mar 21, 2016, at 4:29 AM, Martin Perina <mperina@redhat.com<mailto:mperina@redhat.com>> wrote:
On Mon, Mar 21, 2016 at 8:20 AM, Yedidyah Bar David <didi@redhat.com<mailto:didi@redhat.com>> wrote: On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis <wdennis@nec-labs.com<mailto:wdennis@nec-labs.com>> wrote:
Hi all,
I have enabled Active Directory authentication for the users in oVirt (via engine-manage-domains command using --provider=ad) and, although it works, it takes about ~50 sec’s to process a login. I have other OSS software that utilizes AD auth, and there is no such lag when processing logins, so I’m guessing it’s a problem with the oVirt implementation… Any way to debug why the auth process is taking so long?
This is an old, unmaintained component. You should use the new aaa-ldap one. Search the list archives for "aaa-ldap" and/or read the README file in the sources [1]. Best,
[1] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob...
You could also take a look at RHEV 3.6 Administration Guide, chapter 13 Users and Roles [2] where you can find detailed steps for common configurations.
Martin Perina
[2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualizat...
Will _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
-- Didi _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (4)
-
Martin Perina -
Ondra Machacek -
Will Dennis -
Yedidyah Bar David