Cannot add new users via api after AAA migration
Hi! A little background: https://www.mail-archive.com/users@ovirt.org/msg31815.html Trying to add new user from webadmin gives: 2016-04-18 12:19:14,448 INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand] (default task-10) [53227bd6] Running command: AddUserCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group MANIPULATE_USERS with role type ADMIN 2016-04-18 12:19:14,466 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-10) [53227bd6] Correlation ID: 53227bd6, Call Stack: null, Custom Event ID: -1, Message: User 'Firstname.Lastname@foo.bar' was added successfully to the system. The user is then found as 'Firstname.Lastname@foo.bar@baz.foo.bar' under Users tab. Also possible to find user with api: https://engine-address.foo.bar/ovirt-engine/api/users?search=Firstname ... <user_name>Firstname.Lastname@foo.bar@baz.foo.bar</user_name> ... But removing the user and trying to add it again with e.g. Python fails: status: 404 reason: Not Found detail: Entity not found: ADUSER@baz.foo.bar:: username=Firstname.Lastname@foo.bar The code, previously working with the now deprecated engine-manage- domains, except PRINCIPAL_NAME was just SAM_ACCOUNT_NAME without SUFFIX: DOMAIN_NAME = 'baz.foo.bar' SUFFIX = '@foo.bar' try: domain = api.domains.get(name='%s' % (DOMAIN_NAME)) userparams = params.User() userparams.set_user_name('%s%s' % (PRINCIPAL_NAME,SUFFIX)) userparams.set_domain(domain) api.users.add(userparams) except Exception as e: print e Also tried with SUFFIX = '@foo.bar@baz.foo.bar', as that´s what the user is called after creation, fails as well. Am I "holding it wrong" or is this a bug? /K
On 04/18/2016 12:37 PM, Karli Sjöberg wrote:
Hi!
A little background: https://www.mail-archive.com/users@ovirt.org/msg31815.html
Trying to add new user from webadmin gives: 2016-04-18 12:19:14,448 INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand] (default task-10) [53227bd6] Running command: AddUserCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group MANIPULATE_USERS with role type ADMIN 2016-04-18 12:19:14,466 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-10) [53227bd6] Correlation ID: 53227bd6, Call Stack: null, Custom Event ID: -1, Message: User 'Firstname.Lastname@foo.bar' was added successfully to the system.
The user is then found as 'Firstname.Lastname@foo.bar@baz.foo.bar' under Users tab. Also possible to find user with api: https://engine-address.foo.bar/ovirt-engine/api/users?search=Firstname ... <user_name>Firstname.Lastname@foo.bar@baz.foo.bar</user_name> ...
But removing the user and trying to add it again with e.g. Python fails:
status: 404 reason: Not Found detail: Entity not found: ADUSER@baz.foo.bar:: username=Firstname.Lastname@foo.bar
The code, previously working with the now deprecated engine-manage- domains, except PRINCIPAL_NAME was just SAM_ACCOUNT_NAME without SUFFIX:
DOMAIN_NAME = 'baz.foo.bar' SUFFIX = '@foo.bar'
try: domain = api.domains.get(name='%s' % (DOMAIN_NAME)) userparams = params.User() userparams.set_user_name('%s%s' % (PRINCIPAL_NAME,SUFFIX)) userparams.set_domain(domain)
Please set ^ here also: userparams.set_principal('%s%s' % (PRINCIPAL_NAME,SUFFIX)) in principal you should set proper UPN of user.
api.users.add(userparams) except Exception as e: print e
Also tried with SUFFIX = '@foo.bar@baz.foo.bar', as that´s what the user is called after creation, fails as well.
Am I "holding it wrong" or is this a bug?
/K _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On Mon, 2016-04-18 at 15:53 +0200, Ondra Machacek wrote:
On 04/18/2016 12:37 PM, Karli Sjöberg wrote:
Hi!
A little background: https://www.mail-archive.com/users@ovirt.org/msg31815.html
Trying to add new user from webadmin gives: 2016-04-18 12:19:14,448 INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand] (default task- 10) [53227bd6] Running command: AddUserCommand internal: false. Entities affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group MANIPULATE_USERS with role type ADMIN 2016-04-18 12:19:14,466 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLog Director] (default task-10) [53227bd6] Correlation ID: 53227bd6, Call Stack: null, Custom Event ID: -1, Message: User 'Firstname.Las tname@foo.bar' was added successfully to the system.
The user is then found as 'Firstname.Lastname@foo.bar@baz.foo.bar' under Users tab. Also possible to find user with api: https://engine-address.foo.bar/ovirt-engine/api/users?search=Firstn ame ... <user_name>Firstname.Lastname@foo.bar@baz.foo.bar</user_name> ...
But removing the user and trying to add it again with e.g. Python fails:
status: 404 reason: Not Found detail: Entity not found: ADUSER@baz.foo.bar:: username=Firstname.L astname@foo.bar
The code, previously working with the now deprecated engine-manage- domains, except PRINCIPAL_NAME was just SAM_ACCOUNT_NAME without SUFFIX:
DOMAIN_NAME = 'baz.foo.bar' SUFFIX = '@foo.bar'
try: domain = api.domains.get(name='%s' % (DOMAIN_NAME)) userparams = params.User() userparams.set_user_name('%s%s' % (PRINCIPAL_NAME,SUFFIX)) userparams.set_domain(domain)
Please set ^ here also:
userparams.set_principal('%s%s' % (PRINCIPAL_NAME,SUFFIX))
in principal you should set proper UPN of user.
Yeah, that was the ticket. Thanks! /K
api.users.add(userparams) except Exception as e: print e
Also tried with SUFFIX = '@foo.bar@baz.foo.bar', as that´s what the user is called after creation, fails as well.
Am I "holding it wrong" or is this a bug?
/K _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (2)
-
Karli Sjöberg -
Ondra Machacek