oVirt 3.6 Migrated from Legacy AD Authentication - Previously Used AD Users Can't Log In
--_000_04BADA2BE93C4A10A146D05F3F04B4E4ingramcontentcom_ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 SSBoYXZlIGJlZW4gdXBkYXRpbmcgb3VyIG9WaXJ0IDMuNiAoMy42LjcuNS0xKSBlbnZpcm9ubWVu dCBpbiBwcmVwYXJhdGlvbiBmb3IgdXBncmFkaW5nIHRvIG9WaXJ0IDQuDQoNCldlIGhhZCBiZWVu IHVzaW5nIHRoZSBsZWdhY3kgQUQgY29ubmVjdGlvbiAodmlhIGVuZ2luZS1tYW5hZ2UtZG9tYWlu cyksIGFuZCBzaW5jZSB0aGF04oCZcyBubyBsb25nZXIgYXZhaWxhYmxlIGluIG9WaXJ0IDQsIHRo aXMgd2FzIGEgcHJpb3J0eS4gKEkgcHV0IHRoaXMgb2ZmIGFzIGxvbmcgYXMgSSBjb3VsZCDigJMg SSBmb3VuZCB0aGUgbmV3IG1ldGhvZCBhIHN0ZXAgYmFjayBpbiBlYXNlIG9mIHVzZS4pDQoNClNv IGZvbGxvd2luZyB0aGUgZG9jdW1lbnRhdGlvbiBJIHNldHVwIOKAmG92aXJ0LWVuZ2luZS1leHRl bnNpb24tYWFhLWxkYXDigJksIGNvbm5lY3RpbmcgdG8gdGhlIHNhbWUgQWN0aXZlIERpcmVjdG9y eSBmb3Jlc3QuIEl0IHNlZW1lZCB0byB3b3JrOyBJIHdhcyBhYmxlIHRvIGxvb2sgdXAgdXNlcnMu IEJ1dCBub25lIG9mIHRoZSBleGlzdGluZyBBRCB1c2VycyB0aGF0IHdlIGhhZCBiZWVuIHVzaW5n IGluIG9WaXJ0IHdlcmUgYWJsZSB0byBsb2cgaW4gdG8gdGhlIGFkbWluIG9yIHVzZXIgcG9ydGFs LCB1c2luZyB0aGUgbmV3IGV4dGVuc2lvbi4gVGhlIGVycm9yIGlzIOKAnEdlbmVyYWwgY29tbWFu ZCB2YWxpZGF0aW9uIGZhaWx1cmUu4oCdLiAoV2hlcmVhcyBpZiB5b3UgZW50ZXIgYSB3cm9uZyBw YXNzd29yZCwgeW91IGdldCB0aGUgZXhwZWN0ZWQgd3JvbmcgcGFzc3dvcmQgZXJyb3IuKSAgSGVy ZeKAmXMgd2hhdCAvdmFyL2xvZy9vdmlydC1lbmdpbmUvZW5naW5lLmxvZyBzaG93cyBmb3Ig4oCc bXl1c2Vy4oCdOg0Ke0V4dGtleVtuYW1lPUVYVEVOU0lPTl9JTlZPS0VfQ09OVEVYVDt0eXBlPWNs YXNzIG9yZy5vdmlydC5lbmdpbmUuYXBpLmV4dGVuc2lvbnMuRXh0TWFwO3V1aWQ9RVhURU5TSU9O X0lOVk9LRV9DT05URVhUWzg4NmQyZWJiLTMxMmEtNDlhZS05Y2MzLWUxZjg0OTgzNGI3ZF07XT17 RXh0a2V5W25hbWU9RVhURU5TSU9OX0lOVEVSRkFDRV9WRVJTSU9OX01BWDt0eXBlPWNsYXNzIGph dmEubGFuZy5JbnRlZ2VyO3V1aWQ9RVhURU5TSU9OX0lOVEVSRkFDRV9WRVJTSU9OX01BWFtmNGNm ZjQ5Zi0yNzE3LTQ5MDEtOGVlOS1kZjM2MjQ0NmUzZTddO109MCwgRXh0a2V5W25hbWU9RVhURU5T SU9OX0xJQ0VOU0U7dHlwZT1jbGFzcyBqYXZhLmxhbmcuU3RyaW5nO3V1aWQ9RVhURU5TSU9OX0xJ Q0VOU0VbOGE2MWFkNjUtMDU0Yy00ZTMxLTljNmQtMWNhNGQ2MGE0YzE4XTtdPUFTTCAyLjAsIEV4 dGtleVtuYW1lPUVYVEVOU0lPTl9OT1RFUzt0eXBlPWNsYXNzIGphdmEubGFuZy5TdHJpbmc7dXVp ZD1FWFRFTlNJT05fTk9URVNbMmRhNWFkN2UtMTg1YS00NTg0LWFhZmYtOTdmNjY5NzhlNGVhXTtd PURpc3BsYXkgbmFtZTogb3ZpcnQtZW5naW5lLWV4dGVuc2lvbi1hYWEtbGRhcC0xLjEuNC0xLmVs NywgRXh0a2V5W25hbWU9RVhURU5TSU9OX0hPTUVfVVJMO3R5cGU9Y2xhc3MgamF2YS5sYW5nLlN0 cmluZzt1dWlkPUVYVEVOU0lPTl9IT01FX1VSTFs0YWQ3YTJmNC1mOTY5LTQyZDQtYjM5OS03MmQx OTJlMTgzMDRdO109aHR0cDovL3d3dy5vdmlydC5vcmcsIEV4dGtleVtuYW1lPUVYVEVOU0lPTl9M T0NBTEU7dHlwZT1jbGFzcyBqYXZhLmxhbmcuU3RyaW5nO3V1aWQ9RVhURU5TSU9OX0xPQ0FMRVsw NzgwYjExMi0wY2UwLTQwNGEtYjg1ZS04NzY1ZDc3OGJiMjldO109ZW5fVVMsIEV4dGtleVtuYW1l PUVYVEVOU0lPTl9OQU1FO3R5cGU9Y2xhc3MgamF2YS5sYW5nLlN0cmluZzt1dWlkPUVYVEVOU0lP Tl9OQU1FWzY1MTM4MWQzLWY1NGYtNDU0Ny1iZjI4LWIwYjAxYTEwMzE4NF07XT1vdmlydC1lbmdp bmUtZXh0ZW5zaW9uLWFhYS1sZGFwLmF1dGh6LCBFeHRrZXlbbmFtZT1FWFRFTlNJT05fSU5URVJG QUNFX1ZFUlNJT05fTUlOO3R5cGU9Y2xhc3MgamF2YS5sYW5nLkludGVnZXI7dXVpZD1FWFRFTlNJ T05fSU5URVJGQUNFX1ZFUlNJT05fTUlOWzJiODRmYzkxLTMwNWItNDk3Yi1hMWQ3LWQ5NjFiOWQy Y2UwYl07XT0wLCBFeHRrZXlbbmFtZT1FWFRFTlNJT05fQ09ORklHVVJBVElPTjt0eXBlPWNsYXNz IGphdmEudXRpbC5Qcm9wZXJ0aWVzO3V1aWQ9RVhURU5TSU9OX0NPTkZJR1VSQVRJT05bMmQ0OGFi NzItZjBhMS00MzEyLWI0YWUtNTA2OGEyMjZiMGZjXTtdPSoqKiwgRXh0a2V5W25hbWU9RVhURU5T SU9OX0FVVEhPUjt0eXBlPWNsYXNzIGphdmEubGFuZy5TdHJpbmc7dXVpZD1FWFRFTlNJT05fQVVU SE9SW2VmMjQyZjdhLTJkYWQtNGJjNS05YWFkLWUwNzAxOGI3ZmJjY107XT1UaGUgb1ZpcnQgUHJv amVjdCwgRXh0a2V5W25hbWU9QUFBX0FVVEhaX1FVRVJZX01BWF9GSUxURVJfU0laRTt0eXBlPWNs YXNzIGphdmEubGFuZy5JbnRlZ2VyO3V1aWQ9QUFBX0FVVEhaX1FVRVJZX01BWF9GSUxURVJfU0la RVsyZWIxZjU0MS0wZjY1LTQ0YTEtYTZlMy0wMTRlMjQ3NTk1ZjVdO109NTAsIEV4dGtleVtuYW1l PUVYVEVOU0lPTl9JTlNUQU5DRV9OQU1FO3R5cGU9Y2xhc3MgamF2YS5sYW5nLlN0cmluZzt1dWlk PUVYVEVOU0lPTl9JTlNUQU5DRV9OQU1FWzY1YzY3ZmY2LWFlY2EtNGJkNS1hMjQ1LTg2NzQzMjdm MDExYl07XT1pbmdyYW1jb250ZW50LmNvbSwgRXh0a2V5W25hbWU9RVhURU5TSU9OX0JVSUxEX0lO VEVSRkFDRV9WRVJTSU9OO3R5cGU9Y2xhc3MgamF2YS5sYW5nLkludGVnZXI7dXVpZD1FWFRFTlNJ T05fQlVJTERfSU5URVJGQUNFX1ZFUlNJT05bY2I0NzllNWEtNGIyMy00NmY4LWFlZDMtNTZhNDc0 N2E4YWI3XTtdPTAsIEV4dGtleVtuYW1lPUVYVEVOU0lPTl9DT05GSUdVUkFUSU9OX1NFTlNJVElW RV9LRVlTO3R5cGU9aW50ZXJmYWNlIGphdmEudXRpbC5Db2xsZWN0aW9uO3V1aWQ9RVhURU5TSU9O X0NPTkZJR1VSQVRJT05fU0VOU0lUSVZFX0tFWVNbYTQ1NmVmYTEtNzNmZi00MjA0LTlmOWItZWJm ZjAxZTM1MjYzXTtdPVtdLCBFeHRrZXlbbmFtZT1FWFRFTlNJT05fR0xPQkFMX0NPTlRFWFQ7dHlw ZT1jbGFzcyBvcmcub3ZpcnQuZW5naW5lLmFwaS5leHRlbnNpb25zLkV4dE1hcDt1dWlkPUVYVEVO U0lPTl9HTE9CQUxfQ09OVEVYVFs5Nzk5ZTcyZi03YWY2LTRjZjEtYmYwOC0yOTdiYzg5MDM2NzZd O109KnNraXAqLCBFeHRrZXlbbmFtZT1FWFRFTlNJT05fVkVSU0lPTjt0eXBlPWNsYXNzIGphdmEu bGFuZy5TdHJpbmc7dXVpZD1FWFRFTlNJT05fVkVSU0lPTltmZTM1ZjZhOC04MjM5LTRiZGItYWIx YS1hZjlmNzc5Y2U2OGNdO109MS4xLjQsIEV4dGtleVtuYW1lPUFBQV9BVVRIWl9BVkFJTEFCTEVf TkFNRVNQQUNFUzt0eXBlPWludGVyZmFjZSBqYXZhLnV0aWwuQ29sbGVjdGlvbjt1dWlkPUFBQV9B VVRIWl9BVkFJTEFCTEVfTkFNRVNQQUNFU1s2ZGZmYTM0Yy05NTVmLTQ4NmEtYmQzNS0wYTI3MmI0 NWE3MTFdO109W0RDPWluZ3JhbWNvbnRlbnQsREM9Y29tXSwgRXh0a2V5W25hbWU9RVhURU5TSU9O X01BTkFHRVJfVFJBQ0VfTE9HO3R5cGU9aW50ZXJmYWNlIG9yZy5zbGY0ai5Mb2dnZXI7dXVpZD1F WFRFTlNJT05fTUFOQUdFUl9UUkFDRV9MT0dbODYzZGI2NjYtM2VhNy00NzUxLTk2OTUtOTE4YTMx OTdhZDgzXTtdPW9yZy5zbGY0ai5pbXBsLlNsZjRqTG9nZ2VyKG9yZy5vdmlydC5lbmdpbmUuY29y ZS5leHRlbnNpb25zLm1nci5FeHRlbnNpb25zTWFuYWdlci50cmFjZS5vdmlydC1lbmdpbmUtZXh0 ZW5zaW9uLWFhYS1sZGFwLmF1dGh6LmluZ3JhbWNvbnRlbnQuY29tKSwgRXh0a2V5W25hbWU9RVhU RU5TSU9OX1BST1ZJREVTO3R5cGU9aW50ZXJmYWNlIGphdmEudXRpbC5Db2xsZWN0aW9uO3V1aWQ9 RVhURU5TSU9OX1BST1ZJREVTWzhjZjM3M2E2LTY1YjUtNDU5NC1iODI4LTBlMjc1MDg3ZGU5MV07 XT1bb3JnLm92aXJ0LmVuZ2luZS5hcGkuZXh0ZW5zaW9ucy5hYWEuQXV0aHpdLCBFeHRrZXlbbmFt ZT1FWFRFTlNJT05fQ09ORklHVVJBVElPTl9GSUxFO3R5cGU9Y2xhc3MgamF2YS5sYW5nLlN0cmlu Zzt1dWlkPUVYVEVOU0lPTl9DT05GSUdVUkFUSU9OX0ZJTEVbNGZiMGZmZDMtOTgzYy00ZjNmLTk4 ZmYtOTY2MGJkNjdhZjZhXTtdPS9ldGMvb3ZpcnQtZW5naW5lL2V4dGVuc2lvbnMuZC9JTkdSQU1D T05URU5ULkNPTS5wcm9wZXJ0aWVzfSwgRXh0a2V5W25hbWU9QUFBX0FVVEhaX1FVRVJZX0ZMQUdT O3R5cGU9Y2xhc3MgamF2YS5sYW5nLkludGVnZXI7dXVpZD1BQUFfQVVUSFpfUVVFUllfRkxBR1Nb OTdkMjI2ZTktOGQ4Ny00OWEwLTlhN2YtYWY2ODkzMjA5MDdiXTtdPTMsIEV4dGtleVtuYW1lPUFB QV9BVVRIWl9QUklOQ0lQQUw7dHlwZT1jbGFzcyBqYXZhLmxhbmcuU3RyaW5nO3V1aWQ9QUFBX0FV VEhaX1BSSU5DSVBBTFthM2MxZDVjYS1mMWVhLTEzMWMtODZhZS1hMWVjYmNhZGQ2YjddO109bXl1 c2VyQGluZ3JhbWNvbnRlbnQuY29tLCBFeHRrZXlbbmFtZT1FWFRFTlNJT05fSU5WT0tFX0NPTU1B TkQ7dHlwZT1jbGFzcyBvcmcub3ZpcnQuZW5naW5lLmFwaS5leHRlbnNpb25zLkV4dFVVSUQ7dXVp ZD1FWFRFTlNJT05fSU5WT0tFX0NPTU1BTkRbNDg1Nzc4YWItYmVkZS00ZjFhLWI4MjMtNzdiMjYy YTJmMjhkXTtdPUFBQV9BVVRIWl9GRVRDSF9QUklOQ0lQQUxfUkVDT1JEWzVhNWJmOWJiLTkzMzYt NDM3Ni1hODIzLTI2ZWZlMWJhMjZkZl0sIEV4dGtleVtuYW1lPUFBQV9BVVRITl9BVVRIX1JFQ09S RDt0eXBlPWNsYXNzIG9yZy5vdmlydC5lbmdpbmUuYXBpLmV4dGVuc2lvbnMuRXh0TWFwO3V1aWQ9 QUFBX0FVVEhOX0FVVEhfUkVDT1JEW2U5NDYyMTY4LWI1M2ItNDRhYy05YWY1LWYyNWUxNjk3MTcz ZV07XT17RXh0a2V5W25hbWU9QUFBX0FVVEhOX0FVVEhfUkVDT1JEX1BSSU5DSVBBTDt0eXBlPWNs YXNzIGphdmEubGFuZy5TdHJpbmc7dXVpZD1BQUFfQVVUSE5fQVVUSF9SRUNPUkRfUFJJTkNJUEFM W2MzNDk4ZjA3LTExZmUtNDY0Yy05NThjLThiZDc0OTBiMTE5YV07XT1teXVzZXJAaW5ncmFtY29u dGVudC5jb219fQ0Ke0V4dGtleVtuYW1lPUVYVEVOU0lPTl9JTlZPS0VfUkVTVUxUO3R5cGU9Y2xh c3MgamF2YS5sYW5nLkludGVnZXI7dXVpZD1FWFRFTlNJT05fSU5WT0tFX1JFU1VMVFswOTA5ZDkx ZC04YmRlLTQwZmItYjZjMC0wOTljNzcyZGRkNGVdO109MiwgRXh0a2V5W25hbWU9RVhURU5TSU9O X0lOVk9LRV9NRVNTQUdFO3R5cGU9Y2xhc3MgamF2YS5sYW5nLlN0cmluZzt1dWlkPUVYVEVOU0lP Tl9JTlZPS0VfTUVTU0FHRVtiN2IwNTNkZS1kYzczLTRiZjctOWQyNi1iOGJkYjcyZjU4OTNdO109 Q2Fubm90IHJlc29sdmUgcHJpbmNpcGFsICdteXVzZXJAaW5ncmFtY29udGVudC5jb20nfQ0KDQpJ IGxvZ2dlZCBpbiB3aXRoIHRoZSBsb2NhbCDigJhhZG1pbuKAmSBhY2NvdW50IGFuZCBhZGRlZCBz b21lIGFkZGl0aW9uYWwgdXNlcnMgZnJvbSBBRC4gVGhlbiBJIGZvdW5kIHRoYXQgdGhvc2UgbmV3 bHkgYWRkZWQgdXNlcnMgKmNvdWxkKiBsb2cgaW4ganVzdCBmaW5lLiBJdOKAmXMgb25seSBhIHBy b2JsZW0gd2l0aCB1c2VycyB0aGF0IHdlIGhhZCBwcmV2aW91c2x5IGFkZGVkIHdoZW4gdGhlIGxl Z2FjeQ0KTERBUCBwcm92aWRlciB3YXMgdXNlZC4gSeKAmXZlIHRyaWVkIHJlbW92aW5nIGFuZCBy ZS1hZGRpbmcgdGhvc2UgZXhpc3RpbmcgdXNlcnMsIGJ1dCB0aGF0IGRvZXNu4oCZdCBmaXggaXQu IE15IGh1bmNoIGlzIHRoYXQgdGhlcmUgaXMgc29tZXRoaW5nIGxlZnQgb3ZlciBhc3NvY2lhdGVk IHdpdGggdGhvc2UgYWNjb3VudHMgdGhhdOKAmXMgYnJlYWtpbmcgdGhpcy4gVG8gYmUgY2xlYXIs IEnigJl2ZSBhbHJlYWR5IHJlbW92ZWQgdGhlIGxlZ2FjeSBwcm92aWRlcjoNCg0KZW5naW5lLW1h bmFnZS1kb21haW5zIGxpc3QNCkxlZ2FjeSBrZXJiZXJvcy9sZGFwIGRpcmVjdG9yeSBpbnRlZ3Jh dGlvbiBpcyBvYnNvbGV0ZWQgYW5kIHdpbGwgYmUgcmVtb3ZlZCBpbiA0LjAgdmVyc2lvbiBhbG9u ZyB3aXRoIHRoZSBlbmdpbmUtbWFuYWdlLWRvbWFpbnMgdXRpbGl0eS4gUGxlYXNlIG1pZ3JhdGUg dG8gb3ZpcnQtZW5naW5lLWV4dGVuc2lvbi1hYWEtbGRhcCBwcm92aWRlciBvciBjb250YWN0IHN1 cHBvcnQgZm9yIGFzc2lzdGFuY2UuDQoNCk1hbmFnZSBEb21haW5zIGNvbXBsZXRlZCBzdWNjZXNz ZnVsbHkNCg0KV2hlcmUgZWxzZSBzaG91bGQgSSBsb29rIHRvIHRyb3VibGVzaG9vdD8gQW55IHN1 Z2dlc3Rpb25zIGFwcHJlY2lhdGVkLiBUaGFua3MhDQoNCkJlc3QsDQpEYW5pZWwNCg0KDQoNCg0K DQoNCg0K --_000_04BADA2BE93C4A10A146D05F3F04B4E4ingramcontentcom_ Content-Type: text/html; charset=UTF-8 Content-ID: <FF1B59ACC5EE1C47951BCD107C840854@namprd12.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iVGl0bGUiIGNvbnRlbnQ9IiI+DQo8bWV0YSBuYW1lPSJLZXl3b3JkcyIgY29udGVu dD0iIj4NCjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUg KGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxlPjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8N CkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0 IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJ cGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8N CnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsN CgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWls eTpDYWxpYnJpO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFu LkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZvbnQt ZmFtaWx5OkNhbGlicmk7DQoJY29sb3I6d2luZG93dGV4dDt9DQpzcGFuLm1zb0lucw0KCXttc28t c3R5bGUtdHlwZTpleHBvcnQtb25seTsNCgltc28tc3R5bGUtbmFtZToiIjsNCgl0ZXh0LWRlY29y YXRpb246dW5kZXJsaW5lOw0KCWNvbG9yOnRlYWw7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0 eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6Q2FsaWJyaTt9DQpAcGFnZSBXb3Jk U2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGlu IDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9z dHlsZT4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIiBsYW5nPSJFTi1VUyIgbGluaz0i IzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5JIGhhdmUg YmVlbiB1cGRhdGluZyBvdXIgb1ZpcnQgMy42ICgzLjYuNy41LTEpIGVudmlyb25tZW50IGluIHBy ZXBhcmF0aW9uIGZvciB1cGdyYWRpbmcgdG8gb1ZpcnQgNC4NCjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdCI+V2UgaGFkIGJlZW4gdXNpbmcgdGhlIGxlZ2FjeSBBRCBj b25uZWN0aW9uICh2aWEgZW5naW5lLW1hbmFnZS1kb21haW5zKSwgYW5kIHNpbmNlIHRoYXTigJlz IG5vIGxvbmdlciBhdmFpbGFibGUgaW4gb1ZpcnQgNCwgdGhpcyB3YXMgYSBwcmlvcnR5LiAoSSBw dXQgdGhpcyBvZmYgYXMgbG9uZyBhcyBJIGNvdWxkIOKAkyBJIGZvdW5kIHRoZSBuZXcgbWV0aG9k IGEgc3RlcA0KIGJhY2sgaW4gZWFzZSBvZiB1c2UuKTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdCI+U28gZm9sbG93aW5nIHRoZSBkb2N1bWVudGF0aW9uIEkgc2V0dXAg 4oCYb3ZpcnQtZW5naW5lLWV4dGVuc2lvbi1hYWEtbGRhcOKAmSwgY29ubmVjdGluZyB0byB0aGUg c2FtZSBBY3RpdmUgRGlyZWN0b3J5IGZvcmVzdC4gSXQgc2VlbWVkIHRvIHdvcms7IEkgd2FzIGFi bGUgdG8gbG9vayB1cCB1c2Vycy4gQnV0IG5vbmUgb2YgdGhlIGV4aXN0aW5nIEFEIHVzZXJzIHRo YXQNCiB3ZSBoYWQgYmVlbiB1c2luZyBpbiBvVmlydCB3ZXJlIGFibGUgdG8gbG9nIGluIHRvIHRo ZSBhZG1pbiBvciB1c2VyIHBvcnRhbCwgdXNpbmcgdGhlIG5ldyBleHRlbnNpb24uIFRoZSBlcnJv ciBpcyDigJxHZW5lcmFsIGNvbW1hbmQgdmFsaWRhdGlvbiBmYWlsdXJlLuKAnS4gKFdoZXJlYXMg aWYgeW91IGVudGVyIGEgd3JvbmcgcGFzc3dvcmQsIHlvdSBnZXQgdGhlIGV4cGVjdGVkIHdyb25n IHBhc3N3b3JkIGVycm9yLik8Yj4gJm5ic3A7PC9iPkhlcmXigJlzIHdoYXQNCiAvdmFyL2xvZy9v dmlydC1lbmdpbmUvZW5naW5lLmxvZyBzaG93cyBmb3Ig4oCcbXl1c2Vy4oCdOjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0Ij57RXh0a2V5W25hbWU9RVhURU5TSU9OX0lOVk9LRV9DT05URVhUO3R5cGU9Y2xhc3Mg b3JnLm92aXJ0LmVuZ2luZS5hcGkuZXh0ZW5zaW9ucy5FeHRNYXA7dXVpZD1FWFRFTlNJT05fSU5W T0tFX0NPTlRFWFRbODg2ZDJlYmItMzEyYS00OWFlLTljYzMtZTFmODQ5ODM0YjdkXTtdPXtFeHRr ZXlbbmFtZT1FWFRFTlNJT05fSU5URVJGQUNFX1ZFUlNJT05fTUFYO3R5cGU9Y2xhc3MNCiBqYXZh LmxhbmcuSW50ZWdlcjt1dWlkPUVYVEVOU0lPTl9JTlRFUkZBQ0VfVkVSU0lPTl9NQVhbZjRjZmY0 OWYtMjcxNy00OTAxLThlZTktZGYzNjI0NDZlM2U3XTtdPTAsIEV4dGtleVtuYW1lPUVYVEVOU0lP Tl9MSUNFTlNFO3R5cGU9Y2xhc3MgamF2YS5sYW5nLlN0cmluZzt1dWlkPUVYVEVOU0lPTl9MSUNF TlNFWzhhNjFhZDY1LTA1NGMtNGUzMS05YzZkLTFjYTRkNjBhNGMxOF07XT1BU0wgMi4wLCBFeHRr ZXlbbmFtZT1FWFRFTlNJT05fTk9URVM7dHlwZT1jbGFzcw0KIGphdmEubGFuZy5TdHJpbmc7dXVp ZD1FWFRFTlNJT05fTk9URVNbMmRhNWFkN2UtMTg1YS00NTg0LWFhZmYtOTdmNjY5NzhlNGVhXTtd PURpc3BsYXkgbmFtZTogb3ZpcnQtZW5naW5lLWV4dGVuc2lvbi1hYWEtbGRhcC0xLjEuNC0xLmVs NywgRXh0a2V5W25hbWU9RVhURU5TSU9OX0hPTUVfVVJMO3R5cGU9Y2xhc3MgamF2YS5sYW5nLlN0 cmluZzt1dWlkPUVYVEVOU0lPTl9IT01FX1VSTFs0YWQ3YTJmNC1mOTY5LTQyZDQtYjM5OS03MmQx OTJlMTgzMDRdO109aHR0cDovL3d3dy5vdmlydC5vcmcsDQogRXh0a2V5W25hbWU9RVhURU5TSU9O X0xPQ0FMRTt0eXBlPWNsYXNzIGphdmEubGFuZy5TdHJpbmc7dXVpZD1FWFRFTlNJT05fTE9DQUxF WzA3ODBiMTEyLTBjZTAtNDA0YS1iODVlLTg3NjVkNzc4YmIyOV07XT1lbl9VUywgRXh0a2V5W25h bWU9RVhURU5TSU9OX05BTUU7dHlwZT1jbGFzcyBqYXZhLmxhbmcuU3RyaW5nO3V1aWQ9RVhURU5T SU9OX05BTUVbNjUxMzgxZDMtZjU0Zi00NTQ3LWJmMjgtYjBiMDFhMTAzMTg0XTtdPW92aXJ0LWVu Z2luZS1leHRlbnNpb24tYWFhLWxkYXAuYXV0aHosDQogRXh0a2V5W25hbWU9RVhURU5TSU9OX0lO VEVSRkFDRV9WRVJTSU9OX01JTjt0eXBlPWNsYXNzIGphdmEubGFuZy5JbnRlZ2VyO3V1aWQ9RVhU RU5TSU9OX0lOVEVSRkFDRV9WRVJTSU9OX01JTlsyYjg0ZmM5MS0zMDViLTQ5N2ItYTFkNy1kOTYx YjlkMmNlMGJdO109MCwgRXh0a2V5W25hbWU9RVhURU5TSU9OX0NPTkZJR1VSQVRJT047dHlwZT1j bGFzcyBqYXZhLnV0aWwuUHJvcGVydGllczt1dWlkPUVYVEVOU0lPTl9DT05GSUdVUkFUSU9OWzJk NDhhYjcyLWYwYTEtNDMxMi1iNGFlLTUwNjhhMjI2YjBmY107XT0qKiosDQogRXh0a2V5W25hbWU9 RVhURU5TSU9OX0FVVEhPUjt0eXBlPWNsYXNzIGphdmEubGFuZy5TdHJpbmc7dXVpZD1FWFRFTlNJ T05fQVVUSE9SW2VmMjQyZjdhLTJkYWQtNGJjNS05YWFkLWUwNzAxOGI3ZmJjY107XT1UaGUgb1Zp cnQgUHJvamVjdCwgRXh0a2V5W25hbWU9QUFBX0FVVEhaX1FVRVJZX01BWF9GSUxURVJfU0laRTt0 eXBlPWNsYXNzIGphdmEubGFuZy5JbnRlZ2VyO3V1aWQ9QUFBX0FVVEhaX1FVRVJZX01BWF9GSUxU RVJfU0laRVsyZWIxZjU0MS0wZjY1LTQ0YTEtYTZlMy0wMTRlMjQ3NTk1ZjVdO109NTAsDQogRXh0 a2V5W25hbWU9RVhURU5TSU9OX0lOU1RBTkNFX05BTUU7dHlwZT1jbGFzcyBqYXZhLmxhbmcuU3Ry aW5nO3V1aWQ9RVhURU5TSU9OX0lOU1RBTkNFX05BTUVbNjVjNjdmZjYtYWVjYS00YmQ1LWEyNDUt ODY3NDMyN2YwMTFiXTtdPWluZ3JhbWNvbnRlbnQuY29tLCBFeHRrZXlbbmFtZT1FWFRFTlNJT05f QlVJTERfSU5URVJGQUNFX1ZFUlNJT047dHlwZT1jbGFzcyBqYXZhLmxhbmcuSW50ZWdlcjt1dWlk PUVYVEVOU0lPTl9CVUlMRF9JTlRFUkZBQ0VfVkVSU0lPTltjYjQ3OWU1YS00YjIzLTQ2ZjgtYWVk My01NmE0NzQ3YThhYjddO109MCwNCiBFeHRrZXlbbmFtZT1FWFRFTlNJT05fQ09ORklHVVJBVElP Tl9TRU5TSVRJVkVfS0VZUzt0eXBlPWludGVyZmFjZSBqYXZhLnV0aWwuQ29sbGVjdGlvbjt1dWlk PUVYVEVOU0lPTl9DT05GSUdVUkFUSU9OX1NFTlNJVElWRV9LRVlTW2E0NTZlZmExLTczZmYtNDIw NC05ZjliLWViZmYwMWUzNTI2M107XT1bXSwgRXh0a2V5W25hbWU9RVhURU5TSU9OX0dMT0JBTF9D T05URVhUO3R5cGU9Y2xhc3Mgb3JnLm92aXJ0LmVuZ2luZS5hcGkuZXh0ZW5zaW9ucy5FeHRNYXA7 dXVpZD1FWFRFTlNJT05fR0xPQkFMX0NPTlRFWFRbOTc5OWU3MmYtN2FmNi00Y2YxLWJmMDgtMjk3 YmM4OTAzNjc2XTtdPSpza2lwKiwNCiBFeHRrZXlbbmFtZT1FWFRFTlNJT05fVkVSU0lPTjt0eXBl PWNsYXNzIGphdmEubGFuZy5TdHJpbmc7dXVpZD1FWFRFTlNJT05fVkVSU0lPTltmZTM1ZjZhOC04 MjM5LTRiZGItYWIxYS1hZjlmNzc5Y2U2OGNdO109MS4xLjQsIEV4dGtleVtuYW1lPUFBQV9BVVRI Wl9BVkFJTEFCTEVfTkFNRVNQQUNFUzt0eXBlPWludGVyZmFjZSBqYXZhLnV0aWwuQ29sbGVjdGlv bjt1dWlkPUFBQV9BVVRIWl9BVkFJTEFCTEVfTkFNRVNQQUNFU1s2ZGZmYTM0Yy05NTVmLTQ4NmEt YmQzNS0wYTI3MmI0NWE3MTFdO109W0RDPWluZ3JhbWNvbnRlbnQsREM9Y29tXSwNCiBFeHRrZXlb bmFtZT1FWFRFTlNJT05fTUFOQUdFUl9UUkFDRV9MT0c7dHlwZT1pbnRlcmZhY2Ugb3JnLnNsZjRq LkxvZ2dlcjt1dWlkPUVYVEVOU0lPTl9NQU5BR0VSX1RSQUNFX0xPR1s4NjNkYjY2Ni0zZWE3LTQ3 NTEtOTY5NS05MThhMzE5N2FkODNdO109b3JnLnNsZjRqLmltcGwuU2xmNGpMb2dnZXIob3JnLm92 aXJ0LmVuZ2luZS5jb3JlLmV4dGVuc2lvbnMubWdyLkV4dGVuc2lvbnNNYW5hZ2VyLnRyYWNlLm92 aXJ0LWVuZ2luZS1leHRlbnNpb24tYWFhLWxkYXAuYXV0aHouaW5ncmFtY29udGVudC5jb20pLA0K IEV4dGtleVtuYW1lPUVYVEVOU0lPTl9QUk9WSURFUzt0eXBlPWludGVyZmFjZSBqYXZhLnV0aWwu Q29sbGVjdGlvbjt1dWlkPUVYVEVOU0lPTl9QUk9WSURFU1s4Y2YzNzNhNi02NWI1LTQ1OTQtYjgy OC0wZTI3NTA4N2RlOTFdO109W29yZy5vdmlydC5lbmdpbmUuYXBpLmV4dGVuc2lvbnMuYWFhLkF1 dGh6XSwgRXh0a2V5W25hbWU9RVhURU5TSU9OX0NPTkZJR1VSQVRJT05fRklMRTt0eXBlPWNsYXNz IGphdmEubGFuZy5TdHJpbmc7dXVpZD1FWFRFTlNJT05fQ09ORklHVVJBVElPTl9GSUxFWzRmYjBm ZmQzLTk4M2MtNGYzZi05OGZmLTk2NjBiZDY3YWY2YV07XT0vZXRjL292aXJ0LWVuZ2luZS9leHRl bnNpb25zLmQvSU5HUkFNQ09OVEVOVC5DT00ucHJvcGVydGllc30sDQogRXh0a2V5W25hbWU9QUFB X0FVVEhaX1FVRVJZX0ZMQUdTO3R5cGU9Y2xhc3MgamF2YS5sYW5nLkludGVnZXI7dXVpZD1BQUFf QVVUSFpfUVVFUllfRkxBR1NbOTdkMjI2ZTktOGQ4Ny00OWEwLTlhN2YtYWY2ODkzMjA5MDdiXTtd PTMsIEV4dGtleVtuYW1lPUFBQV9BVVRIWl9QUklOQ0lQQUw7dHlwZT1jbGFzcyBqYXZhLmxhbmcu U3RyaW5nO3V1aWQ9QUFBX0FVVEhaX1BSSU5DSVBBTFthM2MxZDVjYS1mMWVhLTEzMWMtODZhZS1h MWVjYmNhZGQ2YjddO109bXl1c2VyQGluZ3JhbWNvbnRlbnQuY29tLA0KIEV4dGtleVtuYW1lPUVY VEVOU0lPTl9JTlZPS0VfQ09NTUFORDt0eXBlPWNsYXNzIG9yZy5vdmlydC5lbmdpbmUuYXBpLmV4 dGVuc2lvbnMuRXh0VVVJRDt1dWlkPUVYVEVOU0lPTl9JTlZPS0VfQ09NTUFORFs0ODU3NzhhYi1i ZWRlLTRmMWEtYjgyMy03N2IyNjJhMmYyOGRdO109QUFBX0FVVEhaX0ZFVENIX1BSSU5DSVBBTF9S RUNPUkRbNWE1YmY5YmItOTMzNi00Mzc2LWE4MjMtMjZlZmUxYmEyNmRmXSwgRXh0a2V5W25hbWU9 QUFBX0FVVEhOX0FVVEhfUkVDT1JEO3R5cGU9Y2xhc3MNCiBvcmcub3ZpcnQuZW5naW5lLmFwaS5l eHRlbnNpb25zLkV4dE1hcDt1dWlkPUFBQV9BVVRITl9BVVRIX1JFQ09SRFtlOTQ2MjE2OC1iNTNi LTQ0YWMtOWFmNS1mMjVlMTY5NzE3M2VdO109e0V4dGtleVtuYW1lPUFBQV9BVVRITl9BVVRIX1JF Q09SRF9QUklOQ0lQQUw7dHlwZT1jbGFzcyBqYXZhLmxhbmcuU3RyaW5nO3V1aWQ9QUFBX0FVVEhO X0FVVEhfUkVDT1JEX1BSSU5DSVBBTFtjMzQ5OGYwNy0xMWZlLTQ2NGMtOTU4Yy04YmQ3NDkwYjEx OWFdO109bXl1c2VyQGluZ3JhbWNvbnRlbnQuY29tfX08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+e0V4dGtl eVtuYW1lPUVYVEVOU0lPTl9JTlZPS0VfUkVTVUxUO3R5cGU9Y2xhc3MgamF2YS5sYW5nLkludGVn ZXI7dXVpZD1FWFRFTlNJT05fSU5WT0tFX1JFU1VMVFswOTA5ZDkxZC04YmRlLTQwZmItYjZjMC0w OTljNzcyZGRkNGVdO109MiwgRXh0a2V5W25hbWU9RVhURU5TSU9OX0lOVk9LRV9NRVNTQUdFO3R5 cGU9Y2xhc3MgamF2YS5sYW5nLlN0cmluZzt1dWlkPUVYVEVOU0lPTl9JTlZPS0VfTUVTU0FHRVti N2IwNTNkZS1kYzczLTRiZjctOWQyNi1iOGJkYjcyZjU4OTNdO109Q2Fubm90DQogcmVzb2x2ZSBw cmluY2lwYWwgJ215dXNlckBpbmdyYW1jb250ZW50LmNvbSd9PG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0Ij5JIGxvZ2dlZCBpbiB3aXRoIHRoZSBsb2NhbCDigJhhZG1p buKAmSBhY2NvdW50IGFuZCBhZGRlZCBzb21lIGFkZGl0aW9uYWwgdXNlcnMgZnJvbSBBRC4gVGhl biBJIGZvdW5kIHRoYXQgdGhvc2UgbmV3bHkgYWRkZWQgdXNlcnMgKjxiPmNvdWxkPC9iPiogbG9n IGluIGp1c3QgZmluZS4gSXTigJlzIG9ubHkgYSBwcm9ibGVtIHdpdGggdXNlcnMgdGhhdCB3ZSBo YWQgcHJldmlvdXNseQ0KIGFkZGVkIHdoZW4gdGhlIGxlZ2FjeTxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5M REFQIHByb3ZpZGVyIHdhcyB1c2VkLiBJ4oCZdmUgdHJpZWQgcmVtb3ZpbmcgYW5kIHJlLWFkZGlu ZyB0aG9zZSBleGlzdGluZyB1c2VycywgYnV0IHRoYXQgZG9lc27igJl0IGZpeCBpdC4gTXkgaHVu Y2ggaXMgdGhhdCB0aGVyZSBpcyBzb21ldGhpbmcgbGVmdCBvdmVyIGFzc29jaWF0ZWQgd2l0aCB0 aG9zZSBhY2NvdW50cyB0aGF04oCZcyBicmVha2luZyB0aGlzLiBUbw0KIGJlIGNsZWFyLCBJ4oCZ dmUgYWxyZWFkeSByZW1vdmVkIHRoZSBsZWdhY3kgcHJvdmlkZXI6PG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5lbmdpbmUtbWFuYWdlLWRvbWFpbnMgbGlzdDxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0Ij5MZWdhY3kga2VyYmVyb3MvbGRhcCBkaXJlY3RvcnkgaW50ZWdyYXRpb24g aXMgb2Jzb2xldGVkIGFuZCB3aWxsIGJlIHJlbW92ZWQgaW4gNC4wIHZlcnNpb24gYWxvbmcgd2l0 aCB0aGUgZW5naW5lLW1hbmFnZS1kb21haW5zIHV0aWxpdHkuIFBsZWFzZSBtaWdyYXRlIHRvIG92 aXJ0LWVuZ2luZS1leHRlbnNpb24tYWFhLWxkYXAgcHJvdmlkZXIgb3IgY29udGFjdA0KIHN1cHBv cnQgZm9yIGFzc2lzdGFuY2UuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0Ij5NYW5hZ2UgRG9tYWlucyBjb21wbGV0ZWQgc3VjY2Vzc2Z1bGx5PG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5XaGVyZSBlbHNlIHNob3VsZCBJIGxvb2sgdG8g dHJvdWJsZXNob290PyBBbnkgc3VnZ2VzdGlvbnMgYXBwcmVjaWF0ZWQuIFRoYW5rcyE8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPkJlc3QsPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQiPkRhbmllbDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86 cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwv aHRtbD4NCg== --_000_04BADA2BE93C4A10A146D05F3F04B4E4ingramcontentcom_--
On 10/26/2016 06:31 PM, Beckman, Daniel wrote:
I have been updating our oVirt 3.6 (3.6.7.5-1) environment in preparation for upgrading to oVirt 4.
We had been using the legacy AD connection (via engine-manage-domains), and since that’s no longer available in oVirt 4, this was a priorty. (I put this off as long as I could – I found the new method a step back in ease of use.)
So following the documentation I setup ‘ovirt-engine-extension-aaa-ldap’, connecting to the same Active Directory forest. It seemed to work; I was able to look up users. But none of the existing AD users that we had been using in oVirt were able to log in to the admin or user portal, using the new extension. The error is “General command validation failure.”. (Whereas if you enter a wrong password, you get the expected wrong password error.)* *Here’s what /var/log/ovirt-engine/engine.log shows for “myuser”:
{Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.1.4-1.el7, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authz, Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=50, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=ingramcontent.com, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.1.4, Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[DC=ingramcontent,DC=com], Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authz.ingramcontent.com), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz], Extkey[name=EXTENSION_CONFIGURATION_FILE;type=class java.lang.String;uuid=EXTENSION_CONFIGURATION_FILE[4fb0ffd3-983c-4f3f-98ff-9660bd67af6a];]=/etc/ovirt-engine/extensions.d/INGRAMCONTENT.COM.properties}, Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, Extkey[name=AAA_AUTHZ_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHZ_PRINCIPAL[a3c1d5ca-f1ea-131c-86ae-a1ecbcadd6b7];]=myuser@ingramcontent.com, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=myuser@ingramcontent.com}}
{Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=Cannot resolve principal 'myuser@ingramcontent.com'}
"Cannot resolve principal 'myuser@ingramcontent.com'" ^ This error usually means that 'myuser' has different UPN than 'myuser@ingramcontent.com'. ovirt-engine-extension-aaa-ldap uses UPN to login instead of SAM account name. So you should check what UPN the user 'myuser' has and login with it.
I logged in with the local ‘admin’ account and added some additional users from AD. Then I found that those newly added users **could** log in just fine. It’s only a problem with users that we had previously added when the legacy
LDAP provider was used. I’ve tried removing and re-adding those existing users, but that doesn’t fix it. My hunch is that there is something left over associated with those accounts that’s breaking this. To be clear, I’ve already removed the legacy provider:
engine-manage-domains list
Legacy kerberos/ldap directory integration is obsoleted and will be removed in 4.0 version along with the engine-manage-domains utility. Please migrate to ovirt-engine-extension-aaa-ldap provider or contact support for assistance.
Manage Domains completed successfully
Where else should I look to troubleshoot? Any suggestions appreciated. Thanks!
Best,
Daniel
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
That’s it! Some background: within our IT department most of us have a regular user account and an administrative account. For the later account type, the UPN and SAM account name happen to be the same (e.g. jdoeadmin@example.com) whereas for regular users UPN is something like John.Doe@example..com. When I used the UPN name (e.g. john.doe) the login worked fine. We can work with that. But is there a way to change it to using SAM account name? Thanks, Daniel On 10/26/16, 12:58 PM, "Ondra Machacek" <omachace@redhat.com> wrote: On 10/26/2016 06:31 PM, Beckman, Daniel wrote: > I have been updating our oVirt 3.6 (3.6.7.5-1) environment in > preparation for upgrading to oVirt 4. > > > > We had been using the legacy AD connection (via engine-manage-domains), > and since that’s no longer available in oVirt 4, this was a priorty. (I > put this off as long as I could – I found the new method a step back in > ease of use.) > > > > So following the documentation I setup > ‘ovirt-engine-extension-aaa-ldap’, connecting to the same Active > Directory forest. It seemed to work; I was able to look up users. But > none of the existing AD users that we had been using in oVirt were able > to log in to the admin or user portal, using the new extension. The > error is “General command validation failure.”. (Whereas if you enter a > wrong password, you get the expected wrong password error.)* *Here’s > what /var/log/ovirt-engine/engine.log shows for “myuser”: > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class > java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, > Extkey[name=EXTENSION_LICENSE;type=class > java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL > 2.0, Extkey[name=EXTENSION_NOTES;type=class > java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display > name: ovirt-engine-extension-aaa-ldap-1.1.4-1.el7, > Extkey[name=EXTENSION_HOME_URL;type=class > java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=http://www.ovirt.org, > Extkey[name=EXTENSION_LOCALE;type=class > java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, > Extkey[name=EXTENSION_NAME;type=class > java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authz, > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, > Extkey[name=EXTENSION_CONFIGURATION;type=class > java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, > Extkey[name=EXTENSION_AUTHOR;type=class > java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The > oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=50, > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=ingramcontent.com, > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, > Extkey[name=EXTENSION_VERSION;type=class > java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.1.4, > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[DC=ingramcontent,DC=com], > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authz.ingramcontent.com), > Extkey[name=EXTENSION_PROVIDES;type=interface > java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz], > Extkey[name=EXTENSION_CONFIGURATION_FILE;type=class > java.lang.String;uuid=EXTENSION_CONFIGURATION_FILE[4fb0ffd3-983c-4f3f-98ff-9660bd67af6a];]=/etc/ovirt-engine/extensions.d/INGRAMCONTENT.COM.properties}, > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, > Extkey[name=AAA_AUTHZ_PRINCIPAL;type=class > java.lang.String;uuid=AAA_AUTHZ_PRINCIPAL[a3c1d5ca-f1ea-131c-86ae-a1ecbcadd6b7];]=myuser@ingramcontent.com, > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class > java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=myuser@ingramcontent.com}} > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, > Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class > java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=Cannot > resolve principal 'myuser@ingramcontent.com'} "Cannot resolve principal 'myuser@ingramcontent.com'" ^ This error usually means that 'myuser' has different UPN than 'myuser@ingramcontent.com'. ovirt-engine-extension-aaa-ldap uses UPN to login instead of SAM account name. So you should check what UPN the user 'myuser' has and login with it. > > > > I logged in with the local ‘admin’ account and added some additional > users from AD. Then I found that those newly added users **could** log > in just fine. It’s only a problem with users that we had previously > added when the legacy > > LDAP provider was used. I’ve tried removing and re-adding those existing > users, but that doesn’t fix it. My hunch is that there is something left > over associated with those accounts that’s breaking this. To be clear, > I’ve already removed the legacy provider: > > > > engine-manage-domains list > > Legacy kerberos/ldap directory integration is obsoleted and will be > removed in 4.0 version along with the engine-manage-domains utility. > Please migrate to ovirt-engine-extension-aaa-ldap provider or contact > support for assistance. > > > > Manage Domains completed successfully > > > > Where else should I look to troubleshoot? Any suggestions appreciated. > Thanks! > > > > Best, > > Daniel > > > > > > > > > > > > > > > > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >
Unfortunatelly no, we decided to use UPN instead of SAM account name, because SAM account name is limit IIRC to 15 characters, while UPN is not limited. On 10/26/2016 08:58 PM, Beckman, Daniel wrote:
That’s it! Some background: within our IT department most of us have a regular user account and an administrative account. For the later account type, the UPN and SAM account name happen to be the same (e.g. jdoeadmin@example.com) whereas for regular users UPN is something like John.Doe@example..com. When I used the UPN name (e.g. john.doe) the login worked fine.
We can work with that. But is there a way to change it to using SAM account name?
Thanks, Daniel
On 10/26/16, 12:58 PM, "Ondra Machacek" <omachace@redhat.com> wrote:
On 10/26/2016 06:31 PM, Beckman, Daniel wrote: > I have been updating our oVirt 3.6 (3.6.7.5-1) environment in > preparation for upgrading to oVirt 4. > > > > We had been using the legacy AD connection (via engine-manage-domains), > and since that’s no longer available in oVirt 4, this was a priorty. (I > put this off as long as I could – I found the new method a step back in > ease of use.) > > > > So following the documentation I setup > ‘ovirt-engine-extension-aaa-ldap’, connecting to the same Active > Directory forest. It seemed to work; I was able to look up users. But > none of the existing AD users that we had been using in oVirt were able > to log in to the admin or user portal, using the new extension. The > error is “General command validation failure.”. (Whereas if you enter a > wrong password, you get the expected wrong password error.)* *Here’s > what /var/log/ovirt-engine/engine.log shows for “myuser”: > > {Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class > org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class > java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, > Extkey[name=EXTENSION_LICENSE;type=class > java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL > 2.0, Extkey[name=EXTENSION_NOTES;type=class > java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display > name: ovirt-engine-extension-aaa-ldap-1.1.4-1.el7, > Extkey[name=EXTENSION_HOME_URL;type=class > java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=http://www.ovirt.org, > Extkey[name=EXTENSION_LOCALE;type=class > java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, > Extkey[name=EXTENSION_NAME;type=class > java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authz, > Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class > java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, > Extkey[name=EXTENSION_CONFIGURATION;type=class > java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, > Extkey[name=EXTENSION_AUTHOR;type=class > java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The > oVirt Project, Extkey[name=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE;type=class > java.lang.Integer;uuid=AAA_AUTHZ_QUERY_MAX_FILTER_SIZE[2eb1f541-0f65-44a1-a6e3-014e247595f5];]=50, > Extkey[name=EXTENSION_INSTANCE_NAME;type=class > java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=ingramcontent.com, > Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class > java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, > Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface > java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], > Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class > org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, > Extkey[name=EXTENSION_VERSION;type=class > java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.1.4, > Extkey[name=AAA_AUTHZ_AVAILABLE_NAMESPACES;type=interface > java.util.Collection;uuid=AAA_AUTHZ_AVAILABLE_NAMESPACES[6dffa34c-955f-486a-bd35-0a272b45a711];]=[DC=ingramcontent,DC=com], > Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface > org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authz.ingramcontent.com), > Extkey[name=EXTENSION_PROVIDES;type=interface > java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authz], > Extkey[name=EXTENSION_CONFIGURATION_FILE;type=class > java.lang.String;uuid=EXTENSION_CONFIGURATION_FILE[4fb0ffd3-983c-4f3f-98ff-9660bd67af6a];]=/etc/ovirt-engine/extensions.d/INGRAMCONTENT.COM.properties}, > Extkey[name=AAA_AUTHZ_QUERY_FLAGS;type=class > java.lang.Integer;uuid=AAA_AUTHZ_QUERY_FLAGS[97d226e9-8d87-49a0-9a7f-af689320907b];]=3, > Extkey[name=AAA_AUTHZ_PRINCIPAL;type=class > java.lang.String;uuid=AAA_AUTHZ_PRINCIPAL[a3c1d5ca-f1ea-131c-86ae-a1ecbcadd6b7];]=myuser@ingramcontent.com, > Extkey[name=EXTENSION_INVOKE_COMMAND;type=class > org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHZ_FETCH_PRINCIPAL_RECORD[5a5bf9bb-9336-4376-a823-26efe1ba26df], > Extkey[name=AAA_AUTHN_AUTH_RECORD;type=class > org.ovirt.engine.api.extensions.ExtMap;uuid=AAA_AUTHN_AUTH_RECORD[e9462168-b53b-44ac-9af5-f25e1697173e];]={Extkey[name=AAA_AUTHN_AUTH_RECORD_PRINCIPAL;type=class > java.lang.String;uuid=AAA_AUTHN_AUTH_RECORD_PRINCIPAL[c3498f07-11fe-464c-958c-8bd7490b119a];]=myuser@ingramcontent.com}} > > {Extkey[name=EXTENSION_INVOKE_RESULT;type=class > java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, > Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class > java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=Cannot > resolve principal 'myuser@ingramcontent.com'}
"Cannot resolve principal 'myuser@ingramcontent.com'"
^ This error usually means that 'myuser' has different UPN than 'myuser@ingramcontent.com'. ovirt-engine-extension-aaa-ldap uses UPN to login instead of SAM account name. So you should check what UPN the user 'myuser' has and login with it.
> > > > I logged in with the local ‘admin’ account and added some additional > users from AD. Then I found that those newly added users **could** log > in just fine. It’s only a problem with users that we had previously > added when the legacy > > LDAP provider was used. I’ve tried removing and re-adding those existing > users, but that doesn’t fix it. My hunch is that there is something left > over associated with those accounts that’s breaking this. To be clear, > I’ve already removed the legacy provider: > > > > engine-manage-domains list > > Legacy kerberos/ldap directory integration is obsoleted and will be > removed in 4.0 version along with the engine-manage-domains utility. > Please migrate to ovirt-engine-extension-aaa-ldap provider or contact > support for assistance. > > > > Manage Domains completed successfully > > > > Where else should I look to troubleshoot? Any suggestions appreciated. > Thanks! > > > > Best, > > Daniel > > > > > > > > > > > > > > > > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >
participants (2)
-
Beckman, Daniel -
Ondra Machacek