[Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups

Hi All, I managed to use OpenLDAP to integrate with oVirt 3.4.0-0.5.beta1. For this, I followed (more or less, I used a Raspberry Pi and Raspbian) instructions as found on http://www.ovirt.org/LDAP_Quick_Start It all seems to work well, I am able to connect to a domain, login etc. and assign some roles to users. However, I cannot use (ldap) groups it seems. I cann add a group in the ovirt gui, but (in the tab General) "Active" remain "false". A I missing something...? Winfried

----- Original Message -----
From: "Winfried de Heiden - Voorwinde" <wdh@dds.nl> To: users@ovirt.org Sent: Sunday, February 2, 2014 5:09:01 PM Subject: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups
Hi All,
I managed to use OpenLDAP to integrate with oVirt 3.4.0-0.5.beta1. For this, I followed (more or less, I used a Raspberry Pi and Raspbian) instructions as found on http://www.ovirt.org/LDAP_Quick_Start
It all seems to work well, I am able to connect to a domain, login etc. and assign some roles to users. However, I cannot use (ldap) groups it seems. I cann add a group in the ovirt gui, but (in the tab General) "Active" remain "false".
A I missing something...?
HI Winfried, I have a question for you - When you add the group , can you use one of its user to perform an operation the group has permission to perform? for example, if the group has login permissions, can you login with a user that belongs to the group? I'm looking at the code, and this might be an issue that the "active" flag is simply not set on a group.
Winfried
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users

On 02/02/2014 11:01 PM, Yair Zaslavsky wrote:
----- Original Message -----
From: "Winfried de Heiden - Voorwinde" <wdh@dds.nl> To: users@ovirt.org Sent: Sunday, February 2, 2014 5:09:01 PM Subject: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups
Hi All,
I managed to use OpenLDAP to integrate with oVirt 3.4.0-0.5.beta1. For this, I followed (more or less, I used a Raspberry Pi and Raspbian) instructions as found on http://www.ovirt.org/LDAP_Quick_Start
It all seems to work well, I am able to connect to a domain, login etc. and assign some roles to users. However, I cannot use (ldap) groups it seems. I cann add a group in the ovirt gui, but (in the tab General) "Active" remain "false".
A I missing something...?
HI Winfried, I have a question for you - When you add the group , can you use one of its user to perform an operation the group has permission to perform? for example, if the group has login permissions, can you login with a user that belongs to the group? I'm looking at the code, and this might be an issue that the "active" flag is simply not set on a group.
Yair - why would active be set on a group?

----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Yair Zaslavsky" <yzaslavs@redhat.com>, "Winfried de Heiden - Voorwinde" <wdh@dds.nl> Cc: users@ovirt.org Sent: Monday, February 3, 2014 1:32:00 AM Subject: Re: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups
On 02/02/2014 11:01 PM, Yair Zaslavsky wrote:
----- Original Message -----
From: "Winfried de Heiden - Voorwinde" <wdh@dds.nl> To: users@ovirt.org Sent: Sunday, February 2, 2014 5:09:01 PM Subject: [Users] ovirt 3.4.0-0.5.beta1 and OpenLDAP groups
Hi All,
I managed to use OpenLDAP to integrate with oVirt 3.4.0-0.5.beta1. For this, I followed (more or less, I used a Raspberry Pi and Raspbian) instructions as found on http://www.ovirt.org/LDAP_Quick_Start
It all seems to work well, I am able to connect to a domain, login etc. and assign some roles to users. However, I cannot use (ldap) groups it seems. I cann add a group in the ovirt gui, but (in the tab General) "Active" remain "false".
A I missing something...?
HI Winfried, I have a question for you - When you add the group , can you use one of its user to perform an operation the group has permission to perform? for example, if the group has login permissions, can you login with a user that belongs to the group? I'm looking at the code, and this might be an issue that the "active" flag is simply not set on a group.
Yair - why would active be set on a group?
Itamar - I don't think there is a sense in that. At engine-core- not being set. At UI - I think the code should be revisited, in AdElementListModel there are places where we create user objects and store in side them group information. later on we store these objects at the groups collection of the model, and this model is being used to present the list of users and groups.
participants (3)
-
Itamar Heim
-
Winfried de Heiden - Voorwinde
-
Yair Zaslavsky