What permission do I need to get API access

We use LDAP authentication to login to ovirt cluster, actually, admin and another user account have to access API with no problem. My account does cannot access to API despite that had SuperUser privileges than those accounts that already access API. Every time I tried to access API I get next message: Error during SSO authentication access_denied: Cannot authenticate user 'diagsbuilder@ralntdom.rtptgcs.com': No valid profile found in credentials.. The account does exist and permissions to enter to portal vms What do need to do to grant access to API?

+Martin Perina <mperina@redhat.com> can you help here? Il giorno mar 7 lug 2020 alle ore 19:30 <miguel.garcia@toshibagcs.com> ha scritto:
We use LDAP authentication to login to ovirt cluster, actually, admin and another user account have to access API with no problem. My account does cannot access to API despite that had SuperUser privileges than those accounts that already access API.
Every time I tried to access API I get next message: Error during SSO authentication access_denied: Cannot authenticate user ' diagsbuilder@ralntdom.rtptgcs.com': No valid profile found in credentials..
The account does exist and permissions to enter to portal vms
What do need to do to grant access to API? _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XFIRPSPCNYTACG...
-- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV Red Hat EMEA <https://www.redhat.com/> sbonazzo@redhat.com <https://www.redhat.com/> *Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours. <https://mojo.redhat.com/docs/DOC-1199578>*

On Mon, Jul 13, 2020 at 4:37 PM Sandro Bonazzola <sbonazzo@redhat.com> wrote:
+Martin Perina <mperina@redhat.com> can you help here?
Il giorno mar 7 lug 2020 alle ore 19:30 <miguel.garcia@toshibagcs.com> ha scritto:
We use LDAP authentication to login to ovirt cluster, actually, admin and another user account have to access API with no problem. My account does cannot access to API despite that had SuperUser privileges than those accounts that already access API.
Every time I tried to access API I get next message: Error during SSO authentication access_denied: Cannot authenticate user ' diagsbuilder@ralntdom.rtptgcs.com': No valid profile found in credentials..
What part of RESTAPI action are you calling? Do you get the error while obtaining authentication token or when accessing RESTAPI URL with the token? http://ovirt.github.io/ovirt-engine-api-model/4.4/#_authentication
The account does exist and permissions to enter to portal vms
For VM portal you don't need to have administrator permissions, user permissions are enough
What do need to do to grant access to API?
As mentioned above it depends on the action you want to call using RESTAPI
_______________________________________________
Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XFIRPSPCNYTACG...
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo@redhat.com <https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours. <https://mojo.redhat.com/docs/DOC-1199578>*
-- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.

We are trying to create vm using ansible scripts. However, also tried to log into the API web https://master-server/ovirt-engine/api with authentication error messages. I think the problem is authentication method since we are using LDAP accounts, to access vm portal or api web URL we use email address too.

Hi Miguel, So could you please share your playbook with us and the exact error you are getting during its execution? On Tue, Jul 14, 2020 at 4:08 PM <miguel.garcia@toshibagcs.com> wrote:
We are trying to create vm using ansible scripts. However, also tried to log into the API web https://master-server/ovirt-engine/api with authentication error messages. I think the problem is authentication method since we are using LDAP accounts, to access vm portal or api web URL we use email address too.
There should be no difference in usernames provided into UI or RESTAPI/SDK/Ansible modules. The only thing which differs is how to provide it: 1. In UI you are providing username and the select a profile (for example username can be 'admin' and profile 'internal') 2. For RESTAPI/SDK/Ansible you are entering in the format of username@profile (for example 'admin@internal') Thanks, Martin _______________________________________________
Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/AIHD5BVBI2V4BL...
-- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.

I already figured out the problem was how to type a user account. I realize this format by going to About section in the admin portal and my account was displayed in the following way: miguel.garcia@email.com@DOMAIN I was able to login to API using the same user account at the end.
participants (3)
-
Martin Perina
-
miguel.garcia@toshibagcs.com
-
Sandro Bonazzola