[Users] 3.2 beta and IPA domain question

Yair Zaslavsky yzaslavs at redhat.com
Sun Feb 3 06:13:58 UTC 2013 

A question about this -
Do you think the message printed to the user (after the domain is added without -addPermissions) should be extended and have addition line like

After "Users from this domain can be granted permissions from the Web
administration interface." Maybe we should add "or the domain should be added/editted with the -addPermissions option".

What do you think?


----- Original Message -----
> From: "Gianluca Cecchi" <gianluca.cecchi at gmail.com>
> To: "users" <users at ovirt.org>
> Sent: Saturday, February 2, 2013 1:22:15 AM
> Subject: [Users] 3.2 beta and IPA domain question
> 
> Hello,
> I seem to remember in RHEV 3.0 that when you configured an IPA
> domain,
> its admin was automatically configured as an admin for RHEV itself.
> Is it true and in case does remain true for oVirt?
> 
> I configured IPA as shipped on CentOS 6.3+updates
> ipa-server-2.2.0-17.el6_3.1.x86_64
> 
> I successfully added it to y oVirt 3.2 beta setup
> 
> [root at f18engine ~]# engine-manage-domains -action=add
> -domain=LOCALDOMAIN.LOCAL -user=admin -provider=IPA -interactive
> Enter password:
> 
> The domain localdomain.local has been added to the engine as an
> authentication source but no users from that domain have been granted
> permissions within the oVirt Manager.
> Users from this domain can be granted permissions from the Web
> administration interface.
> oVirt Engine restart is required in order for the changes to take
> place (service ovirt-engine restart).
> Manage Domains completed successfully
> 
> Then
> [root at f18engine ~]# systemctl try-restart ovirt-engine.service
> [root at f18engine ~]# systemctl status ovirt-engine.service
> ovirt-engine.service - oVirt Engine
>  Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service;
>  enabled)
>  Active: active (running) since Sat 2013-02-02 00:10:29 CET; 10s ago
> Process: 32512 ExecStop=/usr/bin/engine-service stop (code=exited,
> status=0/SUCCESS)
> Process: 32520 ExecStart=/usr/bin/engine-service start (code=exited,
> status=0/SUCCESS)
> Main PID: 32521 (java)
>  CGroup: name=systemd:/system/ovirt-engine.service
>  └─32521 engine-service -server -XX:+TieredCompilation -Xms1g -Xmx1g
> -XX:PermSize=256m -XX:MaxPe...
> 
> Feb 02 00:10:28 f18engine.localdomain.local systemd[1]: Starting
> oVirt Engine...
> Feb 02 00:10:29 f18engine.localdomain.local engine-service[32520]:
> Started engine process 32521.
> Feb 02 00:10:29 f18engine.localdomain.local engine-service[32520]:
> Starting engine-service: [  OK  ]
> Feb 02 00:10:29 f18engine.localdomain.local systemd[1]: Started oVirt
> Engine.
> 
> 
> Now from web admin portal I can choose the "localdomain.local" domain
> in drop down menu.
> But when I try to enter the webadmin portal I get:
> 
> User is not authorized to perform this action.
> 
> 
> Do I need to grant IPA admin user from internal admin before, or
> should it just work?
> 
> Gianluca
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list