[Users] 3.2 beta and IPA domain question

Yair Zaslavsky yzaslavs at redhat.com
Wed Feb 6 08:35:00 UTC 2013 

I'll file a bug for this.
There is another issue here -
-addPermissions can be used at action=edit, but if not provided during action=edit for domain I already added permissions for I get the print of -

The domain example.com has been added to the engine as an authentication source but no users from that domain have been granted permissions

Which is incorrect in this case.


----- Original Message -----
> From: "Tim Hildred" <thildred at redhat.com>
> To: "Yair Zaslavsky" <yzaslavs at redhat.com>
> Cc: "users" <users at ovirt.org>, "Gianluca Cecchi" <gianluca.cecchi at gmail.com>
> Sent: Tuesday, February 5, 2013 3:25:18 AM
> Subject: Re: [Users] 3.2 beta and IPA domain question
> 
> > After "Users from this domain can be granted permissions from the
> > Web
> > administration interface." Maybe we should add "or the domain
> > should
> > be added/editted with the -addPermissions option".
> > 
> > What do you think?
> 
> I think that, by the time this message is shown, the domain has been
> added. No point in telling about how the domain _could_ have been
> added. Something like
> "Users from this domain can be granted permissions from the Web
> administration interface, or by passing the -addPermissions flag to
> engine-manage-domains."
> 
> 
> Tim Hildred, RHCE
> Content Author II - Engineering Content Services, Red Hat, Inc.
> Brisbane, Australia
> Email: thildred at redhat.com
> Internal: 8588287
> Mobile: +61 4 666 25242
> IRC: thildred
> 
> ----- Original Message -----
> > From: "Yair Zaslavsky" <yzaslavs at redhat.com>
> > To: "Gianluca Cecchi" <gianluca.cecchi at gmail.com>
> > Cc: "users" <users at ovirt.org>
> > Sent: Sunday, February 3, 2013 4:13:58 PM
> > Subject: Re: [Users] 3.2 beta and IPA domain question
> > 
> > A question about this -
> > Do you think the message printed to the user (after the domain is
> > added without -addPermissions) should be extended and have addition
> > line like
> > 
> > After "Users from this domain can be granted permissions from the
> > Web
> > administration interface." Maybe we should add "or the domain
> > should
> > be added/editted with the -addPermissions option".
> > 
> > What do you think?
> > 
> > 
> > ----- Original Message -----
> > > From: "Gianluca Cecchi" <gianluca.cecchi at gmail.com>
> > > To: "users" <users at ovirt.org>
> > > Sent: Saturday, February 2, 2013 1:22:15 AM
> > > Subject: [Users] 3.2 beta and IPA domain question
> > > 
> > > Hello,
> > > I seem to remember in RHEV 3.0 that when you configured an IPA
> > > domain,
> > > its admin was automatically configured as an admin for RHEV
> > > itself.
> > > Is it true and in case does remain true for oVirt?
> > > 
> > > I configured IPA as shipped on CentOS 6.3+updates
> > > ipa-server-2.2.0-17.el6_3.1.x86_64
> > > 
> > > I successfully added it to y oVirt 3.2 beta setup
> > > 
> > > [root at f18engine ~]# engine-manage-domains -action=add
> > > -domain=LOCALDOMAIN.LOCAL -user=admin -provider=IPA -interactive
> > > Enter password:
> > > 
> > > The domain localdomain.local has been added to the engine as an
> > > authentication source but no users from that domain have been
> > > granted
> > > permissions within the oVirt Manager.
> > > Users from this domain can be granted permissions from the Web
> > > administration interface.
> > > oVirt Engine restart is required in order for the changes to take
> > > place (service ovirt-engine restart).
> > > Manage Domains completed successfully
> > > 
> > > Then
> > > [root at f18engine ~]# systemctl try-restart ovirt-engine.service
> > > [root at f18engine ~]# systemctl status ovirt-engine.service
> > > ovirt-engine.service - oVirt Engine
> > >  Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service;
> > >  enabled)
> > >  Active: active (running) since Sat 2013-02-02 00:10:29 CET; 10s
> > >  ago
> > > Process: 32512 ExecStop=/usr/bin/engine-service stop
> > > (code=exited,
> > > status=0/SUCCESS)
> > > Process: 32520 ExecStart=/usr/bin/engine-service start
> > > (code=exited,
> > > status=0/SUCCESS)
> > > Main PID: 32521 (java)
> > >  CGroup: name=systemd:/system/ovirt-engine.service
> > >  └─32521 engine-service -server -XX:+TieredCompilation -Xms1g
> > >  -Xmx1g
> > > -XX:PermSize=256m -XX:MaxPe...
> > > 
> > > Feb 02 00:10:28 f18engine.localdomain.local systemd[1]: Starting
> > > oVirt Engine...
> > > Feb 02 00:10:29 f18engine.localdomain.local
> > > engine-service[32520]:
> > > Started engine process 32521.
> > > Feb 02 00:10:29 f18engine.localdomain.local
> > > engine-service[32520]:
> > > Starting engine-service: [  OK  ]
> > > Feb 02 00:10:29 f18engine.localdomain.local systemd[1]: Started
> > > oVirt
> > > Engine.
> > > 
> > > 
> > > Now from web admin portal I can choose the "localdomain.local"
> > > domain
> > > in drop down menu.
> > > But when I try to enter the webadmin portal I get:
> > > 
> > > User is not authorized to perform this action.
> > > 
> > > 
> > > Do I need to grant IPA admin user from internal admin before, or
> > > should it just work?
> > > 
> > > Gianluca
> > > _______________________________________________
> > > Users mailing list
> > > Users at ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> > 
>

More information about the Users mailing list