[ovirt-users] User is not authorized, ldap OK, but no user VM
Donny Davis
donny at cloudspin.me
Tue Jun 30 22:09:46 UTC 2015
You are looking for this to look like its multi tenant?
I setup CloudSpin to do exactly that. Each user can only see their own VMS.
Do I have your question correct?
Donny D
On Jun 30, 2015 5:27 PM, "David Smith" <dsmith at mypchelp.com> wrote:
> version 3.5.2-1.el6
> using ldap authz; this piece is working OK, and verified OK.
>
> I use the "Everyone" user to provide default permissions; that includes
> PowerUserRole for the data center, a bunch of usertemplatebasedVMs, some
> VnicProfileUser, DiskProfileUser, etc.
>
> I add a new user in LDAP; and verify LDAP credentials work (ie, log in to
> another system that uses the same ldap server)
> LDAP confirmed working for *other* ovirt users-- not an LDAP issue as far
> as I can tell.
>
> I do *not* specifically add each LDAP user to oVirt, they're added to
> "groups" in LDAP, so if they have the right group, they should be able to
> authenticate to oVirt and use the system without me adding each user
> individually.
>
> In any case the narrowed down problem is this:
> If the user doesn't have permissions (UserRole, etc) for *any* VMs,
> instead of logging in and getting a blank VM list, they get "User is not
> authorized to perform this action."
>
> If I add that specific user to a test placeholder VM, they can log in.
> Once they have a VM created, I can erase their user-specific permissions to
> that initial test VM and everything works as expected. They are able to log
> in, create VMs, etc.
>
> If I remove all permissions for VMs from a user, they get this error.
>
> Expected behavior:
> User without any permissions to any VMs should simply get a blank VM list
> on login. That way they can create a VM and go from there.
>
> Thanks for any help/suggestions,
> David
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150630/c30d207c/attachment-0001.html>
More information about the Users
mailing list