[ovirt-users] User is not authorized, ldap OK, but no user VM
David Smith
dsmith at mypchelp.com
Tue Jun 30 22:13:05 UTC 2015
Correct, each user has their own VMs. Only a few share VMs (those
permissions are assigned manually)
The issue is that when they have 0 VMs assigned to them, the system throws
the login error that they're not authorized, at least until I add a
placeholder VM so they can log in and set themselves up.
On Tue, Jun 30, 2015 at 3:09 PM, Donny Davis <donny at cloudspin.me> wrote:
> You are looking for this to look like its multi tenant?
>
> I setup CloudSpin to do exactly that. Each user can only see their own
> VMS.
> Do I have your question correct?
>
> Donny D
> On Jun 30, 2015 5:27 PM, "David Smith" <dsmith at mypchelp.com> wrote:
>
>> version 3.5.2-1.el6
>> using ldap authz; this piece is working OK, and verified OK.
>>
>> I use the "Everyone" user to provide default permissions; that includes
>> PowerUserRole for the data center, a bunch of usertemplatebasedVMs, some
>> VnicProfileUser, DiskProfileUser, etc.
>>
>> I add a new user in LDAP; and verify LDAP credentials work (ie, log in to
>> another system that uses the same ldap server)
>> LDAP confirmed working for *other* ovirt users-- not an LDAP issue as far
>> as I can tell.
>>
>> I do *not* specifically add each LDAP user to oVirt, they're added to
>> "groups" in LDAP, so if they have the right group, they should be able to
>> authenticate to oVirt and use the system without me adding each user
>> individually.
>>
>> In any case the narrowed down problem is this:
>> If the user doesn't have permissions (UserRole, etc) for *any* VMs,
>> instead of logging in and getting a blank VM list, they get "User is not
>> authorized to perform this action."
>>
>> If I add that specific user to a test placeholder VM, they can log in.
>> Once they have a VM created, I can erase their user-specific permissions to
>> that initial test VM and everything works as expected. They are able to log
>> in, create VMs, etc.
>>
>> If I remove all permissions for VMs from a user, they get this error.
>>
>> Expected behavior:
>> User without any permissions to any VMs should simply get a blank VM list
>> on login. That way they can create a VM and go from there.
>>
>> Thanks for any help/suggestions,
>> David
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150630/22ddf94c/attachment-0001.html>
More information about the Users
mailing list