[ovirt-users] Cannot add new users via api after AAA migration

Ondra Machacek omachace at redhat.com
Mon Apr 18 13:53:47 UTC 2016 

On 04/18/2016 12:37 PM, Karli Sjöberg wrote:
> Hi!
>
> A little background:
> https://www.mail-archive.com/users@ovirt.org/msg31815.html
>
> Trying to add new user from webadmin gives:
> 2016-04-18 12:19:14,448 INFO  [org.ovirt.engine.core.bll.aaa.AddUserCommand] (default task-10) [53227bd6] Running command: AddUserCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group MANIPULATE_USERS with role type ADMIN
> 2016-04-18 12:19:14,466 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-10) [53227bd6] Correlation ID: 53227bd6, Call Stack: null, Custom Event ID: -1, Message: User 'Firstname.Lastname at foo.bar' was added successfully to the system.
>
> The user is then found as 'Firstname.Lastname at foo.bar@baz.foo.bar'
> under Users tab. Also possible to find user with api:
> https://engine-address.foo.bar/ovirt-engine/api/users?search=Firstname
> ...
> <user_name>Firstname.Lastname at foo.bar@baz.foo.bar</user_name>
> ...
>
> But removing the user and trying to add it again with e.g. Python
> fails:
>
> status: 404
> reason: Not Found
> detail: Entity not found: ADUSER at baz.foo.bar:: username=Firstname.Lastname at foo.bar
>
> The code, previously working with the now deprecated engine-manage-
> domains, except PRINCIPAL_NAME was just SAM_ACCOUNT_NAME without
> SUFFIX:
>
> DOMAIN_NAME = 'baz.foo.bar'
> SUFFIX = '@foo.bar'
>
> try:
>      domain = api.domains.get(name='%s' % (DOMAIN_NAME))
>      userparams = params.User()
>      userparams.set_user_name('%s%s' % (PRINCIPAL_NAME,SUFFIX))
>      userparams.set_domain(domain)

Please set ^ here also:

userparams.set_principal('%s%s' % (PRINCIPAL_NAME,SUFFIX))

in principal you should set proper UPN of user.

>      api.users.add(userparams)
> except Exception as e:
>      print e
>
> Also tried with SUFFIX = '@foo.bar at baz.foo.bar', as that´s what the
> user is called after creation, fails as well.
>
> Am I "holding it wrong" or is this a bug?
>
> /K
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list