[ovirt-users] LDAP-based domain not working after upgrade?

Ondra Machacek omachace at redhat.com
Fri Aug 12 19:38:47 UTC 2016 

On 08/12/2016 05:53 PM, nicolas at devels.es wrote:
> El 2016-08-10 14:46, Nicolás escribió:
>> En 10/8/2016 2:29 p. m., Alexander Wels <awels at redhat.com> escribió:
>>
>>> On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:
>>
>>>> On Wednesday, August 10, 2016 9:10:25 AM EDT nicolas at devels.es
>>> wrote:
>>
>>>>> El 2016-08-10 08:58, Ondra Machacek escribió:
>>
>>>>> > On 08/10/2016 09:37 AM, Nicolás wrote:
>>
>>>>> >> Hi,
>>
>>>>> >>
>>
>>>>> >> We're running oVirt 4.0.1.1 [1], and we're trying to grant a
>>> permission to
>>
>>>>> >> a
>>
>>>>> >> user on a VM. Thing is when we open the 'Permissions' subtab
>>> on that
>>
>>>>> >> VM,
>>
>>>>> >> we click on Add, the LDAP backend shows up but any value
>>> entered into
>>
>>>>> >> the search box returns nothing, even when I know the values
>>> exist.
>>
>>>>> >>
>>
>>>>> >> This has been working on oVirt 3.x, we actually migrated to
>>> 4.x last
>>
>>>>> >> week and didn't notice this issue.
>>
>>>>> >>
>>
>>>>> >> Additionally, there's no combobox to choose the permission to
>>> grant?
>>
>>>>> >
>>
>>>>> > There should be combo box to choose a role.
>>
>>>>>
>>
>>>>> I've attached a screenshot, seems there's not.
>>
>>>>
>>
>>>> Its highly likely the dropdown is there, but its scrolled below
>>> the bottom
>>
>>>> of the dialog and thus you can't see it. I thought I made sure all
>>> the
>>
>>>> dialogs were working, seems like I missed one. Let me check it out
>>> and see
>>
>>>> what is going on.
>>
>>>>
>>
>>>
>>
>>> Okay I double checked, I went to the VMs main tab, selected a VM,
>>> then went to
>>
>>> the permissions sub tab. Clicked add. The dialog that popped up
>>> looks like the
>>
>>> one attached, which is what I was expecting. The one you attached
>>> appears to
>>
>>> be missing some styling, which is likely what caused the Role to
>>> Assign part
>>
>>> to be scrolled below the bottom of the page.
>>
>>>
>>
>>> Can you complete clear your cache (not shift reload, but
>>> settings->clear
>>
>>> cache). If that doesn't work can you tell us the version of the
>>> patternfly rpm
>>
>>> installed on your engine?
>>
>>>
>>
>>> Yes, I already did that, also opened the engine on different clients
>>> and the behavior is the same, I believe this is not a client issue.
>>> Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch
>>
>
> Ok, this indeed seems like a graphics problem since I am seeing this
> connecting to a machine through a VNC server and the Role combobox is
> moved down out of the dialog.
>
> However, the LDAP issue persists. When I choose the 'internal' domain, I
> can search the 'admin' user successfully, however, if I set it to be the
> LDAP domain, any search returns nothing.
>
> Any hints or ideas how to debug this?

Can you please enable debug log[1] and send it here?

[1] 
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README#L442

>
> Thanks.
>
>
>>>
>>
>>> Anyhow, I see there are lots of packages to update so I'll do so
>>> within a few days and report results.
>>
>>>
>>
>>>>> >> All this is done with the admin at internal user, so I guess
>>> this is not
>>
>>>>> >> a
>>
>>>>> >> self-permission issue.
>>
>>>>> >>
>>
>>>>> >> Interesting thing is that I can successfully log-in to the
>>> user portal
>>
>>>>> >> with a LDAP based user and manage all the VMs assigned to
>>> them.
>>
>>>>> >>
>>
>>>>> >> Just to see if there's been any configuration change, we also
>>> run the
>>
>>>>> >> ovirt-engine-extension-aaa-ldap-setup tool, the configuration
>>> it
>>
>>>>> >> returns
>>
>>>>> >> is pretty similar to ours, and even the test commands (Login,
>>> Search)
>>
>>>>> >> work successfully (I can see search returning user's data
>>> like name,
>>
>>>>> >> surname, ...). We even applied this configuration to engine
>>> to see if
>>
>>>>> >> it
>>
>>>>> >> makes a difference but the result is the same, the search
>>> dialog
>>
>>>>> >> returns
>>
>>>>> >> nothing and neither I can see the permission to grant.
>>
>>>>> >>
>>
>>>>> >> Any hint about this?
>>
>>>>> >
>>
>>>>> > Maybe you hit similar issue to this one[1].
>>
>>>>> >
>>
>>>>> > Can you please share engine.log, while you hit search button?
>>
>>>>>
>>
>>>>> I'm also attaching the log at the time I hit the search button,
>>> but I'm
>>
>>>>> afraid there's no entry about that.
>>
>>>>>
>>
>>>>> Thanks.
>>
>>>>>
>>
>>>>> > [1] https [2]://bugzilla.redhat.com/show_bug.cgi?id=1356675
>>> [2]
>>
>>>>> >
>>
>>>>> >> Thanks
>>
>>>>> >> _______________________________________________
>>
>>>>> >> Users mailing list
>>
>>>>> >> Users at ovirt.org
>>
>>>>> >> http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/
>>> [3]users [3]
>>
>>>>
>>
>>>> _______________________________________________
>>
>>>> Users mailing list
>>
>>>> Users at ovirt.org
>>
>>>> http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/
>>> [3]users [3]
>>
>>> _______________________________________________
>>
>>> Users mailing list
>>
>>> Users at ovirt.org
>>
>>> http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/
>>> [3]users [3]
>>
>>>
>>
>>
>>
>> Links:
>> ------
>> [1] http://4.0.1.1
>> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1356675
>> [3] http://lists.ovirt.org/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list