[ovirt-users] Active Directory (LDAP) user auth is slow
Ondra Machacek
omachace at redhat.com
Thu Mar 24 14:08:10 UTC 2016
On 03/24/2016 03:02 PM, Karli Sjöberg wrote:
>
> Den 24 mars 2016 13:49 skrev Ondra Machacek <omachace at redhat.com>:
> >
> > Hi,
> >
> > if you remove user, then also permissions of that user to vms will be
> > removed.
> > And yes, you will have to add all those permissions back to users from
> > new profile.
> >
> > But, you can try migration tool[1], to migrate all users to new AAA
> profile.
> > If you have any problem with it, you can ask.
>
> Ehm, how do you install it? (el6)
yum install -y
https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases/download/ovirt-engine-kerbldap-migration-1.0.4/ovirt-engine-kerbldap-migration-1.0.4-1.el6ev.noarch.rpm
>
> /K
>
> >
> > Ondra
> >
> > [1]
> >
> https://github.com/machacekondra/ovirt-engine-kerbldap-migration/blob/master/README.md
> >
> > On 03/24/2016 01:06 PM, Will Dennis wrote:
> > > In the RHEV Admin Guide that Martin mentioned, it says:
> > >
> > > "Log in to the Administration Portal, and remove all users and
> groups related to the old profile. Users defined in the removed domain
> will no longer be able to authenticate with the Red Hat Enterprise
> Virtualization Manager. The entries for the affected users will remain
> defined in the Red Hat Enterprise Virtualization Manager until they are
> explicitly removed from the Administration Portal.”
> > >
> > > I have some VMs running under some AD domain users; if I remove the
> users from the system as above, will I need to remove them from the VM
> permissions, or is that cleaned up as well? And I guess I’ll need to
> manually re-add the perms back after the new directory config is in
> place? Please advise.
> > >
> > > Thanks,
> > > Will
> > >
> > > On Mar 21, 2016, at 4:29 AM, Martin Perina
> <mperina at redhat.com<mailto:mperina at redhat.com>> wrote:
> > >
> > >
> > >
> > > On Mon, Mar 21, 2016 at 8:20 AM, Yedidyah Bar David
> <didi at redhat.com<mailto:didi at redhat.com>> wrote:
> > > On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis
> <wdennis at nec-labs.com<mailto:wdennis at nec-labs.com>> wrote:
> > >> Hi all,
> > >>
> > >> I have enabled Active Directory authentication for the users in
> oVirt (via engine-manage-domains command using --provider=ad) and,
> although it works, it takes about ~50 sec’s to process a login. I have
> other OSS software that utilizes AD auth, and there is no such lag when
> processing logins, so I’m guessing it’s a problem with the oVirt
> implementation… Any way to debug why the auth process is taking so long?
> > >
> > > This is an old, unmaintained component. You should use the new
> aaa-ldap one.
> > > Search the list archives for "aaa-ldap" and/or read the README file
> in the
> > > sources [1]. Best,
> > >
> > > [1]
> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README
> > >
> > > You could also take a look at RHEV 3.6 Administration Guide,
> chapter 13 Users and Roles [2]
> > > where you can find detailed steps for common configurations.
> > >
> > > Martin Perina
> > >
> > > [2]
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/chap-Users_and_Roles.html
> > >
> > >
> > >
> > >>
> > >> Will
> > >> _______________________________________________
> > >> Users mailing list
> > >> Users at ovirt.org<mailto:Users at ovirt.org>
> > >> http://lists.ovirt.org/mailman/listinfo/users
> > >
> > >
> > >
> > > --
> > > Didi
> > > _______________________________________________
> > > Users mailing list
> > > Users at ovirt.org<mailto:Users at ovirt.org>
> > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list