[ovirt-users] Active Directory (LDAP) user auth is slow

Karli Sjöberg karli.sjoberg at slu.se
Thu Mar 24 14:34:12 UTC 2016 

Den 24 mars 2016 3:06 em skrev Ondra Machacek <omachace at redhat.com>:
>
> On 03/24/2016 03:02 PM, Karli Sjöberg wrote:
> >
> > Den 24 mars 2016 13:49 skrev Ondra Machacek <omachace at redhat.com>:
> >  >
> >  > Hi,
> >  >
> >  > if you remove user, then also permissions of that user to vms will be
> >  > removed.
> >  > And yes, you will have to add all those permissions back to users from
> >  > new profile.
> >  >
> >  > But, you can try migration tool[1], to migrate all users to new AAA
> > profile.
> >  > If you have any problem with it, you can ask.
> >
> > Ehm, how do you install it? (el6)
>
> yum install -y
> https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases/download/ovirt-engine-kerbldap-migration-1.0.4/ovirt-engine-kerbldap-migration-1.0.4-1.el6ev.noarch.rpm

Awesome, thanks!

/K

>
> >
> > /K
> >
> >  >
> >  > Ondra
> >  >
> >  > [1]
> >  >
> > https://github.com/machacekondra/ovirt-engine-kerbldap-migration/blob/master/README.md
> >  >
> >  > On 03/24/2016 01:06 PM, Will Dennis wrote:
> >  > > In the RHEV Admin Guide that Martin mentioned, it says:
> >  > >
> >  > > "Log in to the Administration Portal, and remove all users and
> > groups related to the old profile. Users defined in the removed domain
> > will no longer be able to authenticate with the Red Hat Enterprise
> > Virtualization Manager. The entries for the affected users will remain
> > defined in the Red Hat Enterprise Virtualization Manager until they are
> > explicitly removed from the Administration Portal.”
> >  > >
> >  > > I have some VMs running under some AD domain users; if I remove the
> > users from the system as above, will I need to remove them from the VM
> > permissions, or is that cleaned up as well? And I guess I’ll need to
> > manually re-add the perms back after the new directory config is in
> > place? Please advise.
> >  > >
> >  > > Thanks,
> >  > > Will
> >  > >
> >  > > On Mar 21, 2016, at 4:29 AM, Martin Perina
> > <mperina at redhat.com<mailto:mperina at redhat.com>> wrote:
> >  > >
> >  > >
> >  > >
> >  > > On Mon, Mar 21, 2016 at 8:20 AM, Yedidyah Bar David
> > <didi at redhat.com<mailto:didi at redhat.com>> wrote:
> >  > > On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis
> > <wdennis at nec-labs.com<mailto:wdennis at nec-labs.com>> wrote:
> >  > >> Hi all,
> >  > >>
> >  > >> I have enabled Active Directory authentication for the users in
> > oVirt (via engine-manage-domains command using --provider=ad) and,
> > although it works, it takes about ~50 sec’s to process a login. I have
> > other OSS software that utilizes AD auth, and there is no such lag when
> > processing logins, so I’m guessing it’s a problem with the oVirt
> > implementation… Any way to debug why the auth process is taking so long?
> >  > >
> >  > > This is an old, unmaintained component. You should use the new
> > aaa-ldap one.
> >  > > Search the list archives for "aaa-ldap" and/or read the README file
> > in the
> >  > > sources [1]. Best,
> >  > >
> >  > > [1]
> > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README
> >  > >
> >  > > ​You could also take a look at RHEV 3.6 Administration Guide,
> > chapter 13 Users and Roles [2]
> >  > > where you can find detailed steps for common configurations.
> >  > >
> >  > > Martin Perina
> >  > >
> >  > > [2]
> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/chap-Users_and_Roles.html
> >  > > ​
> >  > >
> >  > >
> >  > >>
> >  > >> Will
> >  > >> _______________________________________________
> >  > >> Users mailing list
> >  > >> Users at ovirt.org<mailto:Users at ovirt.org>
> >  > >> http://lists.ovirt.org/mailman/listinfo/users
> >  > >
> >  > >
> >  > >
> >  > > --
> >  > > Didi
> >  > > _______________________________________________
> >  > > Users mailing list
> >  > > Users at ovirt.org<mailto:Users at ovirt.org>
> >  > > http://lists.ovirt.org/mailman/listinfo/users
> >  > >
> >  > >
> >  > > _______________________________________________
> >  > > Users mailing list
> >  > > Users at ovirt.org
> >  > > http://lists.ovirt.org/mailman/listinfo/users
> >  > >
> >  > _______________________________________________
> >  > Users mailing list
> >  > Users at ovirt.org
> >  > http://lists.ovirt.org/mailman/listinfo/users
> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160324/ec6b89ec/attachment-0001.html>

More information about the Users mailing list