[ovirt-users] Active Directory (LDAP) user auth is slow

Will Dennis wdennis at nec-labs.com
Thu Mar 24 15:19:14 UTC 2016 

No worries...

I only had a few VMs to re-assign, so I did it manually...

-----Original Message-----
From: Karli Sjöberg [mailto:karli.sjoberg at slu.se] 
Sent: Thursday, March 24, 2016 11:13 AM
To: Ondra Machacek
Cc: Martin Perina; Will Dennis; users
Subject: SV: [ovirt-users] Active Directory (LDAP) user auth is slow

Sorry about the thread-breakage, OWA...
________________________________________
Från: Ondra Machacek <omachace at redhat.com>
Skickat: den 24 mars 2016 15:08
Till: Karli Sjöberg
Kopia: Martin Perina; Will Dennis; users
Ämne: Re: [ovirt-users] Active Directory (LDAP) user auth is slow

On 03/24/2016 03:02 PM, Karli Sjöberg wrote:
>
> Den 24 mars 2016 13:49 skrev Ondra Machacek <omachace at redhat.com>:
>  >
>  > Hi,
>  >
>  > if you remove user, then also permissions of that user to vms will 
> be  > removed.
>  > And yes, you will have to add all those permissions back to users 
> from  > new profile.
>  >
>  > But, you can try migration tool[1], to migrate all users to new AAA 
> profile.
>  > If you have any problem with it, you can ask.
>
> Ehm, how do you install it? (el6)

yum install -y
https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases/download/ovirt-engine-kerbldap-migration-1.0.4/ovirt-engine-kerbldap-migration-1.0.4-1.el6ev.noarch.rpm

That worked, plus the migration, but can´t log in since our domain is called like 'baz.foo.bar' but our users´s userPrincipalName are just 'user at foo.bar'. How do you configure that with aaa?

/K

>
> /K
>
>  >
>  > Ondra
>  >
>  > [1]
>  >
> https://github.com/machacekondra/ovirt-engine-kerbldap-migration/blob/
> master/README.md
>  >
>  > On 03/24/2016 01:06 PM, Will Dennis wrote:
>  > > In the RHEV Admin Guide that Martin mentioned, it says:
>  > >
>  > > "Log in to the Administration Portal, and remove all users and 
> groups related to the old profile. Users defined in the removed domain 
> will no longer be able to authenticate with the Red Hat Enterprise 
> Virtualization Manager. The entries for the affected users will remain 
> defined in the Red Hat Enterprise Virtualization Manager until they 
> are explicitly removed from the Administration Portal.”
>  > >
>  > > I have some VMs running under some AD domain users; if I remove 
> the users from the system as above, will I need to remove them from 
> the VM permissions, or is that cleaned up as well? And I guess I’ll 
> need to manually re-add the perms back after the new directory config 
> is in place? Please advise.
>  > >
>  > > Thanks,
>  > > Will
>  > >
>  > > On Mar 21, 2016, at 4:29 AM, Martin Perina 
> <mperina at redhat.com<mailto:mperina at redhat.com>> wrote:
>  > >
>  > >
>  > >
>  > > On Mon, Mar 21, 2016 at 8:20 AM, Yedidyah Bar David 
> <didi at redhat.com<mailto:didi at redhat.com>> wrote:
>  > > On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis 
> <wdennis at nec-labs.com<mailto:wdennis at nec-labs.com>> wrote:
>  > >> Hi all,
>  > >>
>  > >> I have enabled Active Directory authentication for the users in 
> oVirt (via engine-manage-domains command using --provider=ad) and, 
> although it works, it takes about ~50 sec’s to process a login. I have 
> other OSS software that utilizes AD auth, and there is no such lag 
> when processing logins, so I’m guessing it’s a problem with the oVirt 
> implementation… Any way to debug why the auth process is taking so long?
>  > >
>  > > This is an old, unmaintained component. You should use the new 
> aaa-ldap one.
>  > > Search the list archives for "aaa-ldap" and/or read the README 
> file in the  > > sources [1]. Best,  > >  > > [1] 
> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;
> a=blob;f=README
>  > >
>  > > ​You could also take a look at RHEV 3.6 Administration Guide, 
> chapter 13 Users and Roles [2]  > > where you can find detailed steps 
> for common configurations.
>  > >
>  > > Martin Perina
>  > >
>  > > [2]
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtu
> alization/3.6/html/Administration_Guide/chap-Users_and_Roles.html
>  > > ​
>  > >
>  > >
>  > >>
>  > >> Will
>  > >> _______________________________________________
>  > >> Users mailing list
>  > >> Users at ovirt.org<mailto:Users at ovirt.org>
>  > >> http://lists.ovirt.org/mailman/listinfo/users
>  > >
>  > >
>  > >
>  > > --
>  > > Didi
>  > > _______________________________________________
>  > > Users mailing list
>  > > Users at ovirt.org<mailto:Users at ovirt.org>
>  > > http://lists.ovirt.org/mailman/listinfo/users
>  > >
>  > >
>  > > _______________________________________________
>  > > Users mailing list
>  > > Users at ovirt.org
>  > > http://lists.ovirt.org/mailman/listinfo/users
>  > >
>  > _______________________________________________
>  > Users mailing list
>  > Users at ovirt.org
>  > http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list