[ovirt-users] external users problem

Mon Nov 7 08:34:39 UTC 2016

Hi, 

----- Le 4 Nov 16, à 18:22, Greg Sheremeta <gshereme at redhat.com> a écrit : 

> Sorry for the delay. Did anyone help out on this yet? If not, I can look now.

No problem. No evolution on this side, if you can take a look, it will be nice. 

Thank you. 

> Greg

> On Mon, Oct 24, 2016 at 8:52 AM, Martin Perina < mperina at redhat.com > wrote:

>> Alex/Greg, could you please take a look?

>> Thanks

>> Martin

>> On Mon, Oct 24, 2016 at 2:02 PM, Baptiste Agasse <
>> baptiste.agasse at lyra-network.com > wrote:

>>> Hi,

>>> ----- Le 24 Oct 16, à 11:25, Martin Perina < mperina at redhat.com > a écrit :

>>>> On Mon, Oct 24, 2016 at 11:18 AM, Baptiste Agasse <
>>>> baptiste.agasse at lyra-network.com > wrote:

>>>>> Hi Ondra,

>>>>> ----- Le 24 Oct 16, à 10:36, Ondra Machacek omachace at redhat.com a écrit :

>>>>> > On 10/21/2016 12:00 PM, Baptiste Agasse wrote:
>>>>> >> Hi all,

>>>>> >> We use ovirt 4.0.4 with FreeIPA as external provider. The external provider was
>>>>> >> configured via the 'ovirt-engine-extension-aaa-ldap-setup' command. The
>>>>> >> authentication works fine, but in the webui, when you go on the 'Active User
>>>>> >> Sessions', all users uuid is showed as '00000000-0000-0000-0000-000000000000'.
>>>>> >> Other problem, maybe related, when a user create a VM, by default a permission
>>>>> >> is created with the role of 'UserVmManager'. On the 'Permissions' pane, we see
>>>>> >> a line with no value for User, Authorization provider, Namespace. The only
>>>>> >> value set on this line is the role (UserVmManager in that case). When we try to
>>>>> >> remove this line, an exception occurs in the webui that prevent deletion of
>>>>> >> this line.

>>>>> > I've never see such issue with FreeIPA. Can you please share what's
>>>>> > your IPA version?

>>>>> > Can you also please share the log of error which occurs, when you try
>>>>> > to remove the permission?

>>>>> We have multiple ovirt envs, all ovirt version are the same as described, but
>>>>> FreeIPA servers are in different versions on these envs. We have one env with
>>>>> FreeIPA on CentOS 6 (ipa-server-3.0.0-42.el6.centos.x86_64) and the other on
>>>>> FreeIPA on CentOS 7 (ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64). The both
>>>>> envs have the same problem. On our envs, the role mapping in oVirt is done on
>>>>> user groups and not on individual users.

>>>>> For the permission problem, the problem only occurs when the VM is created via
>>>>> the user webui. Creating VM with API or admin webui is OK. When we try to
>>>>> remove the permission, an UI exception occurs and no logs on the engine.log
>>>>> side. I've attached screenshots and ui.log.

>>>> Unfortunately by default UI code is obfuscated, so we cannot find exact issue.
>>>> Could you please perform following steps and send us new ui.log?

>>>> 1. Install UI debug packages
>>>> yum install ovirt-engine-webadmin-portal-debuginfo
>>>> ovirt-engine-userportal-debuginfo

>>>> 2. Restart ovirt-engine
>>>> systemctl restart ovirt-engine

>>>> 3. Reproduce the error and share up-to-date ui.log with use

>>>> If needed more info about UI logs can be found at
>>>> http://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscated-ui/

>>> I've reproduced the error, see attached engine.log at VM creation time and the
>>> ui.log when trying to remove inconsistent permission.

>>> Thanks.

>>>> Thanks

>>>> Martin Perina
>>>> 

>>>>> >> This behavior is verified on all our oVirt environments (oVirt 4.0.4 + FreeIPA)

>>>>> >> Someone hit the same problem ?

>>>>> >> Have a nice day.

>>>>> >> Regards.

>>>>> Regards.

>>>>> --
>>>>> Baptiste AGASSE

>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users

>>> --
>>> Baptiste AGASSE

> --
> Greg Sheremeta, MBA
> Red Hat, Inc.
> Sr. Software Engineer
> gshereme at redhat.com

-- 
Baptiste AGASSE 
Lyra Network France, Senior GNU/Linux engineer 
109 Rue de l'innovation, 31670 Labège - France 
Phone: (+33)5.67.22.31.87 
Fax: (+33)5.67.22.31.61 
E-mail: baptiste.agasse at lyra-network.com 
Website: http://www.lyra-network.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161107/2b186e4b/attachment-0001.html>