[ovirt-users] external users problem
Baptiste Agasse
baptiste.agasse at lyra-network.com
Mon Oct 24 09:18:52 UTC 2016
Hi Ondra,
----- Le 24 Oct 16, à 10:36, Ondra Machacek omachace at redhat.com a écrit :
> On 10/21/2016 12:00 PM, Baptiste Agasse wrote:
>> Hi all,
>>
>> We use ovirt 4.0.4 with FreeIPA as external provider. The external provider was
>> configured via the 'ovirt-engine-extension-aaa-ldap-setup' command. The
>> authentication works fine, but in the webui, when you go on the 'Active User
>> Sessions', all users uuid is showed as '00000000-0000-0000-0000-000000000000'.
>> Other problem, maybe related, when a user create a VM, by default a permission
>> is created with the role of 'UserVmManager'. On the 'Permissions' pane, we see
>> a line with no value for User, Authorization provider, Namespace. The only
>> value set on this line is the role (UserVmManager in that case). When we try to
>> remove this line, an exception occurs in the webui that prevent deletion of
>> this line.
>
> I've never see such issue with FreeIPA. Can you please share what's
> your IPA version?
>
> Can you also please share the log of error which occurs, when you try
> to remove the permission?
We have multiple ovirt envs, all ovirt version are the same as described, but FreeIPA servers are in different versions on these envs. We have one env with FreeIPA on CentOS 6 (ipa-server-3.0.0-42.el6.centos.x86_64) and the other on FreeIPA on CentOS 7 (ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64). The both envs have the same problem. On our envs, the role mapping in oVirt is done on user groups and not on individual users.
For the permission problem, the problem only occurs when the VM is created via the user webui. Creating VM with API or admin webui is OK. When we try to remove the permission, an UI exception occurs and no logs on the engine.log side. I've attached screenshots and ui.log.
>
>>
>> This behavior is verified on all our oVirt environments (oVirt 4.0.4 + FreeIPA)
>>
>> Someone hit the same problem ?
>>
>> Have a nice day.
>>
>> Regards.
Regards.
--
Baptiste AGASSE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ui.log
Type: text/x-log
Size: 2850 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161024/373845c7/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: active-user-sessions.png
Type: image/png
Size: 31191 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161024/373845c7/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: permission-remove-ui-exception.png
Type: image/png
Size: 109814 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161024/373845c7/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: permissions-list.png
Type: image/png
Size: 51310 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161024/373845c7/attachment-0005.png>
More information about the Users
mailing list