[ovirt-users] external users problem

Martin Perina mperina at redhat.com
Mon Oct 24 09:25:52 UTC 2016 

On Mon, Oct 24, 2016 at 11:18 AM, Baptiste Agasse <
baptiste.agasse at lyra-network.com> wrote:

> Hi Ondra,
>
> ----- Le 24 Oct 16, à 10:36, Ondra Machacek omachace at redhat.com a écrit :
>
> > On 10/21/2016 12:00 PM, Baptiste Agasse wrote:
> >> Hi all,
> >>
> >> We use ovirt 4.0.4 with FreeIPA as external provider. The external
> provider was
> >> configured via the 'ovirt-engine-extension-aaa-ldap-setup' command. The
> >> authentication works fine, but in the webui, when you go on the 'Active
> User
> >> Sessions', all users uuid is showed as '00000000-0000-0000-0000-
> 000000000000'.
> >> Other problem, maybe related, when a user create a VM, by default a
> permission
> >> is created with the role of 'UserVmManager'. On the 'Permissions' pane,
> we see
> >> a line with no value for User, Authorization provider, Namespace. The
> only
> >> value set on this line is the role (UserVmManager in that case). When
> we try to
> >> remove this line, an exception occurs in the webui that prevent
> deletion of
> >> this line.
> >
> > I've never see such issue with FreeIPA. Can you please share what's
> > your IPA version?
> >
> > Can you also please share the log of error which occurs, when you try
> > to remove the permission?
>
> We have multiple ovirt envs, all ovirt version are the same as described,
> but FreeIPA servers are in different versions on these envs. We have one
> env with FreeIPA on CentOS 6 (ipa-server-3.0.0-42.el6.centos.x86_64) and
> the other on FreeIPA on CentOS 7 (ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64).
> The both envs have the same problem. On our envs, the role mapping in oVirt
> is done on user groups and not on individual users.
>
> For the permission problem, the problem only occurs when the VM is created
> via the user webui. Creating VM with API or admin webui is OK. When we try
> to remove the permission, an UI exception occurs and no logs on the
> engine.log side. I've attached screenshots and ui.log.
>

​Unfortunately by default UI code is obfuscated, so we cannot find exact
issue. Could you please perform following steps and send us new ui.log?

1. Install UI debug packages
      yum install ovirt-engine-webadmin-portal-debuginfo
ovirt-engine-userportal-debuginfo​


​2. Restart ovirt-engine
      systemctl restart ovirt-engine

3. Reproduce the error and share up-to-date ui.log with use

If needed more info about UI logs can be found at
http://www.ovirt.org/develop/developer-guide/engine/engine-debug-obfuscated-ui/

Thanks

Martin Perina
​


> >
> >>
> >> This behavior is verified on all our oVirt environments (oVirt 4.0.4 +
> FreeIPA)
> >>
> >> Someone hit the same problem ?
> >>
> >> Have a nice day.
> >>
> >> Regards.
>
> Regards.
>
> --
> Baptiste AGASSE
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161024/590ccc9d/attachment-0001.html>

More information about the Users mailing list