<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p dir="ltr"><br>
Den 24 mars 2016 3:06 em skrev Ondra Machacek <omachace@redhat.com>:<br>
><br>
> On 03/24/2016 03:02 PM, Karli Sjöberg wrote:<br>
> ><br>
> > Den 24 mars 2016 13:49 skrev Ondra Machacek <omachace@redhat.com>:<br>
> > ><br>
> > > Hi,<br>
> > ><br>
> > > if you remove user, then also permissions of that user to vms will be<br>
> > > removed.<br>
> > > And yes, you will have to add all those permissions back to users from<br>
> > > new profile.<br>
> > ><br>
> > > But, you can try migration tool[1], to migrate all users to new AAA<br>
> > profile.<br>
> > > If you have any problem with it, you can ask.<br>
> ><br>
> > Ehm, how do you install it? (el6)<br>
><br>
> yum install -y <br>
> https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases/download/ovirt-engine-kerbldap-migration-1.0.4/ovirt-engine-kerbldap-migration-1.0.4-1.el6ev.noarch.rpm</p>
<p dir="ltr">Awesome, thanks!</p>
<p dir="ltr">/K</p>
<p dir="ltr">><br>
> ><br>
> > /K<br>
> ><br>
> > ><br>
> > > Ondra<br>
> > ><br>
> > > [1]<br>
> > ><br>
> > https://github.com/machacekondra/ovirt-engine-kerbldap-migration/blob/master/README.md<br>
> > ><br>
> > > On 03/24/2016 01:06 PM, Will Dennis wrote:<br>
> > > > In the RHEV Admin Guide that Martin mentioned, it says:<br>
> > > ><br>
> > > > "Log in to the Administration Portal, and remove all users and<br>
> > groups related to the old profile. Users defined in the removed domain<br>
> > will no longer be able to authenticate with the Red Hat Enterprise<br>
> > Virtualization Manager. The entries for the affected users will remain<br>
> > defined in the Red Hat Enterprise Virtualization Manager until they are<br>
> > explicitly removed from the Administration Portal.”<br>
> > > ><br>
> > > > I have some VMs running under some AD domain users; if I remove the<br>
> > users from the system as above, will I need to remove them from the VM<br>
> > permissions, or is that cleaned up as well? And I guess I’ll need to<br>
> > manually re-add the perms back after the new directory config is in<br>
> > place? Please advise.<br>
> > > ><br>
> > > > Thanks,<br>
> > > > Will<br>
> > > ><br>
> > > > On Mar 21, 2016, at 4:29 AM, Martin Perina<br>
> > <mperina@redhat.com<mailto:mperina@redhat.com>> wrote:<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > On Mon, Mar 21, 2016 at 8:20 AM, Yedidyah Bar David<br>
> > <didi@redhat.com<mailto:didi@redhat.com>> wrote:<br>
> > > > On Mon, Mar 21, 2016 at 4:47 AM, Will Dennis<br>
> > <wdennis@nec-labs.com<mailto:wdennis@nec-labs.com>> wrote:<br>
> > > >> Hi all,<br>
> > > >><br>
> > > >> I have enabled Active Directory authentication for the users in<br>
> > oVirt (via engine-manage-domains command using --provider=ad) and,<br>
> > although it works, it takes about ~50 sec’s to process a login. I have<br>
> > other OSS software that utilizes AD auth, and there is no such lag when<br>
> > processing logins, so I’m guessing it’s a problem with the oVirt<br>
> > implementation… Any way to debug why the auth process is taking so long?<br>
> > > ><br>
> > > > This is an old, unmaintained component. You should use the new<br>
> > aaa-ldap one.<br>
> > > > Search the list archives for "aaa-ldap" and/or read the README file<br>
> > in the<br>
> > > > sources [1]. Best,<br>
> > > ><br>
> > > > [1]<br>
> > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README<br>
> > > ><br>
> > > > You could also take a look at RHEV 3.6 Administration Guide,<br>
> > chapter 13 Users and Roles [2]<br>
> > > > where you can find detailed steps for common configurations.<br>
> > > ><br>
> > > > Martin Perina<br>
> > > ><br>
> > > > [2]<br>
> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/chap-Users_and_Roles.html<br>
> > > > <br>
> > > ><br>
> > > ><br>
> > > >><br>
> > > >> Will<br>
> > > >> _______________________________________________<br>
> > > >> Users mailing list<br>
> > > >> Users@ovirt.org<mailto:Users@ovirt.org><br>
> > > >> http://lists.ovirt.org/mailman/listinfo/users<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > --<br>
> > > > Didi<br>
> > > > _______________________________________________<br>
> > > > Users mailing list<br>
> > > > Users@ovirt.org<mailto:Users@ovirt.org><br>
> > > > http://lists.ovirt.org/mailman/listinfo/users<br>
> > > ><br>
> > > ><br>
> > > > _______________________________________________<br>
> > > > Users mailing list<br>
> > > > Users@ovirt.org<br>
> > > > http://lists.ovirt.org/mailman/listinfo/users<br>
> > > ><br>
> > > _______________________________________________<br>
> > > Users mailing list<br>
> > > Users@ovirt.org<br>
> > > http://lists.ovirt.org/mailman/listinfo/users<br>
> ><br>
</p>
</body>
</html>