subject:"\[ovirt\-users\] Re\: How to create new users other than admin"

[ovirt-users] Re: How to create new users other than admin

2021-05-20 Thread Yedidyah Bar David

On Thu, May 20, 2021 at 10:05 AM  wrote:
>
> Thank you so much..I was a bit confused about this but now I have 
> successfully added the users.
> However, I am still having trouble assigning login permit for these users. I 
> get the error- The user @internal is not authorized to perform login.
>
> I can only bypass this by assigning some kind of admin roles which we do not 
> wish to have in our setup.
>
> Is there a specific user permission that must be added to permit login? I 
> have already tried creating a custom role with Login permission but that 
> doesn't work.
> https://postimg.cc/4m8YhV6Z

Any user can login to the VM portal.

Only users that have at least one admin role can login to the admin portal.

You can create a custom admin role and not give it any other
permissions (other than login), then give it to the user you created -
I think this should be enough.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/OYZH5AFOV7KDTAUFIDVZVKQA4GUBIWX5/

[ovirt-users] Re: How to create new users other than admin

2021-05-20 Thread gaurav . gohan

Thank you so much..I was a bit confused about this but now I have successfully 
added the users.
However, I am still having trouble assigning login permit for these users. I 
get the error- The user @internal is not authorized to perform login.

I can only bypass this by assigning some kind of admin roles which we do not 
wish to have in our setup.

Is there a specific user permission that must be added to permit login? I have 
already tried creating a custom role with Login permission but that doesn't 
work.
https://postimg.cc/4m8YhV6Z
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GNS4WR7YKYDO6YRFCXQMUPFZWDS54P7S/

[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread Yedidyah Bar David

On Thu, May 20, 2021 at 8:10 AM  wrote:
>
> Thank you Martin, I tried as you suggested and ran the "ovirt-aaa-jdbc-tool 
> user add" command on the hosted engine server, but got the following error: 
> /usr/bin/ovirt-aaa-jdbc-tool: line 3: 
> /usr/share/ovirt-engine-extension-aaa-jdbc/bin/../../ovirt-engine/bin/engine-prolog.sh:
>  No such file or directory
>
> At first I thought the package doesn't exist, and so I installed it using - 
> yum install ovirt-engine-extension-aaa-jdbc
> https://ovirt.org/documentation/administration_guide/index.html#sect-Configuring_an_External_LDAP_Provider
>
> But I continue to receive this same error.

You should do this on the engine machine (VM), not on a host.

You should not need to install this tool on a host, and on the engine
you should already have it.

Best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6IQAIWAACCYI6IC2EAUP762RCMACAQSA/

[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread gaurav . gohan

Thank you Martin, I tried as you suggested and ran the "ovirt-aaa-jdbc-tool 
user add" command on the hosted engine server, but got the following error: 
/usr/bin/ovirt-aaa-jdbc-tool: line 3: 
/usr/share/ovirt-engine-extension-aaa-jdbc/bin/../../ovirt-engine/bin/engine-prolog.sh:
 No such file or directory

At first I thought the package doesn't exist, and so I installed it using - yum 
install ovirt-engine-extension-aaa-jdbc
https://ovirt.org/documentation/administration_guide/index.html#sect-Configuring_an_External_LDAP_Provider

But I continue to receive this same error.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/N4HQPUQITXCHKAENRILNZAJDTUZPFGT2/

[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread Klaas Demter

Oh damn yeah,  I only use it to register users that already exist in AD, 
nvm the noise --- sorry :)



Greets

Klaas



On 5/19/21 3:24 PM, Martin Perina wrote:



On Wed, May 19, 2021 at 2:05 PM Klaas Demter > wrote:


Hi,

I would recommend to use ansible, that way you can have your
configuration as code.


https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_user_module.html#ansible-collections-ovirt-ovirt-ovirt-user-module




This only registers existing user provided by aaa-ldap or aaa-jdbc 
into oVirt Engine, it cannot create new user.



Greetings

Klaas


On 5/19/21 1:01 PM, Martin Perina wrote:

Hi,

ovirt-engine-extension-aaa-jdbc package is installed
automatically as a part of oVirt Engine, so in order to use it,
you need to SSH to oVirt Engine host/VM and execute
ovirt-aaa-jdbc-tool locally:


https://www.ovirt.org/documentation/administration_guide/index.html#sect-Administering_User_Tasks_From_the_commandline



Anyway aaa-jdbc extension is useful mostl for small installations
within organizations which don't have their users/groups provided
on LDAP server. If your organization has LDAP server, then I
suggest to use aaa-ldap extension:


https://www.ovirt.org/documentation/administration_guide/index.html#Introduction_to_Directory_Servers



Regards,
Martin


On Wed, May 19, 2021 at 12:30 PM mailto:gaurav.go...@gmail.com>> wrote:

Thank you Lucie,

So if I understand correctly, we need to install the AAA JDBC
tool as an additional package on the server running the
hosted engine?

The link you sent me suggests that we have to run
engine-setup? What exactly does this mean and seems rather
complicated for adding a new user.

Anyways, I ran the command "ovirt-hosted-engine-setup" after
googling a bit and it prompted me to create a new VM with
hosted engine. I followed through by providing a FQDN from
our DNS server. However, this procedure failed to create the VM.

Am I doing something wrong? Could you please elaborate what
would be the right steps here?

Thank you
___
Users mailing list -- users@ovirt.org 
To unsubscribe send an email to users-le...@ovirt.org

Privacy Statement: https://www.ovirt.org/privacy-policy.html

oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/

List Archives:

https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJPSVIKAEEUQY4D4PYJYV/





-- 
Martin Perina

Manager, Software Engineering
Red Hat Czech s.r.o.

___
Users mailing list --users@ovirt.org  
To unsubscribe send an email tousers-le...@ovirt.org  

Privacy Statement:https://www.ovirt.org/privacy-policy.html  

oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/ 
 
List 
Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV3ZQ3AQ7DSMVFXF744UVGC/
  


___
Users mailing list -- users@ovirt.org 
To unsubscribe send an email to users-le...@ovirt.org

Privacy Statement: https://www.ovirt.org/privacy-policy.html

oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/

List Archives:

https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLHZCOPAQP3TFAYLDBS5J54DRUDVOQDI/





--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -

[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread Edward Berger

 For specific users local to the ovirt engine
https://ovirt.org/documentation/administration_guide/index.html#sect-Administering_User_Tasks_From_the_commandline
OK for an emergency admin user or perhaps external system user, but this
doesn't scale very well.

But generally you might want to setup LDAP logins with
https://ovirt.org/documentation/administration_guide/index.html#sect-Configuring_an_External_LDAP_Provider
and manage users externally across multiple machines.

On Wed, May 19, 2021 at 5:59 AM  wrote:

> Hello everyone, I am new to ovirt and would like to apologise if this has
> been asked before.
> When I created a cluster of ovirt 4.3, I was presented with the option of
> creating an admin user.
> However, we would like to assign different login credentials for our
> employees with different set of rules.
>
> I was able to view the users menu under the Administration > Users.
> Currently we only have an admin user with internal-authz. When clicking on
> the add button, I only see "internal-authz" and "*" under namespace.
> Clicking on Go button simply shows admin user again.
>
> I created a new role under the Administration > Configure > Roles,
> however, there is no option to add new user anywhere.
>
> Can you please point me to the right steps for adding new users?
>
> Thanks
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/E7GHE4DRMTWWJJYGOQD4B6GPOKIJLVBT/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/Z2JVYBVGNXMJD3ZG35M3KWKIFOI3WTFW/

[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread Martin Perina

On Wed, May 19, 2021 at 2:05 PM Klaas Demter  wrote:

> Hi,
>
> I would recommend to use ansible, that way you can have your configuration
> as code.
>
>
> https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_user_module.html#ansible-collections-ovirt-ovirt-ovirt-user-module
>

This only registers existing user provided by aaa-ldap or aaa-jdbc into
oVirt Engine, it cannot create new user.

>
> Greetings
>
> Klaas
>
>
> On 5/19/21 1:01 PM, Martin Perina wrote:
>
> Hi,
>
> ovirt-engine-extension-aaa-jdbc package is installed automatically as a
> part of oVirt Engine, so in order to use it, you need to SSH to oVirt
> Engine host/VM and execute ovirt-aaa-jdbc-tool locally:
>
>
> https://www.ovirt.org/documentation/administration_guide/index.html#sect-Administering_User_Tasks_From_the_commandline
>
> Anyway aaa-jdbc extension is useful mostl for small installations within
> organizations which don't have their users/groups provided on LDAP server.
> If your organization has LDAP server, then I suggest to use aaa-ldap
> extension:
>
>
> https://www.ovirt.org/documentation/administration_guide/index.html#Introduction_to_Directory_Servers
>
> Regards,
> Martin
>
>
> On Wed, May 19, 2021 at 12:30 PM  wrote:
>
>> Thank you Lucie,
>>
>> So if I understand correctly, we need to install the AAA JDBC tool as an
>> additional package on the server running the hosted engine?
>>
>> The link you sent me suggests that we have to run engine-setup? What
>> exactly does this mean and seems rather complicated for adding a new user.
>>
>> Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a
>> bit and it prompted me to create a new VM with hosted engine. I followed
>> through by providing a FQDN from our DNS server. However, this procedure
>> failed to create the VM.
>>
>> Am I doing something wrong? Could you please elaborate what would be the
>> right steps here?
>>
>> Thank you
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJPSVIKAEEUQY4D4PYJYV/
>>
>
>
> --
> Martin Perina
> Manager, Software Engineering
> Red Hat Czech s.r.o.
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV3ZQ3AQ7DSMVFXF744UVGC/
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLHZCOPAQP3TFAYLDBS5J54DRUDVOQDI/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QBFRP4CL2TJMU5LZ5GE52QX7T7NH7IQZ/

[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread Klaas Demter


Hi,

I would recommend to use ansible, that way you can have your 
configuration as code.


https://docs.ansible.com/ansible/latest/collections/ovirt/ovirt/ovirt_user_module.html#ansible-collections-ovirt-ovirt-ovirt-user-module


Greetings

Klaas


On 5/19/21 1:01 PM, Martin Perina wrote:

Hi,

ovirt-engine-extension-aaa-jdbc package is installed automatically as 
a part of oVirt Engine, so in order to use it, you need to SSH to 
oVirt Engine host/VM and execute ovirt-aaa-jdbc-tool locally:


https://www.ovirt.org/documentation/administration_guide/index.html#sect-Administering_User_Tasks_From_the_commandline 



Anyway aaa-jdbc extension is useful mostl for small installations 
within organizations which don't have their users/groups provided on 
LDAP server. If your organization has LDAP server, then I suggest to 
use aaa-ldap extension:


https://www.ovirt.org/documentation/administration_guide/index.html#Introduction_to_Directory_Servers 



Regards,
Martin


On Wed, May 19, 2021 at 12:30 PM > wrote:


Thank you Lucie,

So if I understand correctly, we need to install the AAA JDBC tool
as an additional package on the server running the hosted engine?

The link you sent me suggests that we have to run engine-setup?
What exactly does this mean and seems rather complicated for
adding a new user.

Anyways, I ran the command "ovirt-hosted-engine-setup" after
googling a bit and it prompted me to create a new VM with hosted
engine. I followed through by providing a FQDN from our DNS
server. However, this procedure failed to create the VM.

Am I doing something wrong? Could you please elaborate what would
be the right steps here?

Thank you
___
Users mailing list -- users@ovirt.org 
To unsubscribe send an email to users-le...@ovirt.org

Privacy Statement: https://www.ovirt.org/privacy-policy.html

oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/

List Archives:

https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJPSVIKAEEUQY4D4PYJYV/





--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV3ZQ3AQ7DSMVFXF744UVGC/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CLHZCOPAQP3TFAYLDBS5J54DRUDVOQDI/

[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread Martin Perina

Hi,

ovirt-engine-extension-aaa-jdbc package is installed automatically as a
part of oVirt Engine, so in order to use it, you need to SSH to oVirt
Engine host/VM and execute ovirt-aaa-jdbc-tool locally:

https://www.ovirt.org/documentation/administration_guide/index.html#sect-Administering_User_Tasks_From_the_commandline

Anyway aaa-jdbc extension is useful mostl for small installations within
organizations which don't have their users/groups provided on LDAP server.
If your organization has LDAP server, then I suggest to use aaa-ldap
extension:

https://www.ovirt.org/documentation/administration_guide/index.html#Introduction_to_Directory_Servers

Regards,
Martin


On Wed, May 19, 2021 at 12:30 PM  wrote:

> Thank you Lucie,
>
> So if I understand correctly, we need to install the AAA JDBC tool as an
> additional package on the server running the hosted engine?
>
> The link you sent me suggests that we have to run engine-setup? What
> exactly does this mean and seems rather complicated for adding a new user.
>
> Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a
> bit and it prompted me to create a new VM with hosted engine. I followed
> through by providing a FQDN from our DNS server. However, this procedure
> failed to create the VM.
>
> Am I doing something wrong? Could you please elaborate what would be the
> right steps here?
>
> Thank you
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJPSVIKAEEUQY4D4PYJYV/
>


-- 
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/UPKFCVTLZEV3ZQ3AQ7DSMVFXF744UVGC/

[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread gaurav . gohan

Thank you Lucie,

So if I understand correctly, we need to install the AAA JDBC tool as an 
additional package on the server running the hosted engine?

The link you sent me suggests that we have to run engine-setup? What exactly 
does this mean and seems rather complicated for adding a new user.

Anyways, I ran the command "ovirt-hosted-engine-setup" after googling a bit and 
it prompted me to create a new VM with hosted engine. I followed through by 
providing a FQDN from our DNS server. However, this procedure failed to create 
the VM.

Am I doing something wrong? Could you please elaborate what would be the right 
steps here?

Thank you
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3PSOYTK7PWUUJPSVIKAEEUQY4D4PYJYV/

[ovirt-users] Re: How to create new users other than admin

2021-05-19 Thread Lucie Leistnerova

Hello,

engine itself doesn't manage users directly, it just connects to
different user directories. Admin is created in internal profile, that
is specifically created for engine.

You can manage internal users with AAA JDBC tool.
See
https://www.ovirt.org/develop/release-management/features/infra/aaa-jdbc.html

On 5/19/21 11:55 AM, gaurav.go...@gmail.com wrote:

Hello everyone, I am new to ovirt and would like to apologise if this has been
asked before.
When I created a cluster of ovirt 4.3, I was presented with the option of
creating an admin user.
However, we would like to assign different login credentials for our employees
with different set of rules.

I was able to view the users menu under the Administration > Users.
Currently we only have an admin user with internal-authz. When clicking on the add button, I only
see "internal-authz" and "*" under namespace.
Clicking on Go button simply shows admin user again.

I created a new role under the Administration > Configure > Roles, however,
there is no option to add new user anywhere.

Can you please point me to the right steps for adding new users?

Thanks
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/E7GHE4DRMTWWJJYGOQD4B6GPOKIJLVBT/

Best regards,
--

Lucie Leistnerova
Associate Manager, Quality Engineering, RHV - QE Core & Tools
GChat: lleistne @ Virtualization

Red Hat EMEA
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2IWZYHS2G55BAQWG5JY5KVDRKSL67QHY/

[ovirt-users] Re: How to create new users other than admin

[ovirt-users] Re: How to create new users other than admin

[ovirt-users] Re: How to create new users other than admin

[ovirt-users] Re: How to create new users other than admin

[ovirt-users] Re: How to create new users other than admin

[ovirt-users] Re: How to create new users other than admin

[ovirt-users] Re: How to create new users other than admin

[ovirt-users] Re: How to create new users other than admin

[ovirt-users] Re: How to create new users other than admin

[ovirt-users] Re: How to create new users other than admin

[ovirt-users] Re: How to create new users other than admin

11 matches

Site Navigation

Mail list logo

Footer information