Re: [ovirt-users] Unable to grant permissions to AD users
On Thu, Oct 5, 2017 at 10:13 PM, Michael Watters
wrote:
> I actually reran the ovirt-engine-extension-aaa-ldap-setup tool and was
> able to login and complete a search successfully but doing the same
> thing in the engine UI fails.
>
> Here's the configuration from the .properties file.
>
> include =
>
> vars.domain = example.com
> vars.user = ldapu...@example.com
> vars.password = password
>
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.password = ${global:vars.password}
> pool.default.serverset.type = srvrecord
> pool.default.serverset.srvrecord.domain = ${global:vars.domain}
> pool.default.ssl.startTLS = true
>
> engine logs show this error. Is this a bug? I don't remember entering
> a trailing space anywhere during setup.
>
Hmm, could you please try execute following commands with the same
username as you have used to login to webui?
ovirt-engine-extensions-tool aaa login-user --log-level=FINEST
--profile= --user-name=
ovirt-engine-extensions-tool aaa search --log-level=FINEST
--extension-name= --entity-name=
Thanks
>
> 2017-10-05 14:17:38,156-04 ERROR
> [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-354) []
> OAuthException server_error: java.text.ParseException: Invalid character
> ' ' encountered.
> 2017-10-05 14:20:03,229-04 ERROR
> [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-38) []
> OAuthException server_error: java.text.ParseException: Invalid character
> ' ' encountered.
> 2017-10-05 14:22:24,691-04 ERROR
> [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default
> task-185) [] The user usern...@example.com@example.com is not authorized
> to perform login
>
>
>
> On 10/05/2017 03:29 PM, Martin Perina wrote:
> > Hi,
> >
> > it seems that you have an error in your aaa-ldap configuration. Could you
> > please share your engine.log and your aaa-ldap configuration?
> >
> > Thanks
> >
> > Martin Perina
> >
> >
> > On Thu, Oct 5, 2017 at 9:08 PM, Michael Watters
> wrote:
> >
> >> I'm having some issues granting permissions to AD users in ovirt-engine
> >> 4.1. Users can log in but receive an error as below.
> >> The user u...@example.com@example.com is not authorized to perform
> login
> >>
> >> I am also not able to grant this user any permissions through the admin
> >> console. Entering a user name in the search field for the System
> >> Permissions section results in a blank list. Attached is a screenshot
> for
> >> reference.
> >>
> >> Does anybody have an idea on what would cause this? The log files
> aren't
> >> very useful and don't show any errors.
> >>
> >> ___
> >> Users mailing list
> >> Users@ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users
> >>
> >>
>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Unable to grant permissions to AD users
I actually reran the ovirt-engine-extension-aaa-ldap-setup tool and was
able to login and complete a search successfully but doing the same
thing in the engine UI fails.
Here's the configuration from the .properties file.
include =
vars.domain = example.com
vars.user = ldapu...@example.com
vars.password = password
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.ssl.startTLS = true
engine logs show this error. Is this a bug? I don't remember entering
a trailing space anywhere during setup.
2017-10-05 14:17:38,156-04 ERROR
[org.ovirt.engine.core.sso.utils.SsoUtils] (default task-354) []
OAuthException server_error: java.text.ParseException: Invalid character
' ' encountered.
2017-10-05 14:20:03,229-04 ERROR
[org.ovirt.engine.core.sso.utils.SsoUtils] (default task-38) []
OAuthException server_error: java.text.ParseException: Invalid character
' ' encountered.
2017-10-05 14:22:24,691-04 ERROR
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default
task-185) [] The user usern...@example.com@example.com is not authorized
to perform login
On 10/05/2017 03:29 PM, Martin Perina wrote:
> Hi,
>
> it seems that you have an error in your aaa-ldap configuration. Could you
> please share your engine.log and your aaa-ldap configuration?
>
> Thanks
>
> Martin Perina
>
>
> On Thu, Oct 5, 2017 at 9:08 PM, Michael Watters wrote:
>
>> I'm having some issues granting permissions to AD users in ovirt-engine
>> 4.1. Users can log in but receive an error as below.
>> The user u...@example.com@example.com is not authorized to perform login
>>
>> I am also not able to grant this user any permissions through the admin
>> console. Entering a user name in the search field for the System
>> Permissions section results in a blank list. Attached is a screenshot for
>> reference.
>>
>> Does anybody have an idea on what would cause this? The log files aren't
>> very useful and don't show any errors.
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Unable to grant permissions to AD users
Hi, it seems that you have an error in your aaa-ldap configuration. Could you please share your engine.log and your aaa-ldap configuration? Thanks Martin Perina On Thu, Oct 5, 2017 at 9:08 PM, Michael Watters wrote: > I'm having some issues granting permissions to AD users in ovirt-engine > 4.1. Users can log in but receive an error as below. > The user u...@example.com@example.com is not authorized to perform login > > I am also not able to grant this user any permissions through the admin > console. Entering a user name in the search field for the System > Permissions section results in a blank list. Attached is a screenshot for > reference. > > Does anybody have an idea on what would cause this? The log files aren't > very useful and don't show any errors. > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Unable to grant permissions to AD users
I'm having some issues granting permissions to AD users in ovirt-engine 4.1. Users can log in but receive an error as below. The user u...@example.com@example.com is not authorized to perform login I am also not able to grant this user any permissions through the admin console. Entering a user name in the search field for the System Permissions section results in a blank list. Attached is a screenshot for reference. Does anybody have an idea on what would cause this? The log files aren't very useful and don't show any errors. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
