Re: [ovirt-users] Unable to grant permissions to AD users
On Thu, Oct 5, 2017 at 10:13 PM, Michael Watters wrote: > I actually reran the ovirt-engine-extension-aaa-ldap-setup tool and was > able to login and complete a search successfully but doing the same > thing in the engine UI fails. > > Here's the configuration from the .properties file. > > include = > > vars.domain = example.com > vars.user = ldapu...@example.com > vars.password = password > > pool.default.auth.simple.bindDN = ${global:vars.user} > pool.default.auth.simple.password = ${global:vars.password} > pool.default.serverset.type = srvrecord > pool.default.serverset.srvrecord.domain = ${global:vars.domain} > pool.default.ssl.startTLS = true > > engine logs show this error. Is this a bug? I don't remember entering > a trailing space anywhere during setup. > Hmm, could you please try execute following commands with the same username as you have used to login to webui? ovirt-engine-extensions-tool aaa login-user --log-level=FINEST --profile= --user-name= ovirt-engine-extensions-tool aaa search --log-level=FINEST --extension-name= --entity-name= Thanks > > 2017-10-05 14:17:38,156-04 ERROR > [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-354) [] > OAuthException server_error: java.text.ParseException: Invalid character > ' ' encountered. > 2017-10-05 14:20:03,229-04 ERROR > [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-38) [] > OAuthException server_error: java.text.ParseException: Invalid character > ' ' encountered. > 2017-10-05 14:22:24,691-04 ERROR > [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default > task-185) [] The user usern...@example.com@example.com is not authorized > to perform login > > > > On 10/05/2017 03:29 PM, Martin Perina wrote: > > Hi, > > > > it seems that you have an error in your aaa-ldap configuration. Could you > > please share your engine.log and your aaa-ldap configuration? > > > > Thanks > > > > Martin Perina > > > > > > On Thu, Oct 5, 2017 at 9:08 PM, Michael Watters > wrote: > > > >> I'm having some issues granting permissions to AD users in ovirt-engine > >> 4.1. Users can log in but receive an error as below. > >> The user u...@example.com@example.com is not authorized to perform > login > >> > >> I am also not able to grant this user any permissions through the admin > >> console. Entering a user name in the search field for the System > >> Permissions section results in a blank list. Attached is a screenshot > for > >> reference. > >> > >> Does anybody have an idea on what would cause this? The log files > aren't > >> very useful and don't show any errors. > >> > >> ___ > >> Users mailing list > >> Users@ovirt.org > >> http://lists.ovirt.org/mailman/listinfo/users > >> > >> > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Unable to grant permissions to AD users
I actually reran the ovirt-engine-extension-aaa-ldap-setup tool and was able to login and complete a search successfully but doing the same thing in the engine UI fails. Here's the configuration from the .properties file. include = vars.domain = example.com vars.user = ldapu...@example.com vars.password = password pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} pool.default.ssl.startTLS = true engine logs show this error. Is this a bug? I don't remember entering a trailing space anywhere during setup. 2017-10-05 14:17:38,156-04 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-354) [] OAuthException server_error: java.text.ParseException: Invalid character ' ' encountered. 2017-10-05 14:20:03,229-04 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-38) [] OAuthException server_error: java.text.ParseException: Invalid character ' ' encountered. 2017-10-05 14:22:24,691-04 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-185) [] The user usern...@example.com@example.com is not authorized to perform login On 10/05/2017 03:29 PM, Martin Perina wrote: > Hi, > > it seems that you have an error in your aaa-ldap configuration. Could you > please share your engine.log and your aaa-ldap configuration? > > Thanks > > Martin Perina > > > On Thu, Oct 5, 2017 at 9:08 PM, Michael Watters wrote: > >> I'm having some issues granting permissions to AD users in ovirt-engine >> 4.1. Users can log in but receive an error as below. >> The user u...@example.com@example.com is not authorized to perform login >> >> I am also not able to grant this user any permissions through the admin >> console. Entering a user name in the search field for the System >> Permissions section results in a blank list. Attached is a screenshot for >> reference. >> >> Does anybody have an idea on what would cause this? The log files aren't >> very useful and don't show any errors. >> >> ___ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >> ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Unable to grant permissions to AD users
Hi, it seems that you have an error in your aaa-ldap configuration. Could you please share your engine.log and your aaa-ldap configuration? Thanks Martin Perina On Thu, Oct 5, 2017 at 9:08 PM, Michael Watters wrote: > I'm having some issues granting permissions to AD users in ovirt-engine > 4.1. Users can log in but receive an error as below. > The user u...@example.com@example.com is not authorized to perform login > > I am also not able to grant this user any permissions through the admin > console. Entering a user name in the search field for the System > Permissions section results in a blank list. Attached is a screenshot for > reference. > > Does anybody have an idea on what would cause this? The log files aren't > very useful and don't show any errors. > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Unable to grant permissions to AD users
I'm having some issues granting permissions to AD users in ovirt-engine 4.1. Users can log in but receive an error as below. The user u...@example.com@example.com is not authorized to perform login I am also not able to grant this user any permissions through the admin console. Entering a user name in the search field for the System Permissions section results in a blank list. Attached is a screenshot for reference. Does anybody have an idea on what would cause this? The log files aren't very useful and don't show any errors. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users