Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication
- Original Message - > From: "Yair Zaslavsky" > To: "Peter Harris" > Cc: Users@ovirt.org, "Sven Kieske" > Sent: Wednesday, April 30, 2014 12:19:57 PM > Subject: Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication > > > As mentioned by Sven, > As far as I know all these bugs were solved for 3.4.1 > However, > > if possible, I would like to get the following information - > > a. select user_id, username, group_ids from users where username = > ''; > b. select id, name from ad_groups; of course this should be collected from the database. > > > > - Original Message - > > From: "Peter Harris" > > To: Users@ovirt.org > > Sent: Wednesday, April 30, 2014 11:55:04 AM > > Subject: [ovirt-users] ovirt 3.4 and FreeIPA authentication > > > > I have just create an oVirt 3.4 server as part of my test environment prior > > to moving from my production 3.3 environment. > > > > I authenticate against FreeIPA 3.0.0 > > > > I generally add a group in IPA, add the permissions in ovirt against the > > group, and then add/remove users from the groups in IPA. > > > > With oVirt3.4, I have justed added my vmadmin IPA group to ovirt, and given > > it the SuperUser role. > > > > I try to log in to oVirt 3.4 as myself (I am in the vmadmin group), and I > > can authenticate fine, but I do not have SuperUser privileges. If I log in > > to my live Ovirt (3.3), I do have SuperUser privileges. > > > > Has something changed? Or is there an extra step I have to take that I have > > missed to propogate privileges. > > > > Thanks > > > > Peter > > > > P.S. All work done in the ovirt Admin portal gui so far, not tried the CLI > > yet. > > > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication
As mentioned by Sven, As far as I know all these bugs were solved for 3.4.1 However, if possible, I would like to get the following information - a. select user_id, username, group_ids from users where username = ''; b. select id, name from ad_groups; - Original Message - > From: "Peter Harris" > To: Users@ovirt.org > Sent: Wednesday, April 30, 2014 11:55:04 AM > Subject: [ovirt-users] ovirt 3.4 and FreeIPA authentication > > I have just create an oVirt 3.4 server as part of my test environment prior > to moving from my production 3.3 environment. > > I authenticate against FreeIPA 3.0.0 > > I generally add a group in IPA, add the permissions in ovirt against the > group, and then add/remove users from the groups in IPA. > > With oVirt3.4, I have justed added my vmadmin IPA group to ovirt, and given > it the SuperUser role. > > I try to log in to oVirt 3.4 as myself (I am in the vmadmin group), and I > can authenticate fine, but I do not have SuperUser privileges. If I log in > to my live Ovirt (3.3), I do have SuperUser privileges. > > Has something changed? Or is there an extra step I have to take that I have > missed to propogate privileges. > > Thanks > > Peter > > P.S. All work done in the ovirt Admin portal gui so far, not tried the CLI > yet. > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] ovirt 3.4 and FreeIPA authentication
Hi, I recall there where some bugs which didn't propagate the correct rights inherited by group membership to all group members, maybe that's related? There are some BZ's for it, I don't know atm if this was resolved for 3.4.1 ? HTH -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] ovirt 3.4 and FreeIPA authentication
I have just create an oVirt 3.4 server as part of my test environment prior to moving from my production 3.3 environment. I authenticate against FreeIPA 3.0.0 I generally add a group in IPA, add the permissions in ovirt against the group, and then add/remove users from the groups in IPA. With oVirt3.4, I have justed added my vmadmin IPA group to ovirt, and given it the SuperUser role. I try to log in to oVirt 3.4 as myself (I am in the vmadmin group), and I can authenticate fine, but I do not have SuperUser privileges. If I log in to my live Ovirt (3.3), I do have SuperUser privileges. Has something changed? Or is there an extra step I have to take that I have missed to propogate privileges. Thanks Peter P.S. All work done in the ovirt Admin portal gui so far, not tried the CLI yet. ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users