Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-15 Thread Nicolás 



El 15/08/16 a las 13:28, Ondra Machacek escribió:

On 08/13/2016 12:44 AM, nico...@devels.es wrote:

El 2016-08-12 20:38, Ondra Machacek escribió:

On 08/12/2016 05:53 PM, nico...@devels.es wrote:

El 2016-08-10 14:46, Nicolás escribió:

En 10/8/2016 2:29 p. m., Alexander Wels  escribió:


On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:



On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es

wrote:



El 2016-08-10 08:58, Ondra Machacek escribió:



> On 08/10/2016 09:37 AM, Nicolás wrote:



>> Hi,



>>



>> We're running oVirt 4.0.1.1 [1], and we're trying to grant a

permission to



>> a



>> user on a VM. Thing is when we open the 'Permissions' subtab

on that



>> VM,



>> we click on Add, the LDAP backend shows up but any value

entered into



>> the search box returns nothing, even when I know the values

exist.



>>



>> This has been working on oVirt 3.x, we actually migrated to

4.x last



>> week and didn't notice this issue.



>>



>> Additionally, there's no combobox to choose the permission to

grant?



>



> There should be combo box to choose a role.







I've attached a screenshot, seems there's not.







Its highly likely the dropdown is there, but its scrolled below

the bottom



of the dialog and thus you can't see it. I thought I made sure all

the



dialogs were working, seems like I missed one. Let me check it out

and see



what is going on.











Okay I double checked, I went to the VMs main tab, selected a VM,
then went to



the permissions sub tab. Clicked add. The dialog that popped up
looks like the



one attached, which is what I was expecting. The one you attached
appears to



be missing some styling, which is likely what caused the Role to
Assign part



to be scrolled below the bottom of the page.







Can you complete clear your cache (not shift reload, but
settings->clear



cache). If that doesn't work can you tell us the version of the
patternfly rpm



installed on your engine?







Yes, I already did that, also opened the engine on different clients
and the behavior is the same, I believe this is not a client issue.
Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch




Ok, this indeed seems like a graphics problem since I am seeing this
connecting to a machine through a VNC server and the Role combobox is
moved down out of the dialog.

However, the LDAP issue persists. When I choose the 'internal' 
domain, I
can search the 'admin' user successfully, however, if I set it to 
be the

LDAP domain, any search returns nothing.

Any hints or ideas how to debug this?


Can you please enable debug log[1] and send it here?

[1]
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README#L442 






Thanks. I was now able to see why it is failing:

TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (default task-13)
[] SearchRequest: Exception: LDAPSearchException(resultCode=11 (admin
limit exceeded), numEntries=0, numReferences=0, errorMessage='admin
limit exceeded')


This is server error, that number of entries to be returned is higher, 
than the limit set on server.
You should either increase that limit server side, or don't use '*', 
but use some filter. ( ie. user* )




That's the problem, the patterns we enter in the search box are specific 
usernames that usually return only one or 2 results at most from the 
LDAP directory, that's why I think this filter is needlessly too broad 
in our case. I've been making the query more specific on the command 
line (i.e., using ldapsearch) and removing some of the OR (|) clauses 
seems to return a lower number of entries below the limit, that's why I 
asked if it's possible to manually specify the filter.


Do you think it would be useful to open a RFE on BZ asking for a feature 
to allow the user specify the filter?


I'll see what's the best way to workaround this problem as is, either 
defining a user and allowing them a higher number of returned results or 
increasing the limit on the server side.


Thanks.



Indeed, if I run that query using the ldapsearch command I can clearly
see it is returning an "admin limit exceeded" error.

The applied filter is:
(&(objectClass=posixAccount)(uid=*)(|(givenName=username)(sn=username)(displayName=username)(uid=username))) 




Strange thing is this hasn't been an issue on oVirt 3.6.x and we've not
changed our LDAP configuration. Has the filter been changed in 4.x by
default?


It didn't.



If so, is there a way to override the filter to make it simpler? (In our
case we'll always seek by username, so no need to search by givenName,
sn or displayName).



Filtering is constructed on client side, in this case ovirt-engine 
backend,

so unfortunatelly it's not easilly modifiable.


Thanks.



Thanks.







Anyhow, I see there are lots of packages to update so I'll do so
within a few days and report results.







>> All this is done with the admin@internal user, so I guess

this is not



>> a

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-15 Thread Ondra Machacek 

On 08/13/2016 12:44 AM, nico...@devels.es wrote:

El 2016-08-12 20:38, Ondra Machacek escribió:

On 08/12/2016 05:53 PM, nico...@devels.es wrote:

El 2016-08-10 14:46, Nicolás escribió:

En 10/8/2016 2:29 p. m., Alexander Wels  escribió:


On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:



On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es

wrote:



El 2016-08-10 08:58, Ondra Machacek escribió:



> On 08/10/2016 09:37 AM, Nicolás wrote:



>> Hi,



>>



>> We're running oVirt 4.0.1.1 [1], and we're trying to grant a

permission to



>> a



>> user on a VM. Thing is when we open the 'Permissions' subtab

on that



>> VM,



>> we click on Add, the LDAP backend shows up but any value

entered into



>> the search box returns nothing, even when I know the values

exist.



>>



>> This has been working on oVirt 3.x, we actually migrated to

4.x last



>> week and didn't notice this issue.



>>



>> Additionally, there's no combobox to choose the permission to

grant?



>



> There should be combo box to choose a role.







I've attached a screenshot, seems there's not.







Its highly likely the dropdown is there, but its scrolled below

the bottom



of the dialog and thus you can't see it. I thought I made sure all

the



dialogs were working, seems like I missed one. Let me check it out

and see



what is going on.











Okay I double checked, I went to the VMs main tab, selected a VM,
then went to



the permissions sub tab. Clicked add. The dialog that popped up
looks like the



one attached, which is what I was expecting. The one you attached
appears to



be missing some styling, which is likely what caused the Role to
Assign part



to be scrolled below the bottom of the page.







Can you complete clear your cache (not shift reload, but
settings->clear



cache). If that doesn't work can you tell us the version of the
patternfly rpm



installed on your engine?







Yes, I already did that, also opened the engine on different clients
and the behavior is the same, I believe this is not a client issue.
Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch




Ok, this indeed seems like a graphics problem since I am seeing this
connecting to a machine through a VNC server and the Role combobox is
moved down out of the dialog.

However, the LDAP issue persists. When I choose the 'internal' domain, I
can search the 'admin' user successfully, however, if I set it to be the
LDAP domain, any search returns nothing.

Any hints or ideas how to debug this?


Can you please enable debug log[1] and send it here?

[1]
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README#L442




Thanks. I was now able to see why it is failing:

TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (default task-13)
[] SearchRequest: Exception: LDAPSearchException(resultCode=11 (admin
limit exceeded), numEntries=0, numReferences=0, errorMessage='admin
limit exceeded')


This is server error, that number of entries to be returned is higher, 
than the limit set on server.
You should either increase that limit server side, or don't use '*', but 
use some filter. ( ie. user* )




Indeed, if I run that query using the ldapsearch command I can clearly
see it is returning an "admin limit exceeded" error.

The applied filter is:
(&(objectClass=posixAccount)(uid=*)(|(givenName=username)(sn=username)(displayName=username)(uid=username)))


Strange thing is this hasn't been an issue on oVirt 3.6.x and we've not
changed our LDAP configuration. Has the filter been changed in 4.x by
default?


It didn't.



If so, is there a way to override the filter to make it simpler? (In our
case we'll always seek by username, so no need to search by givenName,
sn or displayName).



Filtering is constructed on client side, in this case ovirt-engine backend,
so unfortunatelly it's not easilly modifiable.


Thanks.



Thanks.







Anyhow, I see there are lots of packages to update so I'll do so
within a few days and report results.







>> All this is done with the admin@internal user, so I guess

this is not



>> a



>> self-permission issue.



>>



>> Interesting thing is that I can successfully log-in to the

user portal



>> with a LDAP based user and manage all the VMs assigned to

them.



>>



>> Just to see if there's been any configuration change, we also

run the



>> ovirt-engine-extension-aaa-ldap-setup tool, the configuration

it



>> returns



>> is pretty similar to ours, and even the test commands (Login,

Search)



>> work successfully (I can see search returning user's data

like name,



>> surname, ...). We even applied this configuration to engine

to see if



>> it



>> makes a difference but the result is the same, the search

dialog



>> returns



>> nothing and neither I can see the permission to grant.



>>



>> Any hint about this?



>



> Maybe you hit similar issue to this one[1].



>



> Can you please share engine.

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-12 Thread nicolas 

El 2016-08-12 20:38, Ondra Machacek escribió:

On 08/12/2016 05:53 PM, nico...@devels.es wrote:

El 2016-08-10 14:46, Nicolás escribió:

En 10/8/2016 2:29 p. m., Alexander Wels  escribió:


On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:



On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es

wrote:



El 2016-08-10 08:58, Ondra Machacek escribió:



> On 08/10/2016 09:37 AM, Nicolás wrote:



>> Hi,



>>



>> We're running oVirt 4.0.1.1 [1], and we're trying to grant a

permission to



>> a



>> user on a VM. Thing is when we open the 'Permissions' subtab

on that



>> VM,



>> we click on Add, the LDAP backend shows up but any value

entered into



>> the search box returns nothing, even when I know the values

exist.



>>



>> This has been working on oVirt 3.x, we actually migrated to

4.x last



>> week and didn't notice this issue.



>>



>> Additionally, there's no combobox to choose the permission to

grant?



>



> There should be combo box to choose a role.







I've attached a screenshot, seems there's not.







Its highly likely the dropdown is there, but its scrolled below

the bottom



of the dialog and thus you can't see it. I thought I made sure all

the



dialogs were working, seems like I missed one. Let me check it out

and see



what is going on.











Okay I double checked, I went to the VMs main tab, selected a VM,
then went to



the permissions sub tab. Clicked add. The dialog that popped up
looks like the



one attached, which is what I was expecting. The one you attached
appears to



be missing some styling, which is likely what caused the Role to
Assign part



to be scrolled below the bottom of the page.







Can you complete clear your cache (not shift reload, but
settings->clear



cache). If that doesn't work can you tell us the version of the
patternfly rpm



installed on your engine?







Yes, I already did that, also opened the engine on different clients
and the behavior is the same, I believe this is not a client issue.
Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch




Ok, this indeed seems like a graphics problem since I am seeing this
connecting to a machine through a VNC server and the Role combobox is
moved down out of the dialog.

However, the LDAP issue persists. When I choose the 'internal' domain, 
I
can search the 'admin' user successfully, however, if I set it to be 
the

LDAP domain, any search returns nothing.

Any hints or ideas how to debug this?


Can you please enable debug log[1] and send it here?

[1]
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README#L442



Thanks. I was now able to see why it is failing:

TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (default task-13) 
[] SearchRequest: Exception: LDAPSearchException(resultCode=11 (admin 
limit exceeded), numEntries=0, numReferences=0, errorMessage='admin 
limit exceeded')


Indeed, if I run that query using the ldapsearch command I can clearly 
see it is returning an "admin limit exceeded" error.


The applied filter is: 
(&(objectClass=posixAccount)(uid=*)(|(givenName=username)(sn=username)(displayName=username)(uid=username)))


Strange thing is this hasn't been an issue on oVirt 3.6.x and we've not 
changed our LDAP configuration. Has the filter been changed in 4.x by 
default?


If so, is there a way to override the filter to make it simpler? (In our 
case we'll always seek by username, so no need to search by givenName, 
sn or displayName).


Thanks.



Thanks.







Anyhow, I see there are lots of packages to update so I'll do so
within a few days and report results.







>> All this is done with the admin@internal user, so I guess

this is not



>> a



>> self-permission issue.



>>



>> Interesting thing is that I can successfully log-in to the

user portal



>> with a LDAP based user and manage all the VMs assigned to

them.



>>



>> Just to see if there's been any configuration change, we also

run the



>> ovirt-engine-extension-aaa-ldap-setup tool, the configuration

it



>> returns



>> is pretty similar to ours, and even the test commands (Login,

Search)



>> work successfully (I can see search returning user's data

like name,



>> surname, ...). We even applied this configuration to engine

to see if



>> it



>> makes a difference but the result is the same, the search

dialog



>> returns



>> nothing and neither I can see the permission to grant.



>>



>> Any hint about this?



>



> Maybe you hit similar issue to this one[1].



>



> Can you please share engine.log, while you hit search button?







I'm also attaching the log at the time I hit the search button,

but I'm



afraid there's no entry about that.







Thanks.







> [1] https [2]://bugzilla.redhat.com/show_bug.cgi?id=1356675

[2]



>



>> Thanks



>> ___



>> Users mailing list



>> Users@ovirt.org



>> http [3]://lists.ovirt

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-12 Thread Ondra Machacek 


On 08/12/2016 05:53 PM, nico...@devels.es wrote:

El 2016-08-10 14:46, Nicolás escribió:

En 10/8/2016 2:29 p. m., Alexander Wels  escribió:


On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:



On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es

wrote:



El 2016-08-10 08:58, Ondra Machacek escribió:



> On 08/10/2016 09:37 AM, Nicolás wrote:



>> Hi,



>>



>> We're running oVirt 4.0.1.1 [1], and we're trying to grant a

permission to



>> a



>> user on a VM. Thing is when we open the 'Permissions' subtab

on that



>> VM,



>> we click on Add, the LDAP backend shows up but any value

entered into



>> the search box returns nothing, even when I know the values

exist.



>>



>> This has been working on oVirt 3.x, we actually migrated to

4.x last



>> week and didn't notice this issue.



>>



>> Additionally, there's no combobox to choose the permission to

grant?



>



> There should be combo box to choose a role.







I've attached a screenshot, seems there's not.







Its highly likely the dropdown is there, but its scrolled below

the bottom



of the dialog and thus you can't see it. I thought I made sure all

the



dialogs were working, seems like I missed one. Let me check it out

and see



what is going on.











Okay I double checked, I went to the VMs main tab, selected a VM,
then went to



the permissions sub tab. Clicked add. The dialog that popped up
looks like the



one attached, which is what I was expecting. The one you attached
appears to



be missing some styling, which is likely what caused the Role to
Assign part



to be scrolled below the bottom of the page.







Can you complete clear your cache (not shift reload, but
settings->clear



cache). If that doesn't work can you tell us the version of the
patternfly rpm



installed on your engine?







Yes, I already did that, also opened the engine on different clients
and the behavior is the same, I believe this is not a client issue.
Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch




Ok, this indeed seems like a graphics problem since I am seeing this
connecting to a machine through a VNC server and the Role combobox is
moved down out of the dialog.

However, the LDAP issue persists. When I choose the 'internal' domain, I
can search the 'admin' user successfully, however, if I set it to be the
LDAP domain, any search returns nothing.

Any hints or ideas how to debug this?


Can you please enable debug log[1] and send it here?

[1] 
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/master/README#L442




Thanks.







Anyhow, I see there are lots of packages to update so I'll do so
within a few days and report results.







>> All this is done with the admin@internal user, so I guess

this is not



>> a



>> self-permission issue.



>>



>> Interesting thing is that I can successfully log-in to the

user portal



>> with a LDAP based user and manage all the VMs assigned to

them.



>>



>> Just to see if there's been any configuration change, we also

run the



>> ovirt-engine-extension-aaa-ldap-setup tool, the configuration

it



>> returns



>> is pretty similar to ours, and even the test commands (Login,

Search)



>> work successfully (I can see search returning user's data

like name,



>> surname, ...). We even applied this configuration to engine

to see if



>> it



>> makes a difference but the result is the same, the search

dialog



>> returns



>> nothing and neither I can see the permission to grant.



>>



>> Any hint about this?



>



> Maybe you hit similar issue to this one[1].



>



> Can you please share engine.log, while you hit search button?







I'm also attaching the log at the time I hit the search button,

but I'm



afraid there's no entry about that.







Thanks.







> [1] https [2]://bugzilla.redhat.com/show_bug.cgi?id=1356675

[2]



>



>> Thanks



>> ___



>> Users mailing list



>> Users@ovirt.org



>> http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/

[3]users [3]







___



Users mailing list



Users@ovirt.org



http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/

[3]users [3]



___



Users mailing list



Users@ovirt.org



http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/
[3]users [3]








Links:
--
[1] http://4.0.1.1
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1356675
[3] http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinf

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-12 Thread nicolas 

El 2016-08-10 14:46, Nicolás escribió:

En 10/8/2016 2:29 p. m., Alexander Wels  escribió:


On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:



On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es

wrote:



El 2016-08-10 08:58, Ondra Machacek escribió:



> On 08/10/2016 09:37 AM, Nicolás wrote:



>> Hi,



>>



>> We're running oVirt 4.0.1.1 [1], and we're trying to grant a

permission to



>> a



>> user on a VM. Thing is when we open the 'Permissions' subtab

on that



>> VM,



>> we click on Add, the LDAP backend shows up but any value

entered into



>> the search box returns nothing, even when I know the values

exist.



>>



>> This has been working on oVirt 3.x, we actually migrated to

4.x last



>> week and didn't notice this issue.



>>



>> Additionally, there's no combobox to choose the permission to

grant?



>



> There should be combo box to choose a role.







I've attached a screenshot, seems there's not.







Its highly likely the dropdown is there, but its scrolled below

the bottom



of the dialog and thus you can't see it. I thought I made sure all

the



dialogs were working, seems like I missed one. Let me check it out

and see



what is going on.











Okay I double checked, I went to the VMs main tab, selected a VM,
then went to



the permissions sub tab. Clicked add. The dialog that popped up
looks like the



one attached, which is what I was expecting. The one you attached
appears to



be missing some styling, which is likely what caused the Role to
Assign part



to be scrolled below the bottom of the page.







Can you complete clear your cache (not shift reload, but
settings->clear



cache). If that doesn't work can you tell us the version of the
patternfly rpm



installed on your engine?







Yes, I already did that, also opened the engine on different clients
and the behavior is the same, I believe this is not a client issue.
Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch




Ok, this indeed seems like a graphics problem since I am seeing this 
connecting to a machine through a VNC server and the Role combobox is 
moved down out of the dialog.


However, the LDAP issue persists. When I choose the 'internal' domain, I 
can search the 'admin' user successfully, however, if I set it to be the 
LDAP domain, any search returns nothing.


Any hints or ideas how to debug this?

Thanks.







Anyhow, I see there are lots of packages to update so I'll do so
within a few days and report results.







>> All this is done with the admin@internal user, so I guess

this is not



>> a



>> self-permission issue.



>>



>> Interesting thing is that I can successfully log-in to the

user portal



>> with a LDAP based user and manage all the VMs assigned to

them.



>>



>> Just to see if there's been any configuration change, we also

run the



>> ovirt-engine-extension-aaa-ldap-setup tool, the configuration

it



>> returns



>> is pretty similar to ours, and even the test commands (Login,

Search)



>> work successfully (I can see search returning user's data

like name,



>> surname, ...). We even applied this configuration to engine

to see if



>> it



>> makes a difference but the result is the same, the search

dialog



>> returns



>> nothing and neither I can see the permission to grant.



>>



>> Any hint about this?



>



> Maybe you hit similar issue to this one[1].



>



> Can you please share engine.log, while you hit search button?







I'm also attaching the log at the time I hit the search button,

but I'm



afraid there's no entry about that.







Thanks.







> [1] https [2]://bugzilla.redhat.com/show_bug.cgi?id=1356675

[2]



>



>> Thanks



>> ___



>> Users mailing list



>> Users@ovirt.org



>> http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/

[3]users [3]







___



Users mailing list



Users@ovirt.org



http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/

[3]users [3]



___



Users mailing list



Users@ovirt.org



http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/
[3]users [3]








Links:
--
[1] http://4.0.1.1
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1356675
[3] http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-10 Thread nicolas 

El 2016-08-10 14:46, Nicolás escribió:

En 10/8/2016 2:29 p. m., Alexander Wels  escribió:


On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:



On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es

wrote:



El 2016-08-10 08:58, Ondra Machacek escribió:



> On 08/10/2016 09:37 AM, Nicolás wrote:



>> Hi,



>>



>> We're running oVirt 4.0.1.1 [1], and we're trying to grant a

permission to



>> a



>> user on a VM. Thing is when we open the 'Permissions' subtab

on that



>> VM,



>> we click on Add, the LDAP backend shows up but any value

entered into



>> the search box returns nothing, even when I know the values

exist.



>>



>> This has been working on oVirt 3.x, we actually migrated to

4.x last



>> week and didn't notice this issue.



>>



>> Additionally, there's no combobox to choose the permission to

grant?



>



> There should be combo box to choose a role.







I've attached a screenshot, seems there's not.







Its highly likely the dropdown is there, but its scrolled below

the bottom



of the dialog and thus you can't see it. I thought I made sure all

the



dialogs were working, seems like I missed one. Let me check it out

and see



what is going on.











Okay I double checked, I went to the VMs main tab, selected a VM,
then went to



the permissions sub tab. Clicked add. The dialog that popped up
looks like the



one attached, which is what I was expecting. The one you attached
appears to



be missing some styling, which is likely what caused the Role to
Assign part



to be scrolled below the bottom of the page.







Can you complete clear your cache (not shift reload, but
settings->clear



cache). If that doesn't work can you tell us the version of the
patternfly rpm



installed on your engine?







Yes, I already did that, also opened the engine on different clients
and the behavior is the same, I believe this is not a client issue.
Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch







Anyhow, I see there are lots of packages to update so I'll do so
within a few days and report results.




So I was able to update all packages, restart run engine-setup just in 
case, restart ovirt-engine and the situation is the same. I remembered 
we also have a dev. environment oVirt installation which we upgraded 
from 3.6.7 to 4.0.1 and same happens here, so finally we have 3 
independent oVirt installations with the same problem. There's something 
not working as intended.


I'm attaching a list of packages on oVirt engine and their versions if 
you want to check if there's something wrong with versioning, although 
everything seems to be ok.


Thanks!






>> All this is done with the admin@internal user, so I guess

this is not



>> a



>> self-permission issue.



>>



>> Interesting thing is that I can successfully log-in to the

user portal



>> with a LDAP based user and manage all the VMs assigned to

them.



>>



>> Just to see if there's been any configuration change, we also

run the



>> ovirt-engine-extension-aaa-ldap-setup tool, the configuration

it



>> returns



>> is pretty similar to ours, and even the test commands (Login,

Search)



>> work successfully (I can see search returning user's data

like name,



>> surname, ...). We even applied this configuration to engine

to see if



>> it



>> makes a difference but the result is the same, the search

dialog



>> returns



>> nothing and neither I can see the permission to grant.



>>



>> Any hint about this?



>



> Maybe you hit similar issue to this one[1].



>



> Can you please share engine.log, while you hit search button?







I'm also attaching the log at the time I hit the search button,

but I'm



afraid there's no entry about that.







Thanks.







> [1] https [2]://bugzilla.redhat.com/show_bug.cgi?id=1356675

[2]



>



>> Thanks



>> ___



>> Users mailing list



>> Users@ovirt.org



>> http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/

[3]users [3]







___



Users mailing list



Users@ovirt.org



http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/

[3]users [3]



___



Users mailing list



Users@ovirt.org



http [3]://lists.ovirt.org/ [3]mailman [3]/ [3]listinfo [3]/
[3]users [3]








Links:
--
[1] http://4.0.1.1
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1356675
[3] http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/usersovirt-engine-4.0.1.1-1.el7.centos.noarch
ovirt-engine-backend-4.0.1.1-1.el7.centos.noarch
ovirt-engine-cli-3.6.8.0-1.el7.centos.noarch
ovirt-engine-dashboard-1.0.0-0.2.20160610git5d210ea.el7.centos.noarch
ovirt-engine-dbscripts-4.0.1.1-1.el7.centos.noarch
ovirt-engine-dwh-4.0.1-1.el7.centos.no

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-10 Thread Nicolás 
En 10/8/2016 2:29 p. m., Alexander Wels  escribió:

On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:

> On Wednesday, August 10, 2016 9:10:25 AM EDT nicolas@devels.es wrote:

> > El 2016-08-10 08:58, Ondra Machacek escribió:

> > > On 08/10/2016 09:37 AM, Nicolás wrote:

> > >> Hi,

> > >> 

> > >> We're running oVirt 4.0.1.1, and we're trying to grant a permission to

> > >> a

> > >> user on a VM. Thing is when we open the 'Permissions' subtab on that

> > >> VM,

> > >> we click on Add, the LDAP backend shows up but any value entered into

> > >> the search box returns nothing, even when I know the values exist.

> > >> 

> > >> This has been working on oVirt 3.x, we actually migrated to 4.x last

> > >> week and didn't notice this issue.

> > >> 

> > >> Additionally, there's no combobox to choose the permission to grant?

> > > 

> > > There should be combo box to choose a role.

> > 

> > I've attached a screenshot, seems there's not.

> 

> Its highly likely the dropdown is there, but its scrolled below the bottom

> of the dialog and thus you can't see it. I thought I made sure all the

> dialogs were working, seems like I missed one. Let me check it out and see

> what is going on.

> 



Okay I double checked, I went to the VMs main tab, selected a VM, then went to 

the permissions sub tab. Clicked add. The dialog that popped up looks like the 

one attached, which is what I was expecting. The one you attached appears to 

be missing some styling, which is likely what caused the Role to Assign part 

to be scrolled below the bottom of the page.



Can you complete clear your cache (not shift reload, but settings->clear 

cache). If that doesn't work can you tell us the version of the patternfly rpm 

installed on your engine?



Yes, I already did that, also opened the engine on different clients and the behavior is the same, I believe this is not a client issue. Patternfly package is patternfly1-1.3.0-1.el7.centos.noarch



Anyhow, I see there are lots of packages to update so I'll do so within a few days and report results.



> > >> All this is done with the admin@internal user, so I guess this is not

> > >> a

> > >> self-permission issue.

> > >> 

> > >> Interesting thing is that I can successfully log-in to the user portal

> > >> with a LDAP based user and manage all the VMs assigned to them.

> > >> 

> > >> Just to see if there's been any configuration change, we also run the

> > >> ovirt-engine-extension-aaa-ldap-setup tool, the configuration it

> > >> returns

> > >> is pretty similar to ours, and even the test commands (Login, Search)

> > >> work successfully (I can see search returning user's data like name,

> > >> surname, ...). We even applied this configuration to engine to see if

> > >> it

> > >> makes a difference but the result is the same, the search dialog

> > >> returns

> > >> nothing and neither I can see the permission to grant.

> > >> 

> > >> Any hint about this?

> > > 

> > > Maybe you hit similar issue to this one[1].

> > > 

> > > Can you please share engine.log, while you hit search button?

> > 

> > I'm also attaching the log at the time I hit the search button, but I'm

> > afraid there's no entry about that.

> > 

> > Thanks.

> > 

> > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1356675

> > > 

> > >> Thanks

> > >> ___

> > >> Users mailing list

> > >> Users@ovirt.org

> > >> http://lists.ovirt.org/mailman/listinfo/users

> 

> ___

> Users mailing list

> Users@ovirt.org

> http://lists.ovirt.org/mailman/listinfo/users

___

Users mailing list

Users@ovirt.org

http://lists.ovirt.org/mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-10 Thread Alexander Wels 
On Wednesday, August 10, 2016 9:02:16 AM EDT Alexander Wels wrote:
> On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es wrote:
> > El 2016-08-10 08:58, Ondra Machacek escribió:
> > > On 08/10/2016 09:37 AM, Nicolás wrote:
> > >> Hi,
> > >> 
> > >> We're running oVirt 4.0.1.1, and we're trying to grant a permission to
> > >> a
> > >> user on a VM. Thing is when we open the 'Permissions' subtab on that
> > >> VM,
> > >> we click on Add, the LDAP backend shows up but any value entered into
> > >> the search box returns nothing, even when I know the values exist.
> > >> 
> > >> This has been working on oVirt 3.x, we actually migrated to 4.x last
> > >> week and didn't notice this issue.
> > >> 
> > >> Additionally, there's no combobox to choose the permission to grant?
> > > 
> > > There should be combo box to choose a role.
> > 
> > I've attached a screenshot, seems there's not.
> 
> Its highly likely the dropdown is there, but its scrolled below the bottom
> of the dialog and thus you can't see it. I thought I made sure all the
> dialogs were working, seems like I missed one. Let me check it out and see
> what is going on.
> 

Okay I double checked, I went to the VMs main tab, selected a VM, then went to 
the permissions sub tab. Clicked add. The dialog that popped up looks like the 
one attached, which is what I was expecting. The one you attached appears to 
be missing some styling, which is likely what caused the Role to Assign part 
to be scrolled below the bottom of the page.

Can you complete clear your cache (not shift reload, but settings->clear 
cache). If that doesn't work can you tell us the version of the patternfly rpm 
installed on your engine?

Alexander

> > >> All this is done with the admin@internal user, so I guess this is not
> > >> a
> > >> self-permission issue.
> > >> 
> > >> Interesting thing is that I can successfully log-in to the user portal
> > >> with a LDAP based user and manage all the VMs assigned to them.
> > >> 
> > >> Just to see if there's been any configuration change, we also run the
> > >> ovirt-engine-extension-aaa-ldap-setup tool, the configuration it
> > >> returns
> > >> is pretty similar to ours, and even the test commands (Login, Search)
> > >> work successfully (I can see search returning user's data like name,
> > >> surname, ...). We even applied this configuration to engine to see if
> > >> it
> > >> makes a difference but the result is the same, the search dialog
> > >> returns
> > >> nothing and neither I can see the permission to grant.
> > >> 
> > >> Any hint about this?
> > > 
> > > Maybe you hit similar issue to this one[1].
> > > 
> > > Can you please share engine.log, while you hit search button?
> > 
> > I'm also attaching the log at the time I hit the search button, but I'm
> > afraid there's no entry about that.
> > 
> > Thanks.
> > 
> > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1356675
> > > 
> > >> Thanks
> > >> ___
> > >> Users mailing list
> > >> Users@ovirt.org
> > >> http://lists.ovirt.org/mailman/listinfo/users
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-10 Thread Alexander Wels 
On Wednesday, August 10, 2016 9:10:25 AM EDT nico...@devels.es wrote:
> El 2016-08-10 08:58, Ondra Machacek escribió:
> > On 08/10/2016 09:37 AM, Nicolás wrote:
> >> Hi,
> >> 
> >> We're running oVirt 4.0.1.1, and we're trying to grant a permission to
> >> a
> >> user on a VM. Thing is when we open the 'Permissions' subtab on that
> >> VM,
> >> we click on Add, the LDAP backend shows up but any value entered into
> >> the search box returns nothing, even when I know the values exist.
> >> 
> >> This has been working on oVirt 3.x, we actually migrated to 4.x last
> >> week and didn't notice this issue.
> >> 
> >> Additionally, there's no combobox to choose the permission to grant?
> > 
> > There should be combo box to choose a role.
> 
> I've attached a screenshot, seems there's not.
> 

Its highly likely the dropdown is there, but its scrolled below the bottom of 
the dialog and thus you can't see it. I thought I made sure all the dialogs 
were working, seems like I missed one. Let me check it out and see what is 
going on.

> >> All this is done with the admin@internal user, so I guess this is not
> >> a
> >> self-permission issue.
> >> 
> >> Interesting thing is that I can successfully log-in to the user portal
> >> with a LDAP based user and manage all the VMs assigned to them.
> >> 
> >> Just to see if there's been any configuration change, we also run the
> >> ovirt-engine-extension-aaa-ldap-setup tool, the configuration it
> >> returns
> >> is pretty similar to ours, and even the test commands (Login, Search)
> >> work successfully (I can see search returning user's data like name,
> >> surname, ...). We even applied this configuration to engine to see if
> >> it
> >> makes a difference but the result is the same, the search dialog
> >> returns
> >> nothing and neither I can see the permission to grant.
> >> 
> >> Any hint about this?
> > 
> > Maybe you hit similar issue to this one[1].
> > 
> > Can you please share engine.log, while you hit search button?
> 
> I'm also attaching the log at the time I hit the search button, but I'm
> afraid there's no entry about that.
> 
> Thanks.
> 
> > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1356675
> > 
> >> Thanks
> >> ___
> >> Users mailing list
> >> Users@ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-10 Thread nicolas 

El 2016-08-10 13:36, nico...@devels.es escribió:

El 2016-08-10 09:32, Ondra Machacek escribió:

On 08/10/2016 10:10 AM, nico...@devels.es wrote:

El 2016-08-10 08:58, Ondra Machacek escribió:

On 08/10/2016 09:37 AM, Nicolás wrote:

Hi,

We're running oVirt 4.0.1.1, and we're trying to grant a permission 
to a
user on a VM. Thing is when we open the 'Permissions' subtab on 
that VM,
we click on Add, the LDAP backend shows up but any value entered 
into

the search box returns nothing, even when I know the values exist.

This has been working on oVirt 3.x, we actually migrated to 4.x 
last

week and didn't notice this issue.

Additionally, there's no combobox to choose the permission to 
grant?


There should be combo box to choose a role.



I've attached a screenshot, seems there's not.


OK, it seems like some UI issue. Can you please force reload or clear
browser cache?
Maybe try different browser.



Nope... Cleaned cache from Chrome, Firefox, same result. Even private
windows have the same behaviour. By the way, we have 2 independent
oVirt infrastructures, both upgraded from 3.6.7 and both have the same
issue, I just had a look at the second and the same happens here (no
log in engine.log either). This second is 4.0.0 instead of 4.0.0,
FWIW.



I meant: This second is 4.0.0 instead of 4.0.1





All this is done with the admin@internal user, so I guess this is 
not a

self-permission issue.

Interesting thing is that I can successfully log-in to the user 
portal

with a LDAP based user and manage all the VMs assigned to them.

Just to see if there's been any configuration change, we also run 
the
ovirt-engine-extension-aaa-ldap-setup tool, the configuration it 
returns
is pretty similar to ours, and even the test commands (Login, 
Search)
work successfully (I can see search returning user's data like 
name,
surname, ...). We even applied this configuration to engine to see 
if it
makes a difference but the result is the same, the search dialog 
returns

nothing and neither I can see the permission to grant.

Any hint about this?


Maybe you hit similar issue to this one[1].

Can you please share engine.log, while you hit search button?



I'm also attaching the log at the time I hit the search button, but 
I'm

afraid there's no entry about that.

Thanks.



[1] https://bugzilla.redhat.com/show_bug.cgi?id=1356675



Thanks
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-10 Thread nicolas 

El 2016-08-10 09:32, Ondra Machacek escribió:

On 08/10/2016 10:10 AM, nico...@devels.es wrote:

El 2016-08-10 08:58, Ondra Machacek escribió:

On 08/10/2016 09:37 AM, Nicolás wrote:

Hi,

We're running oVirt 4.0.1.1, and we're trying to grant a permission 
to a
user on a VM. Thing is when we open the 'Permissions' subtab on that 
VM,
we click on Add, the LDAP backend shows up but any value entered 
into

the search box returns nothing, even when I know the values exist.

This has been working on oVirt 3.x, we actually migrated to 4.x last
week and didn't notice this issue.

Additionally, there's no combobox to choose the permission to grant?


There should be combo box to choose a role.



I've attached a screenshot, seems there's not.


OK, it seems like some UI issue. Can you please force reload or clear
browser cache?
Maybe try different browser.



Nope... Cleaned cache from Chrome, Firefox, same result. Even private 
windows have the same behaviour. By the way, we have 2 independent oVirt 
infrastructures, both upgraded from 3.6.7 and both have the same issue, 
I just had a look at the second and the same happens here (no log in 
engine.log either). This second is 4.0.0 instead of 4.0.0, FWIW.






All this is done with the admin@internal user, so I guess this is 
not a

self-permission issue.

Interesting thing is that I can successfully log-in to the user 
portal

with a LDAP based user and manage all the VMs assigned to them.

Just to see if there's been any configuration change, we also run 
the
ovirt-engine-extension-aaa-ldap-setup tool, the configuration it 
returns
is pretty similar to ours, and even the test commands (Login, 
Search)

work successfully (I can see search returning user's data like name,
surname, ...). We even applied this configuration to engine to see 
if it
makes a difference but the result is the same, the search dialog 
returns

nothing and neither I can see the permission to grant.

Any hint about this?


Maybe you hit similar issue to this one[1].

Can you please share engine.log, while you hit search button?



I'm also attaching the log at the time I hit the search button, but 
I'm

afraid there's no entry about that.

Thanks.



[1] https://bugzilla.redhat.com/show_bug.cgi?id=1356675



Thanks
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-10 Thread Ondra Machacek 

On 08/10/2016 10:10 AM, nico...@devels.es wrote:

El 2016-08-10 08:58, Ondra Machacek escribió:

On 08/10/2016 09:37 AM, Nicolás wrote:

Hi,

We're running oVirt 4.0.1.1, and we're trying to grant a permission to a
user on a VM. Thing is when we open the 'Permissions' subtab on that VM,
we click on Add, the LDAP backend shows up but any value entered into
the search box returns nothing, even when I know the values exist.

This has been working on oVirt 3.x, we actually migrated to 4.x last
week and didn't notice this issue.

Additionally, there's no combobox to choose the permission to grant?


There should be combo box to choose a role.



I've attached a screenshot, seems there's not.


OK, it seems like some UI issue. Can you please force reload or clear 
browser cache?

Maybe try different browser.





All this is done with the admin@internal user, so I guess this is not a
self-permission issue.

Interesting thing is that I can successfully log-in to the user portal
with a LDAP based user and manage all the VMs assigned to them.

Just to see if there's been any configuration change, we also run the
ovirt-engine-extension-aaa-ldap-setup tool, the configuration it returns
is pretty similar to ours, and even the test commands (Login, Search)
work successfully (I can see search returning user's data like name,
surname, ...). We even applied this configuration to engine to see if it
makes a difference but the result is the same, the search dialog returns
nothing and neither I can see the permission to grant.

Any hint about this?


Maybe you hit similar issue to this one[1].

Can you please share engine.log, while you hit search button?



I'm also attaching the log at the time I hit the search button, but I'm
afraid there's no entry about that.

Thanks.



[1] https://bugzilla.redhat.com/show_bug.cgi?id=1356675



Thanks
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-10 Thread nicolas 

El 2016-08-10 08:58, Ondra Machacek escribió:

On 08/10/2016 09:37 AM, Nicolás wrote:

Hi,

We're running oVirt 4.0.1.1, and we're trying to grant a permission to 
a
user on a VM. Thing is when we open the 'Permissions' subtab on that 
VM,

we click on Add, the LDAP backend shows up but any value entered into
the search box returns nothing, even when I know the values exist.

This has been working on oVirt 3.x, we actually migrated to 4.x last
week and didn't notice this issue.

Additionally, there's no combobox to choose the permission to grant?


There should be combo box to choose a role.



I've attached a screenshot, seems there's not.



All this is done with the admin@internal user, so I guess this is not 
a

self-permission issue.

Interesting thing is that I can successfully log-in to the user portal
with a LDAP based user and manage all the VMs assigned to them.

Just to see if there's been any configuration change, we also run the
ovirt-engine-extension-aaa-ldap-setup tool, the configuration it 
returns

is pretty similar to ours, and even the test commands (Login, Search)
work successfully (I can see search returning user's data like name,
surname, ...). We even applied this configuration to engine to see if 
it
makes a difference but the result is the same, the search dialog 
returns

nothing and neither I can see the permission to grant.

Any hint about this?


Maybe you hit similar issue to this one[1].

Can you please share engine.log, while you hit search button?



I'm also attaching the log at the time I hit the search button, but I'm 
afraid there's no entry about that.


Thanks.



[1] https://bugzilla.redhat.com/show_bug.cgi?id=1356675



Thanks
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

engine.tar.gz
Description: GNU Zip compressed data
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] LDAP-based domain not working after upgrade?

2016-08-10 Thread Ondra Machacek 

On 08/10/2016 09:37 AM, Nicolás wrote:

Hi,

We're running oVirt 4.0.1.1, and we're trying to grant a permission to a
user on a VM. Thing is when we open the 'Permissions' subtab on that VM,
we click on Add, the LDAP backend shows up but any value entered into
the search box returns nothing, even when I know the values exist.

This has been working on oVirt 3.x, we actually migrated to 4.x last
week and didn't notice this issue.

Additionally, there's no combobox to choose the permission to grant?


There should be combo box to choose a role.



All this is done with the admin@internal user, so I guess this is not a
self-permission issue.

Interesting thing is that I can successfully log-in to the user portal
with a LDAP based user and manage all the VMs assigned to them.

Just to see if there's been any configuration change, we also run the
ovirt-engine-extension-aaa-ldap-setup tool, the configuration it returns
is pretty similar to ours, and even the test commands (Login, Search)
work successfully (I can see search returning user's data like name,
surname, ...). We even applied this configuration to engine to see if it
makes a difference but the result is the same, the search dialog returns
nothing and neither I can see the permission to grant.

Any hint about this?


Maybe you hit similar issue to this one[1].

Can you please share engine.log, while you hit search button?

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1356675



Thanks
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] LDAP-based domain not working after upgrade?

2016-08-10 Thread Nicolás 

Hi,

We're running oVirt 4.0.1.1, and we're trying to grant a permission to a 
user on a VM. Thing is when we open the 'Permissions' subtab on that VM, 
we click on Add, the LDAP backend shows up but any value entered into 
the search box returns nothing, even when I know the values exist.


This has been working on oVirt 3.x, we actually migrated to 4.x last 
week and didn't notice this issue.


Additionally, there's no combobox to choose the permission to grant?

All this is done with the admin@internal user, so I guess this is not a 
self-permission issue.


Interesting thing is that I can successfully log-in to the user portal 
with a LDAP based user and manage all the VMs assigned to them.


Just to see if there's been any configuration change, we also run the 
ovirt-engine-extension-aaa-ldap-setup tool, the configuration it returns 
is pretty similar to ours, and even the test commands (Login, Search) 
work successfully (I can see search returning user's data like name, 
surname, ...). We even applied this configuration to engine to see if it 
makes a difference but the result is the same, the search dialog returns 
nothing and neither I can see the permission to grant.


Any hint about this?

Thanks
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users