Re: [ovirt-users] Cannot add new users via api after AAA migration
On Mon, 2016-04-18 at 15:53 +0200, Ondra Machacek wrote: > On 04/18/2016 12:37 PM, Karli Sjöberg wrote: > > > > Hi! > > > > A little background: > > https://www.mail-archive.com/users@ovirt.org/msg31815.html > > > > Trying to add new user from webadmin gives: > > 2016-04-18 12:19:14,448 > > INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand] (default task- > > 10) [53227bd6] Running command: AddUserCommand internal: false. > > Entities affected : ID: aaa0----123456789aaa Type: > > SystemAction group MANIPULATE_USERS with role type ADMIN > > 2016-04-18 12:19:14,466 > > INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLog > > Director] (default task-10) [53227bd6] Correlation ID: 53227bd6, > > Call Stack: null, Custom Event ID: -1, Message: User 'Firstname.Las > > tn...@foo.bar' was added successfully to the system. > > > > The user is then found as 'firstname.lastn...@foo.bar@baz.foo.bar' > > under Users tab. Also possible to find user with api: > > https://engine-address.foo.bar/ovirt-engine/api/users?search=Firstn > > ame > > ... > > firstname.lastn...@foo.bar@baz.foo.bar > > ... > > > > But removing the user and trying to add it again with e.g. Python > > fails: > > > > status: 404 > > reason: Not Found > > detail: Entity not found: adu...@baz.foo.bar:: username=Firstname.L > > astn...@foo.bar > > > > The code, previously working with the now deprecated engine-manage- > > domains, except PRINCIPAL_NAME was just SAM_ACCOUNT_NAME without > > SUFFIX: > > > > DOMAIN_NAME = 'baz.foo.bar' > > SUFFIX = '@foo.bar' > > > > try: > > domain = api.domains.get(name='%s' % (DOMAIN_NAME)) > > userparams = params.User() > > userparams.set_user_name('%s%s' % (PRINCIPAL_NAME,SUFFIX)) > > userparams.set_domain(domain) > Please set ^ here also: > > userparams.set_principal('%s%s' % (PRINCIPAL_NAME,SUFFIX)) > > in principal you should set proper UPN of user. Yeah, that was the ticket. Thanks! /K > > > > > api.users.add(userparams) > > except Exception as e: > > print e > > > > Also tried with SUFFIX = '@foo@baz.foo.bar', as that´s what the > > user is called after creation, fails as well. > > > > Am I "holding it wrong" or is this a bug? > > > > /K > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Cannot add new users via api after AAA migration
On 04/18/2016 12:37 PM, Karli Sjöberg wrote: Hi! A little background: https://www.mail-archive.com/users@ovirt.org/msg31815.html Trying to add new user from webadmin gives: 2016-04-18 12:19:14,448 INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand] (default task-10) [53227bd6] Running command: AddUserCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: SystemAction group MANIPULATE_USERS with role type ADMIN 2016-04-18 12:19:14,466 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-10) [53227bd6] Correlation ID: 53227bd6, Call Stack: null, Custom Event ID: -1, Message: User 'firstname.lastn...@foo.bar' was added successfully to the system. The user is then found as 'firstname.lastn...@foo.bar@baz.foo.bar' under Users tab. Also possible to find user with api: https://engine-address.foo.bar/ovirt-engine/api/users?search=Firstname ... firstname.lastn...@foo.bar@baz.foo.bar ... But removing the user and trying to add it again with e.g. Python fails: status: 404 reason: Not Found detail: Entity not found: adu...@baz.foo.bar:: username=firstname.lastn...@foo.bar The code, previously working with the now deprecated engine-manage- domains, except PRINCIPAL_NAME was just SAM_ACCOUNT_NAME without SUFFIX: DOMAIN_NAME = 'baz.foo.bar' SUFFIX = '@foo.bar' try: domain = api.domains.get(name='%s' % (DOMAIN_NAME)) userparams = params.User() userparams.set_user_name('%s%s' % (PRINCIPAL_NAME,SUFFIX)) userparams.set_domain(domain) Please set ^ here also: userparams.set_principal('%s%s' % (PRINCIPAL_NAME,SUFFIX)) in principal you should set proper UPN of user. api.users.add(userparams) except Exception as e: print e Also tried with SUFFIX = '@foo@baz.foo.bar', as that´s what the user is called after creation, fails as well. Am I "holding it wrong" or is this a bug? /K ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Cannot add new users via api after AAA migration
Hi! A little background: https://www.mail-archive.com/users@ovirt.org/msg31815.html Trying to add new user from webadmin gives: 2016-04-18 12:19:14,448 INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand] (default task-10) [53227bd6] Running command: AddUserCommand internal: false. Entities affected : ID: aaa0----123456789aaa Type: SystemAction group MANIPULATE_USERS with role type ADMIN 2016-04-18 12:19:14,466 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-10) [53227bd6] Correlation ID: 53227bd6, Call Stack: null, Custom Event ID: -1, Message: User 'firstname.lastn...@foo.bar' was added successfully to the system. The user is then found as 'firstname.lastn...@foo.bar@baz.foo.bar' under Users tab. Also possible to find user with api: https://engine-address.foo.bar/ovirt-engine/api/users?search=Firstname ... firstname.lastn...@foo.bar@baz.foo.bar ... But removing the user and trying to add it again with e.g. Python fails: status: 404 reason: Not Found detail: Entity not found: adu...@baz.foo.bar:: username=firstname.lastn...@foo.bar The code, previously working with the now deprecated engine-manage- domains, except PRINCIPAL_NAME was just SAM_ACCOUNT_NAME without SUFFIX: DOMAIN_NAME = 'baz.foo.bar' SUFFIX = '@foo.bar' try: domain = api.domains.get(name='%s' % (DOMAIN_NAME)) userparams = params.User() userparams.set_user_name('%s%s' % (PRINCIPAL_NAME,SUFFIX)) userparams.set_domain(domain) api.users.add(userparams) except Exception as e: print e Also tried with SUFFIX = '@foo@baz.foo.bar', as that´s what the user is called after creation, fails as well. Am I "holding it wrong" or is this a bug? /K ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users