Re: [ovirt-users] Cannot add new users via api after AAA migration
On Mon, 2016-04-18 at 15:53 +0200, Ondra Machacek wrote:
> On 04/18/2016 12:37 PM, Karli Sjöberg wrote:
> >
> > Hi!
> >
> > A little background:
> > https://www.mail-archive.com/users@ovirt.org/msg31815.html
> >
> > Trying to add new user from webadmin gives:
> > 2016-04-18 12:19:14,448
> > INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand] (default task-
> > 10) [53227bd6] Running command: AddUserCommand internal: false.
> > Entities affected : ID: aaa0----123456789aaa Type:
> > SystemAction group MANIPULATE_USERS with role type ADMIN
> > 2016-04-18 12:19:14,466
> > INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLog
> > Director] (default task-10) [53227bd6] Correlation ID: 53227bd6,
> > Call Stack: null, Custom Event ID: -1, Message: User 'Firstname.Las
> > tn...@foo.bar' was added successfully to the system.
> >
> > The user is then found as 'firstname.lastn...@foo.bar@baz.foo.bar'
> > under Users tab. Also possible to find user with api:
> > https://engine-address.foo.bar/ovirt-engine/api/users?search=Firstn
> > ame
> > ...
> > firstname.lastn...@foo.bar@baz.foo.bar
> > ...
> >
> > But removing the user and trying to add it again with e.g. Python
> > fails:
> >
> > status: 404
> > reason: Not Found
> > detail: Entity not found: adu...@baz.foo.bar:: username=Firstname.L
> > astn...@foo.bar
> >
> > The code, previously working with the now deprecated engine-manage-
> > domains, except PRINCIPAL_NAME was just SAM_ACCOUNT_NAME without
> > SUFFIX:
> >
> > DOMAIN_NAME = 'baz.foo.bar'
> > SUFFIX = '@foo.bar'
> >
> > try:
> > domain = api.domains.get(name='%s' % (DOMAIN_NAME))
> > userparams = params.User()
> > userparams.set_user_name('%s%s' % (PRINCIPAL_NAME,SUFFIX))
> > userparams.set_domain(domain)
> Please set ^ here also:
>
> userparams.set_principal('%s%s' % (PRINCIPAL_NAME,SUFFIX))
>
> in principal you should set proper UPN of user.
Yeah, that was the ticket. Thanks!
/K
>
> >
> > api.users.add(userparams)
> > except Exception as e:
> > print e
> >
> > Also tried with SUFFIX = '@foo@baz.foo.bar', as that´s what the
> > user is called after creation, fails as well.
> >
> > Am I "holding it wrong" or is this a bug?
> >
> > /K
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Cannot add new users via api after AAA migration
On 04/18/2016 12:37 PM, Karli Sjöberg wrote:
Hi!
A little background:
https://www.mail-archive.com/users@ovirt.org/msg31815.html
Trying to add new user from webadmin gives:
2016-04-18 12:19:14,448 INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand]
(default task-10) [53227bd6] Running command: AddUserCommand internal: false.
Entities affected : ID: aaa0----123456789aaa Type:
SystemAction group MANIPULATE_USERS with role type ADMIN
2016-04-18 12:19:14,466 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default
task-10) [53227bd6] Correlation ID: 53227bd6, Call Stack: null, Custom Event
ID: -1, Message: User 'firstname.lastn...@foo.bar' was added successfully to
the system.
The user is then found as 'firstname.lastn...@foo.bar@baz.foo.bar'
under Users tab. Also possible to find user with api:
https://engine-address.foo.bar/ovirt-engine/api/users?search=Firstname
...
firstname.lastn...@foo.bar@baz.foo.bar
...
But removing the user and trying to add it again with e.g. Python
fails:
status: 404
reason: Not Found
detail: Entity not found: adu...@baz.foo.bar::
username=firstname.lastn...@foo.bar
The code, previously working with the now deprecated engine-manage-
domains, except PRINCIPAL_NAME was just SAM_ACCOUNT_NAME without
SUFFIX:
DOMAIN_NAME = 'baz.foo.bar'
SUFFIX = '@foo.bar'
try:
domain = api.domains.get(name='%s' % (DOMAIN_NAME))
userparams = params.User()
userparams.set_user_name('%s%s' % (PRINCIPAL_NAME,SUFFIX))
userparams.set_domain(domain)
Please set ^ here also:
userparams.set_principal('%s%s' % (PRINCIPAL_NAME,SUFFIX))
in principal you should set proper UPN of user.
api.users.add(userparams)
except Exception as e:
print e
Also tried with SUFFIX = '@foo@baz.foo.bar', as that´s what the
user is called after creation, fails as well.
Am I "holding it wrong" or is this a bug?
/K
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Cannot add new users via api after AAA migration
Hi!
A little background:
https://www.mail-archive.com/users@ovirt.org/msg31815.html
Trying to add new user from webadmin gives:
2016-04-18 12:19:14,448 INFO [org.ovirt.engine.core.bll.aaa.AddUserCommand]
(default task-10) [53227bd6] Running command: AddUserCommand internal: false.
Entities affected : ID: aaa0----123456789aaa Type:
SystemAction group MANIPULATE_USERS with role type ADMIN
2016-04-18 12:19:14,466 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default
task-10) [53227bd6] Correlation ID: 53227bd6, Call Stack: null, Custom Event
ID: -1, Message: User 'firstname.lastn...@foo.bar' was added successfully to
the system.
The user is then found as 'firstname.lastn...@foo.bar@baz.foo.bar'
under Users tab. Also possible to find user with api:
https://engine-address.foo.bar/ovirt-engine/api/users?search=Firstname
...
firstname.lastn...@foo.bar@baz.foo.bar
...
But removing the user and trying to add it again with e.g. Python
fails:
status: 404
reason: Not Found
detail: Entity not found: adu...@baz.foo.bar::
username=firstname.lastn...@foo.bar
The code, previously working with the now deprecated engine-manage-
domains, except PRINCIPAL_NAME was just SAM_ACCOUNT_NAME without
SUFFIX:
DOMAIN_NAME = 'baz.foo.bar'
SUFFIX = '@foo.bar'
try:
domain = api.domains.get(name='%s' % (DOMAIN_NAME))
userparams = params.User()
userparams.set_user_name('%s%s' % (PRINCIPAL_NAME,SUFFIX))
userparams.set_domain(domain)
api.users.add(userparams)
except Exception as e:
print e
Also tried with SUFFIX = '@foo@baz.foo.bar', as that´s what the
user is called after creation, fails as well.
Am I "holding it wrong" or is this a bug?
/K
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
