Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-22 Thread Julián Tete
Thanks again :)

2016-06-22 11:14 GMT-05:00 Ondra Machacek :

> On 06/22/2016 05:21 PM, Julián Tete wrote:
>
>> S-O-L-V-E-D!!!
>>
>> You are a Wizard Ondra Machacek!!!
>>
>> Thank you very much !!! How Apache says: "It works"
>>
>
> Great! You are welcome
>
>
>> A have a question for you
>>
>> In the command
>>
>> su - postgres -c "psql -t engine -c \"insert into permissions values
>> ('001b-001b-001b-001b-029f',
>> '----0001',
>> 'fdfc627c-d875-11e0-90f0-83df133b58cc',
>> 'aaa0----123456789aaa', 1);\"
>>
>> What's the meaning of:
>>
>> 001b-001b-001b-001b-029f
>>
>
> This one is id of permission. It's auto generated.
>
>
>> ----0001
>>
>
> This one is id of role. This is id of SuperUser as you can see by running:
>
>  select * from roles;
>
>
>> aaa0----123456789aaa
>>
>
> This one is object id, in this case it's id of system.
>
>
>> 1
>>
>
> This one represent object type, it is number that represent some object
> for example 1 represent
> system object, number 2 represent Vm, number 3 Host... etc
>
>
>> ¿?
>>
>> Thanks again
>>
>>
>> 2016-06-22 5:22 GMT-05:00 Ondra Machacek > >:
>>
>> On 06/21/2016 09:18 PM, Julián Tete wrote:
>>
>> Roger Ondra!
>>
>> 1) su - postgres -c "psql -t engine -c \"delete from users where
>> user_id='7f300f43-9972-4c0e-bfa9-e86df6f1659f';\""
>>
>> Output:
>>
>> DELETE 1
>>
>> 2) su - postgres -c "psql -t engine -c \"UPDATE users set
>> domain='internal-authz'  where
>> user_id='fdfc627c-d875-11e0-90f0-83df133b58cc';\""
>>
>> Output:
>>
>> ERROR:  duplicate key value violates unique constraint
>> "users_domain_external_id_unique"
>> DETAIL:  Key (domain, external_id)=(internal-authz,
>> fdfc627c-d875-11e0-90f0-83df133b58cc) already exists.
>>
>>
>> OK, this is really strange, because this shouldn't be printed as you
>> removed all contraints in step 1).
>>
>> So, can you please first stop ovirt-engine, before running steps
>> above? So the steps now
>> would be:
>>
>>  1) service ovirt-engine stop
>>
>>  2) remove admin@internal-authz
>> (c9dcda67-9b3e-4255-aa9f-d69043a02b2b) (note id
>> changed, from last time) If there is more admin users with domain
>> internal-authz, please
>> remove them all.
>>   $ su - postgres -c "psql -t engine -c \"delete from users
>> where user_id='c9dcda67-9b3e-4255-aa9f-d69043a02b2b';\""
>>
>>  3) rename admin@internal to admin@internal-authz
>>   $ su - postgres -c "psql -t engine -c \"UPDATE users set
>> domain='internal-authz'  where
>> user_id='fdfc627c-d875-11e0-90f0-83df133b58cc;\""
>>
>>   4) service ovirt-engine start
>>
>>
>> 3) systemctl restart ovirt-engine.service
>>
>> No login yet :(
>>
>> Look at this:
>>
>> ovirt-aaa-jdbc-tool user show admin
>>
>> Output:
>> -- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --
>> Namespace: *
>> Name: admin
>> ID: fdfc627c-d875-11e0-90f0-83df133b58cc
>> Display Name:
>> Email:
>> First Name: admin
>> Last Name:
>> Department:
>> Title:
>> Description:
>> Account Disabled: false
>> Account Unlocked At: 1970-01-01 00:00:00Z
>> Account Valid From: 2015-10-01 00:00:00Z
>> Account Valid To: 2100-01-01 00:00:00Z
>> Account Without Password: false
>> Last successful Login At: 2016-06-21 19:15:59Z
>> Last unsuccessful Login At: 2016-06-20 17:33:24Z
>> Password Valid To: 2100-01-01 00:00:00Z
>>
>> su - postgres -c "psql -t engine -c \"select * from users;\""
>>
>> Output:
>>
>>  fdfc627c-d875-11e0-90f0-83df133b58cc | admin  |   |
>> internal | admin||
>> |  | t   |
>> fdfc627c-d875-11e0-90f0-83df133b58cc
>> | 2015-09-19 21:38:44.838161-
>> 05 | 2016-06-18 20:42:18.883738-05 | *
>>  16f666bb-b4c8-44c9-8264-30c3aff63a6e || Administrator |
>> udistritaloas.edu.co 
>>  | admin
>> || |  | f
>> | 41cd26a2-0e0a-11e6-aa00-001a4a160159 | 2016-06-19
>> 11:53:39.249812-
>> 05 | 2016-06-19 12:24:41.590162-05  | *
>>  c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete  |
>> internal-authz   | julian   ||
>> danteconra...@gmail.com 
>> > > |  | f
>>|
>> 1ad3dc19-b15a-493c-9610-2ccdd0dac6af | 2016-06-20 

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-22 Thread Ondra Machacek

On 06/22/2016 05:21 PM, Julián Tete wrote:

S-O-L-V-E-D!!!

You are a Wizard Ondra Machacek!!!

Thank you very much !!! How Apache says: "It works"


Great! You are welcome



A have a question for you

In the command

su - postgres -c "psql -t engine -c \"insert into permissions values
('001b-001b-001b-001b-029f',
'----0001',
'fdfc627c-d875-11e0-90f0-83df133b58cc',
'aaa0----123456789aaa', 1);\"

What's the meaning of:

001b-001b-001b-001b-029f


This one is id of permission. It's auto generated.



----0001


This one is id of role. This is id of SuperUser as you can see by running:

 select * from roles;



aaa0----123456789aaa


This one is object id, in this case it's id of system.



1


This one represent object type, it is number that represent some object 
for example 1 represent

system object, number 2 represent Vm, number 3 Host... etc



¿?

Thanks again


2016-06-22 5:22 GMT-05:00 Ondra Machacek >:

On 06/21/2016 09:18 PM, Julián Tete wrote:

Roger Ondra!

1) su - postgres -c "psql -t engine -c \"delete from users where
user_id='7f300f43-9972-4c0e-bfa9-e86df6f1659f';\""

Output:

DELETE 1

2) su - postgres -c "psql -t engine -c \"UPDATE users set
domain='internal-authz'  where
user_id='fdfc627c-d875-11e0-90f0-83df133b58cc';\""

Output:

ERROR:  duplicate key value violates unique constraint
"users_domain_external_id_unique"
DETAIL:  Key (domain, external_id)=(internal-authz,
fdfc627c-d875-11e0-90f0-83df133b58cc) already exists.


OK, this is really strange, because this shouldn't be printed as you
removed all contraints in step 1).

So, can you please first stop ovirt-engine, before running steps
above? So the steps now
would be:

 1) service ovirt-engine stop

 2) remove admin@internal-authz
(c9dcda67-9b3e-4255-aa9f-d69043a02b2b) (note id
changed, from last time) If there is more admin users with domain
internal-authz, please
remove them all.
  $ su - postgres -c "psql -t engine -c \"delete from users
where user_id='c9dcda67-9b3e-4255-aa9f-d69043a02b2b';\""

 3) rename admin@internal to admin@internal-authz
  $ su - postgres -c "psql -t engine -c \"UPDATE users set
domain='internal-authz'  where
user_id='fdfc627c-d875-11e0-90f0-83df133b58cc;\""

  4) service ovirt-engine start


3) systemctl restart ovirt-engine.service

No login yet :(

Look at this:

ovirt-aaa-jdbc-tool user show admin

Output:
-- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --
Namespace: *
Name: admin
ID: fdfc627c-d875-11e0-90f0-83df133b58cc
Display Name:
Email:
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2015-10-01 00:00:00Z
Account Valid To: 2100-01-01 00:00:00Z
Account Without Password: false
Last successful Login At: 2016-06-21 19:15:59Z
Last unsuccessful Login At: 2016-06-20 17:33:24Z
Password Valid To: 2100-01-01 00:00:00Z

su - postgres -c "psql -t engine -c \"select * from users;\""

Output:

 fdfc627c-d875-11e0-90f0-83df133b58cc | admin  |   |
internal | admin||
|  | t   |
fdfc627c-d875-11e0-90f0-83df133b58cc
| 2015-09-19 21:38:44.838161-
05 | 2016-06-18 20:42:18.883738-05 | *
 16f666bb-b4c8-44c9-8264-30c3aff63a6e || Administrator |
udistritaloas.edu.co 
 | admin
|| |  | f
| 41cd26a2-0e0a-11e6-aa00-001a4a160159 | 2016-06-19 11:53:39.249812-
05 | 2016-06-19 12:24:41.590162-05  | *
 c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete  |
internal-authz   | julian   ||
danteconra...@gmail.com 
> |  | f   |
1ad3dc19-b15a-493c-9610-2ccdd0dac6af | 2016-06-20 11:22:56.483292-
05 | 2016-06-20 11:23:19.261686-05 | *
 c9dcda67-9b3e-4255-aa9f-d69043a02b2b | admin  |   |
internal-authz   | admin||
|  | f   |
fdfc627c-d875-11e0-90f0-83df133b58cc
| 2016-06-21 13:54:07.765767-
05 | 2016-06-21 14:15:59.352697-05 | *


su - postgres -c "psql -t engine -c \"select * from permissions;\""

Output:


Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-22 Thread Julián Tete
S-O-L-V-E-D!!!

You are a Wizard Ondra Machacek!!!

Thank you very much !!! How Apache says: "It works"

A have a question for you

In the command

su - postgres -c "psql -t engine -c \"insert into permissions values
('001b-001b-001b-001b-029f',
'----0001',
'fdfc627c-d875-11e0-90f0-83df133b58cc',
'aaa0----123456789aaa', 1);\"

What's the meaning of:

001b-001b-001b-001b-029f

----0001

aaa0----123456789aaa

1

¿?

Thanks again


2016-06-22 5:22 GMT-05:00 Ondra Machacek :

> On 06/21/2016 09:18 PM, Julián Tete wrote:
>
>> Roger Ondra!
>>
>> 1) su - postgres -c "psql -t engine -c \"delete from users where
>> user_id='7f300f43-9972-4c0e-bfa9-e86df6f1659f';\""
>>
>> Output:
>>
>> DELETE 1
>>
>> 2) su - postgres -c "psql -t engine -c \"UPDATE users set
>> domain='internal-authz'  where
>> user_id='fdfc627c-d875-11e0-90f0-83df133b58cc';\""
>>
>> Output:
>>
>> ERROR:  duplicate key value violates unique constraint
>> "users_domain_external_id_unique"
>> DETAIL:  Key (domain, external_id)=(internal-authz,
>> fdfc627c-d875-11e0-90f0-83df133b58cc) already exists.
>>
>
> OK, this is really strange, because this shouldn't be printed as you
> removed all contraints in step 1).
>
> So, can you please first stop ovirt-engine, before running steps above? So
> the steps now
> would be:
>
>  1) service ovirt-engine stop
>
>  2) remove admin@internal-authz (c9dcda67-9b3e-4255-aa9f-d69043a02b2b)
> (note id
> changed, from last time) If there is more admin users with domain
> internal-authz, please
> remove them all.
>   $ su - postgres -c "psql -t engine -c \"delete from users where
> user_id='c9dcda67-9b3e-4255-aa9f-d69043a02b2b';\""
>
>  3) rename admin@internal to admin@internal-authz
>   $ su - postgres -c "psql -t engine -c \"UPDATE users set
> domain='internal-authz'  where
> user_id='fdfc627c-d875-11e0-90f0-83df133b58cc;\""
>
>   4) service ovirt-engine start
>
>
>> 3) systemctl restart ovirt-engine.service
>>
>> No login yet :(
>>
>> Look at this:
>>
>> ovirt-aaa-jdbc-tool user show admin
>>
>> Output:
>> -- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --
>> Namespace: *
>> Name: admin
>> ID: fdfc627c-d875-11e0-90f0-83df133b58cc
>> Display Name:
>> Email:
>> First Name: admin
>> Last Name:
>> Department:
>> Title:
>> Description:
>> Account Disabled: false
>> Account Unlocked At: 1970-01-01 00:00:00Z
>> Account Valid From: 2015-10-01 00:00:00Z
>> Account Valid To: 2100-01-01 00:00:00Z
>> Account Without Password: false
>> Last successful Login At: 2016-06-21 19:15:59Z
>> Last unsuccessful Login At: 2016-06-20 17:33:24Z
>> Password Valid To: 2100-01-01 00:00:00Z
>>
>> su - postgres -c "psql -t engine -c \"select * from users;\""
>>
>> Output:
>>
>>  fdfc627c-d875-11e0-90f0-83df133b58cc | admin  |   |
>> internal | admin||
>> |  | t   | fdfc627c-d875-11e0-90f0-83df133b58cc
>> | 2015-09-19 21:38:44.838161-
>> 05 | 2016-06-18 20:42:18.883738-05 | *
>>  16f666bb-b4c8-44c9-8264-30c3aff63a6e || Administrator |
>> udistritaloas.edu.co  | admin
>> || |  | f
>> | 41cd26a2-0e0a-11e6-aa00-001a4a160159 | 2016-06-19 11:53:39.249812-
>> 05 | 2016-06-19 12:24:41.590162-05 | *
>>  c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete  |
>> internal-authz   | julian   || danteconra...@gmail.com
>>  |  | f   |
>> 1ad3dc19-b15a-493c-9610-2ccdd0dac6af | 2016-06-20 11:22:56.483292-
>> 05 | 2016-06-20 11:23:19.261686-05 | *
>>  c9dcda67-9b3e-4255-aa9f-d69043a02b2b | admin  |   |
>> internal-authz   | admin||
>> |  | f   | fdfc627c-d875-11e0-90f0-83df133b58cc
>> | 2016-06-21 13:54:07.765767-
>> 05 | 2016-06-21 14:15:59.352697-05 | *
>>
>>
>> su - postgres -c "psql -t engine -c \"select * from permissions;\""
>>
>> Output:
>>
>>  0004-0004-0004-0004-025e |
>> def9----def9 |
>> eee0----123456789eee |
>> ---- |  4 |1447535033
>>  000f-000f-000f-000f-0293 |
>> defa----def00010 |
>> eee0----123456789eee |
>> 000e-000e-000e-000e-02d6 | 27 |1447535033
>>  0003-0003-0003-0003-009c |
>> ----0001 |
>> fdfc627c-d875-11e0-90f0-83df133b58cc |
>> aaa0----123456789aaa |  1 |1447535033
>>  0006-0006-0006-0006-00e3 |
>> ---0001-0002 |
>> fdfc627c-d875-11e0-90f0-83df133b58cc |
>> aaa0----123456789aaa |  1 |1447535033
>>  0011-0011-0011-0011-02a9 |
>> def9----def9 |
>> 

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-22 Thread Ondra Machacek

On 06/21/2016 09:18 PM, Julián Tete wrote:

Roger Ondra!

1) su - postgres -c "psql -t engine -c \"delete from users where
user_id='7f300f43-9972-4c0e-bfa9-e86df6f1659f';\""

Output:

DELETE 1

2) su - postgres -c "psql -t engine -c \"UPDATE users set
domain='internal-authz'  where
user_id='fdfc627c-d875-11e0-90f0-83df133b58cc';\""

Output:

ERROR:  duplicate key value violates unique constraint
"users_domain_external_id_unique"
DETAIL:  Key (domain, external_id)=(internal-authz,
fdfc627c-d875-11e0-90f0-83df133b58cc) already exists.


OK, this is really strange, because this shouldn't be printed as you 
removed all contraints in step 1).


So, can you please first stop ovirt-engine, before running steps above? 
So the steps now

would be:

 1) service ovirt-engine stop

 2) remove admin@internal-authz (c9dcda67-9b3e-4255-aa9f-d69043a02b2b) 
(note id
changed, from last time) If there is more admin users with domain 
internal-authz, please

remove them all.
  $ su - postgres -c "psql -t engine -c \"delete from users where 
user_id='c9dcda67-9b3e-4255-aa9f-d69043a02b2b';\""


 3) rename admin@internal to admin@internal-authz
  $ su - postgres -c "psql -t engine -c \"UPDATE users set 
domain='internal-authz'  where 
user_id='fdfc627c-d875-11e0-90f0-83df133b58cc;\""


  4) service ovirt-engine start



3) systemctl restart ovirt-engine.service

No login yet :(

Look at this:

ovirt-aaa-jdbc-tool user show admin

Output:
-- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --
Namespace: *
Name: admin
ID: fdfc627c-d875-11e0-90f0-83df133b58cc
Display Name:
Email:
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2015-10-01 00:00:00Z
Account Valid To: 2100-01-01 00:00:00Z
Account Without Password: false
Last successful Login At: 2016-06-21 19:15:59Z
Last unsuccessful Login At: 2016-06-20 17:33:24Z
Password Valid To: 2100-01-01 00:00:00Z

su - postgres -c "psql -t engine -c \"select * from users;\""

Output:

 fdfc627c-d875-11e0-90f0-83df133b58cc | admin  |   |
internal | admin||
|  | t   | fdfc627c-d875-11e0-90f0-83df133b58cc
| 2015-09-19 21:38:44.838161-
05 | 2016-06-18 20:42:18.883738-05 | *
 16f666bb-b4c8-44c9-8264-30c3aff63a6e || Administrator |
udistritaloas.edu.co  | admin
|| |  | f
| 41cd26a2-0e0a-11e6-aa00-001a4a160159 | 2016-06-19 11:53:39.249812-
05 | 2016-06-19 12:24:41.590162-05 | *
 c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete  |
internal-authz   | julian   || danteconra...@gmail.com
 |  | f   |
1ad3dc19-b15a-493c-9610-2ccdd0dac6af | 2016-06-20 11:22:56.483292-
05 | 2016-06-20 11:23:19.261686-05 | *
 c9dcda67-9b3e-4255-aa9f-d69043a02b2b | admin  |   |
internal-authz   | admin||
|  | f   | fdfc627c-d875-11e0-90f0-83df133b58cc
| 2016-06-21 13:54:07.765767-
05 | 2016-06-21 14:15:59.352697-05 | *


su - postgres -c "psql -t engine -c \"select * from permissions;\""

Output:

 0004-0004-0004-0004-025e |
def9----def9 |
eee0----123456789eee |
---- |  4 |1447535033
 000f-000f-000f-000f-0293 |
defa----def00010 |
eee0----123456789eee |
000e-000e-000e-000e-02d6 | 27 |1447535033
 0003-0003-0003-0003-009c |
----0001 |
fdfc627c-d875-11e0-90f0-83df133b58cc |
aaa0----123456789aaa |  1 |1447535033
 0006-0006-0006-0006-00e3 |
---0001-0002 |
fdfc627c-d875-11e0-90f0-83df133b58cc |
aaa0----123456789aaa |  1 |1447535033
 0011-0011-0011-0011-02a9 |
def9----def9 |
eee0----123456789eee |
0010-0010-0010-0010-01d1 |  4 |1447535033
 0013-0013-0013-0013-031e |
def9----def9 |
eee0----123456789eee |
0012-0012-0012-0012-01c6 |  4 |1447535033
 0015-0015-0015-0015-03b8 |
def9----def9 |
eee0----123456789eee |
0014-0014-0014-0014-02fd |  4 |1447535033
 0017-0017-0017-0017-0388 |
def9----def9 |
eee0----123456789eee |
0016-0016-0016-0016-02b0 |  4 |1447535033
 0019-0019-0019-0019-03d5 |
def9----def9 |
eee0----123456789eee |
0018-0018-0018-0018-0314 |  4 |1447535033
 0027-0027-0027-0027-027e |
def00021----def00015 |

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-21 Thread Julián Tete
Roger Ondra!

1) su - postgres -c "psql -t engine -c \"delete from users where
user_id='7f300f43-9972-4c0e-bfa9-e86df6f1659f';\""

Output:

DELETE 1

2) su - postgres -c "psql -t engine -c \"UPDATE users set
domain='internal-authz'  where
user_id='fdfc627c-d875-11e0-90f0-83df133b58cc';\""

Output:

ERROR:  duplicate key value violates unique constraint
"users_domain_external_id_unique"
DETAIL:  Key (domain, external_id)=(internal-authz,
fdfc627c-d875-11e0-90f0-83df133b58cc) already exists.

3) systemctl restart ovirt-engine.service

No login yet :(

Look at this:

ovirt-aaa-jdbc-tool user show admin

Output:
-- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --
Namespace: *
Name: admin
ID: fdfc627c-d875-11e0-90f0-83df133b58cc
Display Name:
Email:
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2015-10-01 00:00:00Z
Account Valid To: 2100-01-01 00:00:00Z
Account Without Password: false
Last successful Login At: 2016-06-21 19:15:59Z
Last unsuccessful Login At: 2016-06-20 17:33:24Z
Password Valid To: 2100-01-01 00:00:00Z

su - postgres -c "psql -t engine -c \"select * from users;\""

Output:

 fdfc627c-d875-11e0-90f0-83df133b58cc | admin  |   |
internal | admin||
|  | t   | fdfc627c-d875-11e0-90f0-83df133b58cc |
2015-09-19 21:38:44.838161-
05 | 2016-06-18 20:42:18.883738-05 | *
 16f666bb-b4c8-44c9-8264-30c3aff63a6e || Administrator |
udistritaloas.edu.co | admin||
|  | f   | 41cd26a2-0e0a-11e6-aa00-001a4a160159 |
2016-06-19 11:53:39.249812-
05 | 2016-06-19 12:24:41.590162-05 | *
 c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete  |
internal-authz   | julian   || danteconra...@gmail.com
|  | f   | 1ad3dc19-b15a-493c-9610-2ccdd0dac6af |
2016-06-20 11:22:56.483292-
05 | 2016-06-20 11:23:19.261686-05 | *
 c9dcda67-9b3e-4255-aa9f-d69043a02b2b | admin  |   |
internal-authz   | admin||
|  | f   | fdfc627c-d875-11e0-90f0-83df133b58cc |
2016-06-21 13:54:07.765767-
05 | 2016-06-21 14:15:59.352697-05 | *


su - postgres -c "psql -t engine -c \"select * from permissions;\""

Output:

 0004-0004-0004-0004-025e |
def9----def9 | eee0----123456789eee
| ---- |  4 |1447535033
 000f-000f-000f-000f-0293 |
defa----def00010 | eee0----123456789eee
| 000e-000e-000e-000e-02d6 | 27 |1447535033
 0003-0003-0003-0003-009c |
----0001 | fdfc627c-d875-11e0-90f0-83df133b58cc
| aaa0----123456789aaa |  1 |1447535033
 0006-0006-0006-0006-00e3 |
---0001-0002 | fdfc627c-d875-11e0-90f0-83df133b58cc
| aaa0----123456789aaa |  1 |1447535033
 0011-0011-0011-0011-02a9 |
def9----def9 | eee0----123456789eee
| 0010-0010-0010-0010-01d1 |  4 |1447535033
 0013-0013-0013-0013-031e |
def9----def9 | eee0----123456789eee
| 0012-0012-0012-0012-01c6 |  4 |1447535033
 0015-0015-0015-0015-03b8 |
def9----def9 | eee0----123456789eee
| 0014-0014-0014-0014-02fd |  4 |1447535033
 0017-0017-0017-0017-0388 |
def9----def9 | eee0----123456789eee
| 0016-0016-0016-0016-02b0 |  4 |1447535033
 0019-0019-0019-0019-03d5 |
def9----def9 | eee0----123456789eee
| 0018-0018-0018-0018-0314 |  4 |1447535033
 0027-0027-0027-0027-027e |
def00021----def00015 | eee0----123456789eee
| aaa0----123456789aaa |  1 |1447535037
 7a3917ea-b2df-444f-938c-f768feeaee04 |
def9----def9 | eee0----123456789eee
| 8fa947f7-c698-4661-aea4-a093bbd0ba0b |  4 |1457665842
 e8abc833-b860-451c-b580-780c7d1049d4 |
defa----deff | fdfc627c-d875-11e0-90f0-83df133b58cc
| 8fa947f7-c698-4661-aea4-a093bbd0ba0b |  4 |1457665842
 c4d609ca-f2de-4c13-a9a6-b73e9dd9c34c |
defa----defb | fdfc627c-d875-11e0-90f0-83df133b58cc
| 9881e686-90d0-4da3-85b4-b8a1b3638396 | 19 |1463161875




2016-06-21 13:30 GMT-05:00 Ondra Machacek :

> On 06/21/2016 04:54 PM, Julián Tete wrote:
>
>> That's right I remove internal properties :/
>>
>> This is the output of the commands:
>>
>> 

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-21 Thread Ondra Machacek

On 06/21/2016 04:54 PM, Julián Tete wrote:

That's right I remove internal properties :/

This is the output of the commands:

*/usr/share/ovirt-engine/bin/o**virt-engine-role.sh --command=add
--user-name=admin --authz-name=internal-authz --role=SuperUser

*
*Output:
*

FATAL: Please specify provider namespace


You don't have to run it, I've just send it for a future reference :)
But if you for example want to add SuperUser permissions to user 
'julian', you can run:


  /usr/share/ovirt-engine/bin/ovirt-engine-role.sh --command=add 
--principal-id='c01c263a-78c5-4524-a94e-c9aa38141ea9' --role=SuperUser 
--user-name=julian --authz-name=internal-authz --principal-namespace=*


And you don't need admin@internal-authz user.



*su - postgres -c "psql -t engine -c \"select * from users;\""

*
*Output:*

fdfc627c-d875-11e0-90f0-83df133b58cc | admin  |   |
internal | admin||
|  | t   | fdfc627c-d875-11e0-90f0-83df133b58cc
| 2015-09-19 21:38:44.838161-
05 | 2016-06-18 20:42:18.883738-05 | *
 16f666bb-b4c8-44c9-8264-30c3aff63a6e || Administrator |
udistritaloas.edu.co  | admin
|| |  | f
| 41cd26a2-0e0a-11e6-aa00-001a4a160159 | 2016-06-19 11:53:39.249812-
05 | 2016-06-19 12:24:41.590162-05 | *
 c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete  |
internal-authz   | julian   || danteconra...@gmail.com
 |  | f   |
1ad3dc19-b15a-493c-9610-2ccdd0dac6af | 2016-06-20 11:22:56.483292-
05 | 2016-06-20 11:23:19.261686-05 | *
 7f300f43-9972-4c0e-bfa9-e86df6f1659f | admin  |   |
internal-authz   | admin||
|  | f   | fdfc627c-d875-11e0-90f0-83df133b58cc
| 2016-06-19 11:43:51.644981-
05 | 2016-06-20 16:06:49.138862-05 | *
*
su - postgres -c "psql -t engine -c \"select * from permissions;\""


Ok, according to current status I would suggest you to:

 1) remove admin@internal-authz (7f300f43-9972-4c0e-bfa9-e86df6f1659f)
  $ su - postgres -c "psql -t engine -c \"delete from users where 
user_id='7f300f43-9972-4c0e-bfa9-e86df6f1659f';\""


  2) rename admin@internal to admin@internal-authz
  $ su - postgres -c "psql -t engine -c \"UPDATE users set 
domain='internal-authz'  where 
user_id='fdfc627c-d875-11e0-90f0-83df133b58cc;\""


Then restart ovirt-engine and try to login.

The problem here is that it tries to login with admin user which don't 
have any permissions, and
you have two admin users, because you have removed internal-*properties 
files, so it added

another one.



*
*Otput:
*

 0004-0004-0004-0004-025e |
def9----def9 |
eee0----123456789eee |
---- |  4 |1447535033
 000f-000f-000f-000f-0293 |
defa----def00010 |
eee0----123456789eee |
000e-000e-000e-000e-02d6 | 27 |1447535033
 0003-0003-0003-0003-009c |
----0001 |
fdfc627c-d875-11e0-90f0-83df133b58cc |
aaa0----123456789aaa |  1 |1447535033
 0006-0006-0006-0006-00e3 |
---0001-0002 |
fdfc627c-d875-11e0-90f0-83df133b58cc |
aaa0----123456789aaa |  1 |1447535033
 0011-0011-0011-0011-02a9 |
def9----def9 |
eee0----123456789eee |
0010-0010-0010-0010-01d1 |  4 |1447535033
 0013-0013-0013-0013-031e |
def9----def9 |
eee0----123456789eee |
0012-0012-0012-0012-01c6 |  4 |1447535033
 0015-0015-0015-0015-03b8 |
def9----def9 |
eee0----123456789eee |
0014-0014-0014-0014-02fd |  4 |1447535033
 0017-0017-0017-0017-0388 |
def9----def9 |
eee0----123456789eee |
0016-0016-0016-0016-02b0 |  4 |1447535033
 0019-0019-0019-0019-03d5 |
def9----def9 |
eee0----123456789eee |
0018-0018-0018-0018-0314 |  4 |1447535033
 0027-0027-0027-0027-027e |
def00021----def00015 |
eee0----123456789eee |
aaa0----123456789aaa |  1 |1447535037
 7a3917ea-b2df-444f-938c-f768feeaee04 |
def9----def9 |
eee0----123456789eee |
8fa947f7-c698-4661-aea4-a093bbd0ba0b |  4 |1457665842
 e8abc833-b860-451c-b580-780c7d1049d4 |
defa----deff |
fdfc627c-d875-11e0-90f0-83df133b58cc |
8fa947f7-c698-4661-aea4-a093bbd0ba0b |  4 |1457665842
 c4d609ca-f2de-4c13-a9a6-b73e9dd9c34c |

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-21 Thread Julián Tete
That's right I remove internal properties :/

This is the output of the commands:

*/usr/share/ovirt-engine/bin/o*

*virt-engine-role.sh --command=add --user-name=admin
--authz-name=internal-authz --role=SuperUser*

*Output:*

FATAL: Please specify provider namespace



*su - postgres -c "psql -t engine -c \"select * from users;\""*
*Output:*

fdfc627c-d875-11e0-90f0-83df133b58cc | admin  |   |
internal | admin||
|  | t   | fdfc627c-d875-11e0-90f0-83df133b58cc |
2015-09-19 21:38:44.838161-
05 | 2016-06-18 20:42:18.883738-05 | *
 16f666bb-b4c8-44c9-8264-30c3aff63a6e || Administrator |
udistritaloas.edu.co | admin||
|  | f   | 41cd26a2-0e0a-11e6-aa00-001a4a160159 |
2016-06-19 11:53:39.249812-
05 | 2016-06-19 12:24:41.590162-05 | *
 c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete  |
internal-authz   | julian   || danteconra...@gmail.com
|  | f   | 1ad3dc19-b15a-493c-9610-2ccdd0dac6af |
2016-06-20 11:22:56.483292-
05 | 2016-06-20 11:23:19.261686-05 | *
 7f300f43-9972-4c0e-bfa9-e86df6f1659f | admin  |   |
internal-authz   | admin||
|  | f   | fdfc627c-d875-11e0-90f0-83df133b58cc |
2016-06-19 11:43:51.644981-
05 | 2016-06-20 16:06:49.138862-05 | *



*su - postgres -c "psql -t engine -c \"select * from permissions;\""*

*Otput:*

 0004-0004-0004-0004-025e |
def9----def9 | eee0----123456789eee
| ---- |  4 |1447535033
 000f-000f-000f-000f-0293 |
defa----def00010 | eee0----123456789eee
| 000e-000e-000e-000e-02d6 | 27 |1447535033
 0003-0003-0003-0003-009c |
----0001 | fdfc627c-d875-11e0-90f0-83df133b58cc
| aaa0----123456789aaa |  1 |1447535033
 0006-0006-0006-0006-00e3 |
---0001-0002 | fdfc627c-d875-11e0-90f0-83df133b58cc
| aaa0----123456789aaa |  1 |1447535033
 0011-0011-0011-0011-02a9 |
def9----def9 | eee0----123456789eee
| 0010-0010-0010-0010-01d1 |  4 |1447535033
 0013-0013-0013-0013-031e |
def9----def9 | eee0----123456789eee
| 0012-0012-0012-0012-01c6 |  4 |1447535033
 0015-0015-0015-0015-03b8 |
def9----def9 | eee0----123456789eee
| 0014-0014-0014-0014-02fd |  4 |1447535033
 0017-0017-0017-0017-0388 |
def9----def9 | eee0----123456789eee
| 0016-0016-0016-0016-02b0 |  4 |1447535033
 0019-0019-0019-0019-03d5 |
def9----def9 | eee0----123456789eee
| 0018-0018-0018-0018-0314 |  4 |1447535033
 0027-0027-0027-0027-027e |
def00021----def00015 | eee0----123456789eee
| aaa0----123456789aaa |  1 |1447535037
 7a3917ea-b2df-444f-938c-f768feeaee04 |
def9----def9 | eee0----123456789eee
| 8fa947f7-c698-4661-aea4-a093bbd0ba0b |  4 |1457665842
 e8abc833-b860-451c-b580-780c7d1049d4 |
defa----deff | fdfc627c-d875-11e0-90f0-83df133b58cc
| 8fa947f7-c698-4661-aea4-a093bbd0ba0b |  4 |1457665842
 c4d609ca-f2de-4c13-a9a6-b73e9dd9c34c |
defa----defb | fdfc627c-d875-11e0-90f0-83df133b58cc
| 9881e686-90d0-4da3-85b4-b8a1b3638396 | 19 |1463161875


2016-06-21 9:18 GMT-05:00 Ondra Machacek :

> On 06/20/2016 08:33 PM, Julián Tete wrote:
>
>> Thanks Ondra :)
>>
>> With the command:
>>
>> su - postgres -c "psql -t engine -c \"insert into permissions values
>> ('001b-001b-001b-001b-029f',
>> '----0001',
>> 'fdfc627c-d875-11e0-90f0-83df133b58cc',
>> 'aaa0----123456789aaa', 1);\""
>>
>>
> I've just remembered, that there is bash script for it:
>
>  /usr/share/ovirt-engine/bin/ovirt-engine-role.sh
>
> You can use it as follows:
>
>  /usr/share/ovirt-engine/bin/ovirt-engine-role.sh --command=add
> --user-name=admin --authz-name=internal-authz --role=SuperUser
>
> But, as per your output above, obviously your problem is not missing
> permissions.
> I think the problem is that you removed internal*.properties files and
> then re-add it.
> Can you please send output of users table and permissions table. Thanks.
>
>  su - postgres -c "psql -t engine -c \"select * from users;\""
>  su - postgres -c "psql -t engine -c \"select * from permissions;\""
>
> 

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-21 Thread Ondra Machacek

On 06/20/2016 08:33 PM, Julián Tete wrote:

Thanks Ondra :)

With the command:

su - postgres -c "psql -t engine -c \"insert into permissions values
('001b-001b-001b-001b-029f',
'----0001',
'fdfc627c-d875-11e0-90f0-83df133b58cc',
'aaa0----123456789aaa', 1);\""



I've just remembered, that there is bash script for it:

 /usr/share/ovirt-engine/bin/ovirt-engine-role.sh

You can use it as follows:

 /usr/share/ovirt-engine/bin/ovirt-engine-role.sh --command=add 
--user-name=admin --authz-name=internal-authz --role=SuperUser


But, as per your output above, obviously your problem is not missing 
permissions.
I think the problem is that you removed internal*.properties files and 
then re-add it.

Can you please send output of users table and permissions table. Thanks.

 su - postgres -c "psql -t engine -c \"select * from users;\""
 su - postgres -c "psql -t engine -c \"select * from permissions;\""


I get:

ERROR:  duplicate key value violates unique constraint
"idx_combined_ad_role_object"
DETAIL:  Key (ad_element_id, role_id,
object_id)=(fdfc627c-d875-11e0-90f0-83df133b58cc,
----0001,
aaa0----123456789aaa) already exists.

History

  261  yum install ovirt-engine-extension-aaa-ldap
  262  cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/aaa/profile1.properties
/etc/ovirt-engine/
  263  cd /etc/ovirt-engine/
  264  ll
  265  vim profile1.properties
  266  ll
  267  cd cp
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*
/etc/ovirt-engine/extensions.d/
  268  cd cp /usr/share/ovirt-engine-extension-aaa-ldap/examples/
  269  cd
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/
  270  ll
  271  cp
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*
/etc/ovirt-engine/extensions.d/
  272  cd /etc/ovirt-engine/extensions.d/
  273  ll
  274  find / -type f -iname profile1.properties
  275  cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/aaa/profile1.properties
/etc/ovirt-engine/aaa/
  276  find / -type f -iname profile1.properties
  277  vim /etc/ovirt-engine/aaa/profile1.properties
  278  chown ovirt:ovirt /etc/ovirt-engine/aaa/profile1.properties
  279  chmod 600 /etc/ovirt-engine/aaa/profile1.properties
  280  systemctl restart ovirt-engine
  281  vim /etc/ovirt-engine/extensions.d/profile1-authn.properties
  282  cd /usr/share/
  283  ls
  284  cd ovirt-engine-aaa-ldap
  285  ls
  286  cd ovirt-engine-extension-aaa-ldap/
  287  ls
  288  cd examples/
  289  ls
  290  cd ad
  291  ls
  292  cd extensions.d/
  293  ls
  294  vim profile1-authn.properties
  295  pwd
  296  cd ..
  297  pwd
  298  cd ..
  299  ls
  300  cd simple
  301  ls
  302  cd aaa/
  303  ls
  304  vim profile1.properties
  305  pwd
  306  rm -rf /etc/ovirt-engine/aaa/profile1.properties
  307  cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/aaa/profile1.properties
/etc/ovirt-engine/aaa/
  308  vim /etc/ovirt-engine/aaa/profile1.properties
  309  history
  310  chown ovirt:ovirt /etc/ovirt-engine/aaa/profile1.properties
  311  chmod 600 /etc/ovirt-engine/aaa/profile1.properties
  312  systemctl restart ovirt-engine
  313  updatedb
  314  locate domain1-authn.properties
  315  history
  316  cd /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/aaa/
  317  ll
  318  cd /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/
  319  ls
  320  cd extensions.d/
  321  ls
  322  pwd
  323  cd /etc/ovirt-engine/extensions.d/
  324  ls
  325  cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/
/etc/ovirt-engine/extensions.d/
  326   cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/* 
/etc/ovirt-engine/extensions.d/
  327  rm -rf /etc/ovirt-engine/extensions.d/profile1-authn.properties
  328  rm -rf /etc/ovirt-engine/extensions.d/profile1-authz.properties
  329   cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/* 
/etc/ovirt-engine/extensions.d/
  330  ll
  331  history
  332  chown ovirt:ovirt /etc/ovirt-engine/extensions.d/*
  333  chmod 600 /etc/ovirt-engine/extensions.d/*
  334  ll
  335  cd extensions.d/
  336  ll
  337  cd
  338  engine-config -s SASL_QOP=auth
  339  systemctl restart ovirt-engine
  340  engine-manage-domains add --domain=udistritaloas.edu.co
 --provider=ipa --user=admin
--ldap-servers=freeipa.udistritaloas.edu.co

  341  systemctl restart ovirt-engine
  342  engine-manage-domains list
  343  history
  344  cd /etc/ovirt-engine/extensions.d/
  345  ll
  346  rm -rf internal-authn.properties
  347  rm -rf internal-authz.properties
  348  rm -rf profile1-authn.properties
  349  rm -rf profile1-authz.properties
  350  history
  351  cd /etc/ovirt-engine/aaa/
  352  ll
  353  rm -rf profile1.properties
  354  vim internal.properties
  355  systemctl restart 

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-20 Thread Julián Tete
Thanks Ondra :)

With the command:

su - postgres -c "psql -t engine -c \"insert into permissions values
('001b-001b-001b-001b-029f',
'----0001',
'fdfc627c-d875-11e0-90f0-83df133b58cc',
'aaa0----123456789aaa', 1);\""

I get:

ERROR:  duplicate key value violates unique constraint
"idx_combined_ad_role_object"
DETAIL:  Key (ad_element_id, role_id,
object_id)=(fdfc627c-d875-11e0-90f0-83df133b58cc,
----0001, aaa0----123456789aaa)
already exists.

History

  261  yum install ovirt-engine-extension-aaa-ldap
  262  cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/aaa/profile1.properties
/etc/ovirt-engine/
  263  cd /etc/ovirt-engine/
  264  ll
  265  vim profile1.properties
  266  ll
  267  cd cp
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*
/etc/ovirt-engine/extensions.d/
  268  cd cp /usr/share/ovirt-engine-extension-aaa-ldap/examples/
  269  cd
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/
  270  ll
  271  cp
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*
/etc/ovirt-engine/extensions.d/
  272  cd /etc/ovirt-engine/extensions.d/
  273  ll
  274  find / -type f -iname profile1.properties
  275  cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/aaa/profile1.properties
/etc/ovirt-engine/aaa/
  276  find / -type f -iname profile1.properties
  277  vim /etc/ovirt-engine/aaa/profile1.properties
  278  chown ovirt:ovirt /etc/ovirt-engine/aaa/profile1.properties
  279  chmod 600 /etc/ovirt-engine/aaa/profile1.properties
  280  systemctl restart ovirt-engine
  281  vim /etc/ovirt-engine/extensions.d/profile1-authn.properties
  282  cd /usr/share/
  283  ls
  284  cd ovirt-engine-aaa-ldap
  285  ls
  286  cd ovirt-engine-extension-aaa-ldap/
  287  ls
  288  cd examples/
  289  ls
  290  cd ad
  291  ls
  292  cd extensions.d/
  293  ls
  294  vim profile1-authn.properties
  295  pwd
  296  cd ..
  297  pwd
  298  cd ..
  299  ls
  300  cd simple
  301  ls
  302  cd aaa/
  303  ls
  304  vim profile1.properties
  305  pwd
  306  rm -rf /etc/ovirt-engine/aaa/profile1.properties
  307  cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/aaa/profile1.properties
/etc/ovirt-engine/aaa/
  308  vim /etc/ovirt-engine/aaa/profile1.properties
  309  history
  310  chown ovirt:ovirt /etc/ovirt-engine/aaa/profile1.properties
  311  chmod 600 /etc/ovirt-engine/aaa/profile1.properties
  312  systemctl restart ovirt-engine
  313  updatedb
  314  locate domain1-authn.properties
  315  history
  316  cd /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/aaa/
  317  ll
  318  cd /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/
  319  ls
  320  cd extensions.d/
  321  ls
  322  pwd
  323  cd /etc/ovirt-engine/extensions.d/
  324  ls
  325  cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/
/etc/ovirt-engine/extensions.d/
  326   cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*
/etc/ovirt-engine/extensions.d/
  327  rm -rf /etc/ovirt-engine/extensions.d/profile1-authn.properties
  328  rm -rf /etc/ovirt-engine/extensions.d/profile1-authz.properties
  329   cp -r
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*
/etc/ovirt-engine/extensions.d/
  330  ll
  331  history
  332  chown ovirt:ovirt /etc/ovirt-engine/extensions.d/*
  333  chmod 600 /etc/ovirt-engine/extensions.d/*
  334  ll
  335  cd extensions.d/
  336  ll
  337  cd
  338  engine-config -s SASL_QOP=auth
  339  systemctl restart ovirt-engine
  340  engine-manage-domains add --domain=udistritaloas.edu.co
--provider=ipa --user=admin --ldap-servers=freeipa.udistritaloas.edu.co
  341  systemctl restart ovirt-engine
  342  engine-manage-domains list
  343  history
  344  cd /etc/ovirt-engine/extensions.d/
  345  ll
  346  rm -rf internal-authn.properties
  347  rm -rf internal-authz.properties
  348  rm -rf profile1-authn.properties
  349  rm -rf profile1-authz.properties
  350  history
  351  cd /etc/ovirt-engine/aaa/
  352  ll
  353  rm -rf profile1.properties
  354  vim internal.properties
  355  systemctl restart ovirt-engine
  356  ovirt-aaa-jdbc-tool user edit admin --account-valid-to="2100-01-01
00:00:00Z"
  357  ovirt-aaa-jdbc-tool user password-reset admin
--password-valid-to="2100-01-01 00:00:00Z"
  358  engine-config -s AdminPassword=interactive
  359  ovirt-aaa-jdbc-tool user password-reset admin
--password-valid-to="2100-01-01 00:00:00Z"
  360  systemctl restart ovirt-engine
  361  exit
  362  cd /etc/ovirt-engine/aaa/
  363  ll
  364  vim internal.properties
  365  /etc/ovirt-engine/extensions.d/
  366  cd /etc/ovirt-engine/extensions.d/
  367  ll
  368  cd extensions.d/
  369  ll
  370  pwd
  371  ll
  372  cd ..
  373  ll
  374  cd ..
  375  ll
  376  cd /etc/ovirt-engine/extensions.d/
  377  ll
  378  cd extensions.d/
  379  ll
  380  pwd
  381  ll
  382  

Re: [ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-20 Thread Ondra Machacek

On 06/20/2016 06:36 PM, Julián Tete wrote:

oVirt: 3.6.2

Trying to use:

https://github.com/machacekondra/ovirt-engine-kerbldap-migration

First use:

engine-manage-domains add --domain=udistritaloas.edu.co
 --provider=ipa --user=admin
--ldap-servers=freeipa.udistritaloas.edu.co


The domain was added, but a I can't access to the webadmin portal :/

I get the message:

"User is not authorized to perform this action."

In ovirt-cli

[401] - Unauthorized

tail -n 5000 /var/log/ovirt-engine/engine.log | grep admin@internal

2016-06-20 10:52:22,835 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-32) [] Correlation ID: null, Call Stack: null, Custom
Event ID: -1, Message: User admin@internal failed to log in.
2016-06-20 10:52:22,836 WARN
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (default task-32)
[] CanDoAction of action 'LoginAdminUser' failed for user
admin@internal. Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
2016-06-20 11:00:37,679 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-3) [] Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User admin@internal failed to log in.
2016-06-20 11:00:37,679 WARN
[org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-3) []
CanDoAction of action 'LoginUser' failed for user admin@internal.
Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
2016-06-20 11:01:04,016 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-4) [] Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User admin@internal failed to log in.
2016-06-20 11:01:04,016 WARN
[org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-4) []
CanDoAction of action 'LoginUser' failed for user admin@internal.
Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION


I am little bit lost, what was your steps, to get into this state, but 
it looks that your admin@internal user was removed SuperUser 
permissions, I am really not sure how could you achieve that, but to fix 
it please run following command:


 $ su - postgres -c "psql -t engine -c \"insert into permissions values 
('001b-001b-001b-001b-029f', 
'----0001', 
'fdfc627c-d875-11e0-90f0-83df133b58cc', 
'aaa0----123456789aaa', 1);\""


This command will add your admin@internal SuperUser permissions on system.

Can you please describe what have you done a bit more, so we can 
understand the problem?


Thanks.



Properties of Internal domain:

cat /etc/ovirt-engine/aaa/internal.properties

ovirt.engine.extension.name  =
internal-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine.extension.aaa.jdbc
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name
 = internal
ovirt.engine.aaa.authn.authz.plugin = internal-authz
config.datasource.file = /etc/ovirt-engine/aaa/internal.properties

cat /etc/ovirt-engine/extensions.d/internal-authn.properties

ovirt.engine.extension.name  =
internal-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine.extension.aaa.jdbc
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name
 = internal
ovirt.engine.aaa.authn.authz.plugin = internal-authz
config.datasource.file = /etc/ovirt-engine/aaa/internal.properties

cat /etc/ovirt-engine/extensions.d/internal-authz.properties

ovirt.engine.extension.name  =
internal-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine.extension.aaa.jdbc
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.datasource.file = /etc/ovirt-engine/aaa/internal.properties

Properties of admin@internal user:

ovirt-aaa-jdbc-tool user show admin

-- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --
Namespace: *
Name: admin
ID: fdfc627c-d875-11e0-90f0-83df133b58cc
Display Name:
Email:
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2015-10-01 00:00:00Z
Account Valid To: 2100-01-01 00:00:00Z
Account Without Password: false
Last 

[ovirt-users] User admin@internal can't login in oVirt 3.6

2016-06-20 Thread Julián Tete
oVirt: 3.6.2

Trying to use:

https://github.com/machacekondra/ovirt-engine-kerbldap-migration

First use:

engine-manage-domains add --domain=udistritaloas.edu.co --provider=ipa
--user=admin --ldap-servers=freeipa.udistritaloas.edu.co

The domain was added, but a I can't access to the webadmin portal :/

I get the message:

"User is not authorized to perform this action."

In ovirt-cli

[401] - Unauthorized

tail -n 5000 /var/log/ovirt-engine/engine.log | grep admin@internal

2016-06-20 10:52:22,835 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-32) [] Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User admin@internal failed to log in.
2016-06-20 10:52:22,836 WARN
[org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (default task-32) []
CanDoAction of action 'LoginAdminUser' failed for user admin@internal.
Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
2016-06-20 11:00:37,679 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-3) [] Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User admin@internal failed to log in.
2016-06-20 11:00:37,679 WARN
[org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-3) []
CanDoAction of action 'LoginUser' failed for user admin@internal. Reasons:
USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
2016-06-20 11:01:04,016 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-4) [] Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User admin@internal failed to log in.
2016-06-20 11:01:04,016 WARN
[org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-4) []
CanDoAction of action 'LoginUser' failed for user admin@internal. Reasons:
USER_NOT_AUTHORIZED_TO_PERFORM_ACTION

Properties of Internal domain:

cat /etc/ovirt-engine/aaa/internal.properties

ovirt.engine.extension.name = internal-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine.extension.aaa.jdbc
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = internal
ovirt.engine.aaa.authn.authz.plugin = internal-authz
config.datasource.file = /etc/ovirt-engine/aaa/internal.properties

cat /etc/ovirt-engine/extensions.d/internal-authn.properties

ovirt.engine.extension.name = internal-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine.extension.aaa.jdbc
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = internal
ovirt.engine.aaa.authn.authz.plugin = internal-authz
config.datasource.file = /etc/ovirt-engine/aaa/internal.properties

cat /etc/ovirt-engine/extensions.d/internal-authz.properties

ovirt.engine.extension.name = internal-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine.extension.aaa.jdbc
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.datasource.file = /etc/ovirt-engine/aaa/internal.properties

Properties of admin@internal user:

ovirt-aaa-jdbc-tool user show admin

-- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --
Namespace: *
Name: admin
ID: fdfc627c-d875-11e0-90f0-83df133b58cc
Display Name:
Email:
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2015-10-01 00:00:00Z
Account Valid To: 2100-01-01 00:00:00Z
Account Without Password: false
Last successful Login At: 2016-06-20 16:01:03Z
Last unsuccessful Login At: 2016-06-19 16:53:07Z
Password Valid To: 2100-01-01 00:00:00Z

¿ Can I assign privilegies to the user ? ¿ Any idea ?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users