I'll file a bug for this. There is another issue here - -addPermissions can be used at action=edit, but if not provided during action=edit for domain I already added permissions for I get the print of -
The domain example.com has been added to the engine as an authentication source but no users from that domain have been granted permissions Which is incorrect in this case. ----- Original Message ----- > From: "Tim Hildred" <[email protected]> > To: "Yair Zaslavsky" <[email protected]> > Cc: "users" <[email protected]>, "Gianluca Cecchi" <[email protected]> > Sent: Tuesday, February 5, 2013 3:25:18 AM > Subject: Re: [Users] 3.2 beta and IPA domain question > > > After "Users from this domain can be granted permissions from the > > Web > > administration interface." Maybe we should add "or the domain > > should > > be added/editted with the -addPermissions option". > > > > What do you think? > > I think that, by the time this message is shown, the domain has been > added. No point in telling about how the domain _could_ have been > added. Something like > "Users from this domain can be granted permissions from the Web > administration interface, or by passing the -addPermissions flag to > engine-manage-domains." > > > Tim Hildred, RHCE > Content Author II - Engineering Content Services, Red Hat, Inc. > Brisbane, Australia > Email: [email protected] > Internal: 8588287 > Mobile: +61 4 666 25242 > IRC: thildred > > ----- Original Message ----- > > From: "Yair Zaslavsky" <[email protected]> > > To: "Gianluca Cecchi" <[email protected]> > > Cc: "users" <[email protected]> > > Sent: Sunday, February 3, 2013 4:13:58 PM > > Subject: Re: [Users] 3.2 beta and IPA domain question > > > > A question about this - > > Do you think the message printed to the user (after the domain is > > added without -addPermissions) should be extended and have addition > > line like > > > > After "Users from this domain can be granted permissions from the > > Web > > administration interface." Maybe we should add "or the domain > > should > > be added/editted with the -addPermissions option". > > > > What do you think? > > > > > > ----- Original Message ----- > > > From: "Gianluca Cecchi" <[email protected]> > > > To: "users" <[email protected]> > > > Sent: Saturday, February 2, 2013 1:22:15 AM > > > Subject: [Users] 3.2 beta and IPA domain question > > > > > > Hello, > > > I seem to remember in RHEV 3.0 that when you configured an IPA > > > domain, > > > its admin was automatically configured as an admin for RHEV > > > itself. > > > Is it true and in case does remain true for oVirt? > > > > > > I configured IPA as shipped on CentOS 6.3+updates > > > ipa-server-2.2.0-17.el6_3.1.x86_64 > > > > > > I successfully added it to y oVirt 3.2 beta setup > > > > > > [root@f18engine ~]# engine-manage-domains -action=add > > > -domain=LOCALDOMAIN.LOCAL -user=admin -provider=IPA -interactive > > > Enter password: > > > > > > The domain localdomain.local has been added to the engine as an > > > authentication source but no users from that domain have been > > > granted > > > permissions within the oVirt Manager. > > > Users from this domain can be granted permissions from the Web > > > administration interface. > > > oVirt Engine restart is required in order for the changes to take > > > place (service ovirt-engine restart). > > > Manage Domains completed successfully > > > > > > Then > > > [root@f18engine ~]# systemctl try-restart ovirt-engine.service > > > [root@f18engine ~]# systemctl status ovirt-engine.service > > > ovirt-engine.service - oVirt Engine > > > Loaded: loaded (/usr/lib/systemd/system/ovirt-engine.service; > > > enabled) > > > Active: active (running) since Sat 2013-02-02 00:10:29 CET; 10s > > > ago > > > Process: 32512 ExecStop=/usr/bin/engine-service stop > > > (code=exited, > > > status=0/SUCCESS) > > > Process: 32520 ExecStart=/usr/bin/engine-service start > > > (code=exited, > > > status=0/SUCCESS) > > > Main PID: 32521 (java) > > > CGroup: name=systemd:/system/ovirt-engine.service > > > └─32521 engine-service -server -XX:+TieredCompilation -Xms1g > > > -Xmx1g > > > -XX:PermSize=256m -XX:MaxPe... > > > > > > Feb 02 00:10:28 f18engine.localdomain.local systemd[1]: Starting > > > oVirt Engine... > > > Feb 02 00:10:29 f18engine.localdomain.local > > > engine-service[32520]: > > > Started engine process 32521. > > > Feb 02 00:10:29 f18engine.localdomain.local > > > engine-service[32520]: > > > Starting engine-service: [ OK ] > > > Feb 02 00:10:29 f18engine.localdomain.local systemd[1]: Started > > > oVirt > > > Engine. > > > > > > > > > Now from web admin portal I can choose the "localdomain.local" > > > domain > > > in drop down menu. > > > But when I try to enter the webadmin portal I get: > > > > > > User is not authorized to perform this action. > > > > > > > > > Do I need to grant IPA admin user from internal admin before, or > > > should it just work? > > > > > > Gianluca > > > _______________________________________________ > > > Users mailing list > > > [email protected] > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/users > > > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
