----- Original Message ----- > From: "Paul Robert Marino" <prmari...@gmail.com> > To: "Yair Zaslavsky" <yzasl...@redhat.com> > Cc: users@ovirt.org > Sent: Sunday, August 17, 2014 6:32:15 PM > Subject: Re: [ovirt-users] ovirt with 389 server inactive groups > > I think we now have enough for a proper ticket. > I will create one latter today. also since I have RHEV support for my > production instances I will also create a matching case with Red Hat.
Thank you very much for your help here! Please add a link to this mailing list thread when you open the ticket. Many thanks, Yair > > > > On Sun, Aug 17, 2014 at 11:27 AM, Paul Robert Marino > <prmari...@gmail.com> wrote: > > Ok > > I dug in a little further it looks like them memberof plugin in 389 > > server is making them lowercase which from an LDAP and or Posix > > perspective is not a problem but this seems to be the root cause of > > the issue of the difference. > > while this behavior is strange it is not invalid because DN's are case > > insensitive. > > > > The easiest way to fix this is to change the query of the group from > > the ad_groups table to an ilike. The potential problem here is it > > conflicts with SAM in windows where group names are case sensitive. > > This is definitely a conflict in design between AD and LDAP's core design. > > Interestingly I can add roles to the group and there is no problem it > > sets it correctly so somewhere else in the code an ilike is being uses > > to query the groups table. > > > > > > On Sun, Aug 17, 2014 at 11:05 AM, Paul Robert Marino > > <prmari...@gmail.com> wrote: > >> I found why the group_ids field is wrong > >> > >> If you look at the ad_groups table then mane for the group is "<domain > >> here>/Groups/sysadmin" however if you look at the groups field in the > >> users table it says "<domain here>/groups/sysadmin" > >> I tried updating the name field in the ad_groups table to match > >> "<domain here>/groups/sysadmin" then removed and added a user now the > >> if for that group in the group_ids field is being set correctly. > >> > >> This is at least a usable workaround for now. now we need to find the > >> root cause. > >> > >> > >> On Sun, Aug 17, 2014 at 10:39 AM, Paul Robert Marino > >> <prmari...@gmail.com> wrote: > >>> confirmed that does seem to be the cause I updated the group_ids field > >>> of a user to the appropriate Id's from ad_groups and it fixed that > >>> user. > >>> in answer to your question "Did you first add the goup, and then added > >>> users (that belong to a group) either by adding users, or by adding a > >>> permission?" Ive tried it ever different way I can think of the > >>> results are always the same. > >>> > >>> > >>> On Sun, Aug 17, 2014 at 9:46 AM, Yair Zaslavsky <yzasl...@redhat.com> > >>> wrote: > >>>> > >>>> > >>>> ----- Original Message ----- > >>>>> From: "Paul Robert Marino" <prmari...@gmail.com> > >>>>> To: "Yair Zaslavsky" <yzasl...@redhat.com> > >>>>> Cc: "Itamar Heim" <ih...@redhat.com>, users@ovirt.org > >>>>> Sent: Sunday, August 17, 2014 4:33:30 PM > >>>>> Subject: Re: [ovirt-users] ovirt with 389 server inactive groups > >>>>> > >>>>> here are the results of the queries you asked for > >>>>> > >>>>> > >>>>> group_ids > >>>>> > >>>>> | > >>>>> > >>>>> groups > >>>>> > >>>>> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------- > >>>>> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > >>>>> ---- > >>>>> > >>>>> 00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000 > >>>>> | <domain here>/groups/sysadmin,<domain here>/groups/pmarino,<domain > >>>>> here>/groups/pd managers,<domain here>/groups/qa managers,<domain > >>>>> here>/groups/accounting managers,<domain here>/directory administrat > >>>>> ors > >>>>> (1 row) > >>>>> > >>>>> > >>>>> engine=# select id, name from ad_groups; > >>>>> id | name > >>>>> --------------------------------------+--------------------------------------- > >>>>> eee00000-0000-0000-0000-123456789eee | Everyone > >>>>> 2a8a8401-fc9e-11e3-8742-861538ea406a | <domain here>/Groups/sysadmin > >>>>> (2 rows) > >>>> > >>>> It does look that there is something wrong in the association of users > >>>> to their group IDS. > >>>> Just to make sure I'm not missing anything - > >>>> Did you first add the goup, and then added users (that belong to a > >>>> group) either by adding users, or by adding a permission? > >>>> > >>>> Yair > >>>> > >>>>> > >>>>> > >>>>> > >>>>> On Wed, Aug 13, 2014 at 10:49 PM, Yair Zaslavsky <yzasl...@redhat.com> > >>>>> wrote: > >>>>> > > >>>>> > > >>>>> > ----- Original Message ----- > >>>>> >> From: "Paul Robert Marino" <prmari...@gmail.com> > >>>>> >> To: "Yair Zaslavsky" <yzasl...@redhat.com> > >>>>> >> Cc: "Itamar Heim" <ih...@redhat.com>, users@ovirt.org > >>>>> >> Sent: Wednesday, August 13, 2014 11:47:40 PM > >>>>> >> Subject: Re: [ovirt-users] ovirt with 389 server inactive groups > >>>>> >> > >>>>> >> Ok so before I open a bug ticket I want to confirm I'm not doing any > >>>>> >> thing wrong here. > >>>>> >> I upgraded to 3.4 > >>>>> >> now it says "Active: false " on LDAP groups. > >>>>> >> > >>>>> >> Again I tried to add the sysadmin group from the directory server > >>>>> >> and > >>>>> >> set the power user and super user roles on the group > >>>>> >> it shows up as "<domain name>/Groups/sysadmin" > >>>>> >> I adder the permisions by clicking on the configure link on the top > >>>>> >> of > >>>>> >> the screen and set them in the "System Permissions" tab > >>>>> > > >>>>> > Sounds good so far. > >>>>> > I assume also you see the permissiosn in the permissions sub tab when > >>>>> > you > >>>>> > click the group. > >>>>> > > >>>>> >> > >>>>> >> I added a user (pmarino) to the system which shows in the "Directory > >>>>> >> Group" tab shows "sysadmin groups <domian name>" among > >>>>> >> others > >>>>> >> however it only shows in the Permissions tab the permissions > >>>>> >> inherited > >>>>> >> by "Everyone" it does not show any permissions inherited by the > >>>>> >> sysadmin group. > >>>>> > > >>>>> > This is not good - I mean, should have worked. > >>>>> > > >>>>> >> > >>>>> >> just to prove it didnt work I logged out and attempted to log back > >>>>> >> in > >>>>> >> as the user (pmarino) it wouldn't let me log in > >>>>> >> > >>>>> >> I logged back in as the internal admin user then I added the > >>>>> >> SuperUser > >>>>> >> permissions directly to the pmarino account and logged back out > >>>>> >> again. > >>>>> >> Now when I logged in as pmarino it gave me the access I expected. > >>>>> > > >>>>> > Can I please ask you to provide some database info ? > >>>>> > > >>>>> > It will be awesome if you can provide the following SQL queries > >>>>> > results - > >>>>> > > >>>>> > select group_ids, groups from users where username ilike '%pmarino%'; > >>>>> > > >>>>> > In addition, please perform - select id, name from ad_groups; > >>>>> > > >>>>> > Thanks for your help. > >>>>> > > >>>>> > P.S - As far as I understand the two bugs mentioend by Itamar (I > >>>>> > mean, the > >>>>> > solution to the bugs) should have fixed your issue as well. > >>>>> > > >>>>> > > >>>>> > > >>>>> >> > >>>>> >> > >>>>> >> > >>>>> >> Here is the relevant portion of the engine log > >>>>> >> " > >>>>> >> 2014-08-13 16:00:38,801 INFO > >>>>> >> [org.ovirt.engine.core.bll.AddGroupCommand] (ajp-/127.0.0.1:8702-5) > >>>>> >> [1e7fa420] Running command: AddGroupCommand internal: false. > >>>>> >> Entities > >>>>> >> affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: System > >>>>> >> 2014-08-13 16:00:38,813 INFO > >>>>> >> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>> >> (ajp-/127.0.0.1:8702-5) [1e7fa420] Correlation ID: 1e7fa420, Call > >>>>> >> Stack: null, Custom Event ID: -1, Message: User '<domain > >>>>> >> name>/Groups/sysadmin' was added successfully to the system. > >>>>> >> 2014-08-13 16:09:01,352 INFO > >>>>> >> [org.ovirt.engine.core.bll.AddSystemPermissionCommand] > >>>>> >> (org.ovirt.thread.pool-4-thread-24) [75cab17c] Running command: > >>>>> >> AddSystemPermissionCommand internal: false. Entities affected : ID: > >>>>> >> aaa00000-0000-0000-0000-123456789aaa Type: System, ID: > >>>>> >> aaa00000-0000-0000-0000-123456789aaa Type: System > >>>>> >> 2014-08-13 16:09:01,371 INFO > >>>>> >> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>> >> (org.ovirt.thread.pool-4-thread-24) [75cab17c] Correlation ID: > >>>>> >> 75cab17c, Call Stack: null, Custom Event ID: -1, Message: User/Group > >>>>> >> <domain name>/Groups/sysadmin was granted permission for Role > >>>>> >> SuperUser on System by admin. > >>>>> >> 2014-08-13 16:10:40,963 INFO > >>>>> >> [org.ovirt.engine.core.bll.AddSystemPermissionCommand] > >>>>> >> (org.ovirt.thread.pool-4-thread-26) [b42abcb] Running command: > >>>>> >> AddSystemPermissionCommand internal: false. Entities affected : ID: > >>>>> >> aaa00000-0000-0000-0000-123456789aaa Type: System, ID: > >>>>> >> aaa00000-0000-0000-0000-123456789aaa Type: System > >>>>> >> 2014-08-13 16:10:40,979 INFO > >>>>> >> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>> >> (org.ovirt.thread.pool-4-thread-26) [b42abcb] Correlation ID: > >>>>> >> b42abcb, > >>>>> >> Call Stack: null, Custom Event ID: -1, Message: User/Group <domain > >>>>> >> name>/Groups/sysadmin was granted permission for Role PowerUserRole > >>>>> >> on > >>>>> >> System by admin. > >>>>> >> 2014-08-13 16:20:53,891 INFO > >>>>> >> [org.ovirt.engine.core.bll.AddUserCommand] (ajp-/127.0.0.1:8702-4) > >>>>> >> [58e00be1] Running command: AddUserCommand internal: false. Entities > >>>>> >> affected : ID: aaa00000-0000-0000-0000-123456789aaa Type: System > >>>>> >> 2014-08-13 16:20:53,919 INFO > >>>>> >> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>> >> (ajp-/127.0.0.1:8702-4) [58e00be1] Correlation ID: 58e00be1, Call > >>>>> >> Stack: null, Custom Event ID: -1, Message: User 'pmarino' was added > >>>>> >> successfully to the system. > >>>>> >> 2014-08-13 16:35:52,202 INFO > >>>>> >> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>> >> (ajp-/127.0.0.1:8702-10) Correlation ID: null, Call Stack: null, > >>>>> >> Custom Event ID: -1, Message: User pmarino failed to log in. > >>>>> >> 2014-08-13 16:35:52,202 WARN > >>>>> >> [org.ovirt.engine.core.bll.LoginAdminUserCommand] > >>>>> >> (ajp-/127.0.0.1:8702-10) CanDoAction of action LoginAdminUser > >>>>> >> failed. > >>>>> >> Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION > >>>>> >> 2014-08-13 16:39:48,048 INFO > >>>>> >> [org.ovirt.engine.core.bll.AddSystemPermissionCommand] > >>>>> >> (org.ovirt.thread.pool-4-thread-31) [5ba3c874] Running command: > >>>>> >> AddSystemPermissionCommand internal: false. Entities affected : ID: > >>>>> >> aaa00000-0000-0000-0000-123456789aaa Type: System > >>>>> >> 2014-08-13 16:39:48,069 INFO > >>>>> >> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>> >> (org.ovirt.thread.pool-4-thread-31) [5ba3c874] Correlation ID: > >>>>> >> 5ba3c874, Call Stack: null, Custom Event ID: -1, Message: User/Group > >>>>> >> pmarino was granted permission for Role SuperUser on System by > >>>>> >> admin. > >>>>> >> 2014-08-13 16:40:43,357 INFO > >>>>> >> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > >>>>> >> (ajp-/127.0.0.1:8702-1) Correlation ID: null, Call Stack: null, > >>>>> >> Custom > >>>>> >> Event ID: -1, Message: User pmarino logged in. > >>>>> >> > >>>>> >> " > >>>>> >> > >>>>> >> On Mon, Aug 11, 2014 at 1:41 PM, Yair Zaslavsky > >>>>> >> <yzasl...@redhat.com> > >>>>> >> wrote: > >>>>> >> > > >>>>> >> > > >>>>> >> > ----- Original Message ----- > >>>>> >> >> From: "Yair Zaslavsky" <yzasl...@redhat.com> > >>>>> >> >> To: "Itamar Heim" <ih...@redhat.com> > >>>>> >> >> Cc: users@ovirt.org > >>>>> >> >> Sent: Monday, August 11, 2014 8:13:53 PM > >>>>> >> >> Subject: Re: [ovirt-users] ovirt with 389 server inactive groups > >>>>> >> >> > >>>>> >> >> I have checked the codebase of 3.3 - > >>>>> >> >> the "active" field is used for presentation purpose only. > >>>>> >> > > >>>>> >> > Presentation wise only - means that it is not used for our > >>>>> >> > permissions > >>>>> >> > calculation , for example. > >>>>> >> > > >>>>> >> >> Alon has addressed our plans for this in his previous comments. > >>>>> >> >> I hope this clarifies more.. > >>>>> >> >> > >>>>> >> >> Yair > >>>>> >> >> > >>>>> >> >> > >>>>> >> >> ----- Original Message ----- > >>>>> >> >> > From: "Itamar Heim" <ih...@redhat.com> > >>>>> >> >> > To: "Alon Bar-Lev" <alo...@redhat.com>, "Paul Robert Marino" > >>>>> >> >> > <prmari...@gmail.com> > >>>>> >> >> > Cc: users@ovirt.org > >>>>> >> >> > Sent: Sunday, August 10, 2014 11:54:05 PM > >>>>> >> >> > Subject: Re: [ovirt-users] ovirt with 389 server inactive > >>>>> >> >> > groups > >>>>> >> >> > > >>>>> >> >> > On 08/10/2014 10:50 PM, Alon Bar-Lev wrote: > >>>>> >> >> > > > >>>>> >> >> > > > >>>>> >> >> > > ----- Original Message ----- > >>>>> >> >> > >> From: "Paul Robert Marino" <prmari...@gmail.com> > >>>>> >> >> > >> To: "Alon Bar-Lev" <alo...@redhat.com> > >>>>> >> >> > >> Cc: "Maurice James" <mja...@media-node.com>, users@ovirt.org > >>>>> >> >> > >> Sent: Sunday, August 10, 2014 10:43:14 PM > >>>>> >> >> > >> Subject: Re: [ovirt-users] ovirt with 389 server inactive > >>>>> >> >> > >> groups > >>>>> >> >> > >> > >>>>> >> >> > >> Sorry for my delayed response to this > >>>>> >> >> > >> > >>>>> >> >> > >> I am using ovirt 3.3. > >>>>> >> >> > >> I am using Kerberos 5, and all of the DNS requirements are > >>>>> >> >> > >> in > >>>>> >> >> > >> place. > >>>>> >> >> > >> Finally 389 server is the upstream project for RHDS and one > >>>>> >> >> > >> of the > >>>>> >> >> > >> upstream projects for IPA. > >>>>> >> >> > >> So I chose to set it as RHDS because its an identical match. > >>>>> >> >> > >> > >>>>> >> >> > >> User authentication works just fine my problem is adding > >>>>> >> >> > >> roles to > >>>>> >> >> > >> groups. > >>>>> >> >> > >> I can assign a role to a group but the group always shows an > >>>>> >> >> > >> inactive > >>>>> >> >> > >> status; however if I assign a role directly to to a user it > >>>>> >> >> > >> works > >>>>> >> >> > >> fine. > >>>>> >> >> > >> In addition if I drill down into a user it knows what groups > >>>>> >> >> > >> in > >>>>> >> >> > >> the > >>>>> >> >> > >> 389 server the user is a member of. > >>>>> >> >> > >> > >>>>> >> >> > >> finally I can't see any error in the logs when adding a role > >>>>> >> >> > >> to a > >>>>> >> >> > >> group > >>>>> >> >> > >> > >>>>> >> >> > > > >>>>> >> >> > > Please open a bug, I am unsure that it will be addressed > >>>>> >> >> > > before > >>>>> >> >> > > 3.5, > >>>>> >> >> > > as > >>>>> >> >> > > we > >>>>> >> >> > > have done major rework for the authentication and > >>>>> >> >> > > authorization to > >>>>> >> >> > > make > >>>>> >> >> > > it > >>>>> >> >> > > much more versatile. Even if there will be a fix it will be > >>>>> >> >> > > provided > >>>>> >> >> > > to > >>>>> >> >> > > 3.4.z. > >>>>> >> >> > > > >>>>> >> >> > > It will be best if you want to test this scenario in 3.5 > >>>>> >> >> > > release > >>>>> >> >> > > candidate > >>>>> >> >> > > and the new ldap provider, so we can address the issue before > >>>>> >> >> > > 3.5 > >>>>> >> >> > > release > >>>>> >> >> > > if exists. > >>>>> >> >> > > > >>>>> >> >> > > >>>>> >> >> > could also be one of these fixed in 3.4: > >>>>> >> >> > 3.4.0 - Bug 1065615 - When adding a user that belongs to a > >>>>> >> >> > group, it > >>>>> >> >> > does not inherit the group permissions > >>>>> >> >> > 3.4.1 - Bug 1069562 - When assigning permissions to user that > >>>>> >> >> > belongs > >>>>> >> >> > to > >>>>> >> >> > a group indirectly, it does not inherit the group permissions > >>>>> >> >> > > >>>>> >> >> > >> > >>>>> >> >> > >> > >>>>> >> >> > >> On Sat, Aug 9, 2014 at 2:33 AM, Alon Bar-Lev > >>>>> >> >> > >> <alo...@redhat.com> > >>>>> >> >> > >> wrote: > >>>>> >> >> > >>> > >>>>> >> >> > >>> > >>>>> >> >> > >>> ----- Original Message ----- > >>>>> >> >> > >>>> From: "Maurice James" <mja...@media-node.com> > >>>>> >> >> > >>>> To: "Alon Bar-Lev" <alo...@redhat.com> > >>>>> >> >> > >>>> Cc: "Itamar Heim" <ih...@redhat.com>, users@ovirt.org > >>>>> >> >> > >>>> Sent: Saturday, August 9, 2014 3:47:04 AM > >>>>> >> >> > >>>> Subject: Re: [ovirt-users] ovirt with 389 server inactive > >>>>> >> >> > >>>> groups > >>>>> >> >> > >>>> > >>>>> >> >> > >>>> Does this still require the use of kerberos? Will 389-ds > >>>>> >> >> > >>>> work on > >>>>> >> >> > >>>> its > >>>>> >> >> > >>>> own? > >>>>> >> >> > >>> > >>>>> >> >> > >>> In 3.5 we introduced pure ldap support[1], obsoleting the > >>>>> >> >> > >>> kerberos/ldap > >>>>> >> >> > >>> mix. > >>>>> >> >> > >>> > >>>>> >> >> > >>> It will be great to receive feedback[2]. > >>>>> >> >> > >>> > >>>>> >> >> > >>> 389ds is not supported directly, I think it is similar to > >>>>> >> >> > >>> IPA as > >>>>> >> >> > >>> it > >>>>> >> >> > >>> uses > >>>>> >> >> > >>> 389. Maybe I should rename the profile of ipa to 389 if it > >>>>> >> >> > >>> works > >>>>> >> >> > >>> properly. > >>>>> >> >> > >>> > >>>>> >> >> > >>> Regards, > >>>>> >> >> > >>> Alon > >>>>> >> >> > >>> > >>>>> >> >> > >>> [1] > >>>>> >> >> > >>> http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=master > >>>>> >> >> > >>> [2] > >>>>> >> >> > >>> http://lists.ovirt.org/pipermail/devel/2014-August/008367.html > >>>>> >> >> > >>> > >>>>> >> >> > >>>> > >>>>> >> >> > >>>> ----- Original Message ----- > >>>>> >> >> > >>>> From: "Alon Bar-Lev" <alo...@redhat.com> > >>>>> >> >> > >>>> To: "Itamar Heim" <ih...@redhat.com> > >>>>> >> >> > >>>> Cc: users@ovirt.org > >>>>> >> >> > >>>> Sent: Friday, August 8, 2014 3:45:07 PM > >>>>> >> >> > >>>> Subject: Re: [ovirt-users] ovirt with 389 server inactive > >>>>> >> >> > >>>> groups > >>>>> >> >> > >>>> > >>>>> >> >> > >>>> > >>>>> >> >> > >>>> > >>>>> >> >> > >>>> ----- Original Message ----- > >>>>> >> >> > >>>>> From: "Itamar Heim" <ih...@redhat.com> > >>>>> >> >> > >>>>> To: "Paul Robert Marino" <prmari...@gmail.com>, > >>>>> >> >> > >>>>> users@ovirt.org > >>>>> >> >> > >>>>> Sent: Friday, August 8, 2014 10:37:11 PM > >>>>> >> >> > >>>>> Subject: Re: [ovirt-users] ovirt with 389 server inactive > >>>>> >> >> > >>>>> groups > >>>>> >> >> > >>>>> > >>>>> >> >> > >>>>> On 08/07/2014 07:06 PM, Paul Robert Marino wrote: > >>>>> >> >> > >>>>>> I have ovirt engine running and connected to a 389 > >>>>> >> >> > >>>>>> server with > >>>>> >> >> > >>>>>> the > >>>>> >> >> > >>>>>> memberof plugin enabled and working properly. > >>>>> >> >> > >>>>>> > >>>>> >> >> > >>>>>> I can add users and assign them to roles without any > >>>>> >> >> > >>>>>> issues. > >>>>> >> >> > >>>>>> > >>>>> >> >> > >>>>>> when I look at a user I can see all the LDAP groups they > >>>>> >> >> > >>>>>> are a > >>>>> >> >> > >>>>>> member > >>>>> >> >> > >>>>>> of. > >>>>> >> >> > >>>>>> > >>>>> >> >> > >>>>>> when I run engine-manage-domains -action=validate it > >>>>> >> >> > >>>>>> tells me > >>>>> >> >> > >>>>>> the > >>>>> >> >> > >>>>>> domain is valid. > >>>>> >> >> > >>>>>> > >>>>> >> >> > >>>>>> here is my problem when I try to assign a role to an > >>>>> >> >> > >>>>>> LDAP > >>>>> >> >> > >>>>>> group > >>>>> >> >> > >>>>>> it > >>>>> >> >> > >>>>>> looks like it works but in the general tab when under > >>>>> >> >> > >>>>>> the > >>>>> >> >> > >>>>>> group > >>>>> >> >> > >>>>>> it > >>>>> >> >> > >>>>>> tells me the status is Inactive. > >>>>> >> >> > >>>>>> > >>>>> >> >> > >>>>>> dose any one know how to enable the group? > >>>>> >> >> > >>>>>> _______________________________________________ > >>>>> >> >> > >>>>>> Users mailing list > >>>>> >> >> > >>>>>> Users@ovirt.org > >>>>> >> >> > >>>>>> http://lists.ovirt.org/mailman/listinfo/users > >>>>> >> >> > >>>>>> > >>>>> >> >> > >>>>> > >>>>> >> >> > >>>>> 3.4 or new 3.5 Generic LDAP provider? > >>>>> >> >> > >>>> > >>>>> >> >> > >>>> > >>>>> >> >> > >>>> On case this is 3.5 it is known issue, all groups will be > >>>>> >> >> > >>>> seen > >>>>> >> >> > >>>> as > >>>>> >> >> > >>>> inactive, > >>>>> >> >> > >>>> this field will probably be removed from UI, as groups are > >>>>> >> >> > >>>> no > >>>>> >> >> > >>>> longer > >>>>> >> >> > >>>> fetched > >>>>> >> >> > >>>> periodically. > >>>>> >> >> > >>>> This field is totally ignored. > >>>>> >> >> > >>>> > >>>>> >> >> > >>>> Alon > >>>>> >> >> > >>>> _______________________________________________ > >>>>> >> >> > >>>> Users mailing list > >>>>> >> >> > >>>> Users@ovirt.org > >>>>> >> >> > >>>> http://lists.ovirt.org/mailman/listinfo/users > >>>>> >> >> > >>>> > >>>>> >> >> > >>> _______________________________________________ > >>>>> >> >> > >>> Users mailing list > >>>>> >> >> > >>> Users@ovirt.org > >>>>> >> >> > >>> http://lists.ovirt.org/mailman/listinfo/users > >>>>> >> >> > >> > >>>>> >> >> > > _______________________________________________ > >>>>> >> >> > > Users mailing list > >>>>> >> >> > > Users@ovirt.org > >>>>> >> >> > > http://lists.ovirt.org/mailman/listinfo/users > >>>>> >> >> > > > >>>>> >> >> > > >>>>> >> >> > _______________________________________________ > >>>>> >> >> > Users mailing list > >>>>> >> >> > Users@ovirt.org > >>>>> >> >> > http://lists.ovirt.org/mailman/listinfo/users > >>>>> >> >> > > >>>>> >> >> _______________________________________________ > >>>>> >> >> Users mailing list > >>>>> >> >> Users@ovirt.org > >>>>> >> >> http://lists.ovirt.org/mailman/listinfo/users > >>>>> >> >> > >>>>> >> > _______________________________________________ > >>>>> >> > Users mailing list > >>>>> >> > Users@ovirt.org > >>>>> >> > http://lists.ovirt.org/mailman/listinfo/users > >>>>> >> > >>>>> > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
