SuperUser is required to login user to webadmin. Not sure what is "too long time"... within any logs nobody can help you.
----- Original Message ----- > From: "Budur Nagaraju" <nbud...@gmail.com> > To: "Ondra Machacek" <omach...@redhat.com> > Cc: users@ovirt.org > Sent: Wednesday, September 23, 2015 10:39:50 AM > Subject: Re: [ovirt-users] LDAP Authentication > > When I give "superuser" permission then able to login and its taking too long > time to login. > Pls suggest any thing needs to be dome ? > > On Wed, Sep 23, 2015 at 1:07 PM, Ondra Machacek < omach...@redhat.com > > wrote: > > > > Should work well, strange. > The 'warn' message you sent was unsuccessfull login to webadmin as I can see > 'LoginAdminUserCommand', in UserPortal it's 'LoginUserCommand'. > Please try to assign UserRole to some vm to another user in domain if it will > work properly, if not please open bz. > > > On 09/23/2015 09:29 AM, Budur Nagaraju wrote: > > > > yeah facing issues while logging to the user portal. > > On Wed, Sep 23, 2015 at 12:54 PM, Ondra Machacek < omach...@redhat.com > > wrote: > > > > With UserRole you can only login to UserPortal, not webadmin. Do you have > this issue when you try to login to UserPortal? > > > On 09/23/2015 09:22 AM, Budur Nagaraju wrote: > > > > Provided the "user role" permissions still same issue > > On Wed, Sep 23, 2015 at 12:48 PM, Ondra Machacek < omach...@redhat.com > > wrote: > > > > Hi, > > your user nbud...@abc.net doesn't have appropriate permissions to login. > First you need to login as 'admin@internal' and assign him some permissions, > then you will be able to login. > > Ondra > > > On 09/23/2015 09:15 AM, Budur Nagaraju wrote: > > > > HI All, > > After rectifying this able to search the domain in the users in UI, > but unable to login getting the below error , > > > 2015-09-23 12:41:47,482 WARN > [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] > (ajp--127.0.0.1-8702-3) CanDoAction of action LoginAdminUser failed for user > nbud...@abc.net . Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION > > Thanks, > Nagaraju > > > > > > On Wed, Sep 23, 2015 at 12:13 PM, Ondra Machacek < omach...@redhat.com > > wrote: > > > > Hi, > > as Alon already said, you have trailing space in your configuration > > ' my.abc.net ' <-- space at the end > > Please remove this space and try again. > > Ondra > > > On 09/23/2015 05:35 AM, Budur Nagaraju wrote: > > > > HI Alon, > > Tried all the options but no luck , > > I have copied the logs in the pastebin below is the link , warning message is > that unable to resolve the DNS ,let me know any help would I get . > > http://pastebin.com/7qN9QnHK > > Thanks, > Nagaraju > > > On Tue, Sep 22, 2015 at 8:44 PM, Daniel Helgenberger < > daniel.helgenber...@m-box.de > wrote: > > > Hello Budur, > > I've done this recently. Alon, no offense, but the docs are not quite strait > forward... > > Requirements: > - LDAP server (obviously) - called here ldap.mydomain.com > - LDAP bind account - called here l...@mydomain.com , password 'Passw@rd' > - At least one existing account in ladp, called u...@mydomain.com > > Please note, the most common issue will be DNS. > > I'll describe in short what steps need to be taken. All this needs to be done > on your engine host. In the end this was quite easy :) > > 1. Install the packages: ovirt-engine-extension-aaa-ldap and openldap-clients > (these are only for testing your setup) > 2. Test if ldap is working in general. (The extension uses the global catalog > at least for AD, this was news to me): > # ldapsearch -E pr=1024/noprompt -o ldif-wrap=no -H ldap:// > ldap.mydomain.com:3268/ -x \ > -D ' l...@mydomain.com ' -w Passw@rd -b '' '(userPrincipalName= > u...@mydomian.com )' cn userPrincipalName > > If this command does not return details of the user, do debug your ldap and > continue once this works. Example: > > # extended LDIF > # > # LDAPv3 > # base <> with scope subtree > # filter: (userPrincipalName= u...@mydomain.com ) > # requesting: cn userPrincipalName > # with pagedResults control: size=1024 > # > > # Some Name, some-ou, mydomain.com > dn: CN=Some Name,OU=some-ou,DC=mydomain,DC=com > cn: Some Name > userPrincipalName: u...@mydomain.com > > # search result > search: 2 > result: 0 Success > control: 1.2.840.113556.1.4.319 false MIQXGSGSGSgEABAA= > pagedresults: cookie= > > # numResponses: 2 > # numEntries: 1 > > > 3. Copy the examples as mentioned from the readme. > 4. You only need to modify /etc/ovirt-engine/aaa/int.m-box.de.properties; > leave the rest as is. > 5. There, set: > > vars.domain = ldap.mydomain.com > vars.user = ldap@${global:vars.domain} > vars.password = Passw@rd > > 6. Restart ovirt engine service > 7. Log in as admin@einternal and add user rights and roles from the new > provider > > Hope this helps. > > On 22.09.2015 16 :46, Budur Nagaraju wrote: > > > > below are the three files which I have modified. > > > > > > [root@cstlb2 extensions.d]# cat profile1-authn.properties > > ovirt.engine.extension.name < http://ovirt.engine.extension.name > = > > cloudspin-authn > > ovirt.engine.extension.bindings.method = jbossmodule > > ovirt.engine.extension.binding.jbossmodule.module = > > org.ovirt.engine-extensions.aaa.ldap > > ovirt.engine.extension.binding.jbossmodule.class = > > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn > > ovirt.engine.aaa.authn.profile.name < > > http://ovirt.engine.aaa.authn.profile.name > > > = cloudspin > > ovirt.engine.aaa.authn.authz.plugin = cloudspin-auth > > config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties > > > > > > [root@cstlb2 extensions.d]# ls > > profile1-authn.properties profile1-authz.properties > > [root@cstlb2 extensions.d]# cat profile1-authz.properties > > ovirt.engine.extension.name < http://ovirt.engine.extension.name > = > > cloudspin-authz > > ovirt.engine.extension.bindings.method = jbossmodule > > ovirt.engine.extension.binding.jbossmodule.module = > > org.ovirt.engine-extensions.aaa.ldap > > ovirt.engine.extension.binding.jbossmodule.class = > > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz > > config.profile.file.1 = /etc/ovirt-engine/aaa/ldap1.properties > > [root@cstlb2 extensions.d]# > > > > > > > > [root@cstlb2 aaa]# pwd > > /etc/ovirt-engine/aaa > > [root@cstlb2 aaa]# ls > > ldap1.properties > > [root@cstlb2 aaa]# cat ldap1.properties > > # > > # Select one > > # > > include = <openldap.properties> > > #include = <389ds.properties> > > #include = <rhds.properties> > > #include = <ipa.properties> > > #include = <iplanet.properties> > > #include = <rfc2307.properties> > > #include = <rfc2307-openldap.properties> > > > > # > > # Server > > # > > vars.server = my.abc.net < http://my.abc.net > > > > > # > > # Search user and its password. > > # > > vars.user = > > uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=nbudoor,dc=net > > vars.password = company > > > > pool.default.serverset.single.server = ${global:vars.server} > > pool.default.auth.simple.bindDN = ${global:vars.user} > > pool.default.auth.simple.password = ${global:vars.password} > > > > # Create keystore, import certificate chain and uncomment > > # if using ssl/tls. > > #pool.default.ssl.startTLS = true > > #pool.default.ssl.truststore.file = > > ${local:_basedir}/${global:vars.server}.jks > > #pool.default.ssl.truststore.password = changeit > > [root@cstlb2 aaa]# > > > > > > > > > > > > > > On Tue, Sep 22, 2015 at 8:07 PM, Alon Bar-Lev < alo...@redhat.com > > <mailto: alo...@redhat.com >> wrote: > > > > > > > > ----- Original Message ----- > > > From: "Budur Nagaraju" < nbud...@gmail.com <mailto: nbud...@gmail.com >> > > > To: "Alon Bar-Lev" < alo...@redhat.com <mailto: alo...@redhat.com >> > > > Cc:users@ovirt.org <mailto: users@ovirt.org > > > > Sent: Tuesday, September 22, 2015 5:35:16 PM > > > Subject: Re: [ovirt-users] LDAP Authentication > > > > > > its too complicated ,you have any script or video ? > > > > in 3.6 we have a setup script. > > for now: > > > > cp -r /usr/share/ovirt-engine/examples/simple/. /etc/ovirt-engine/ > > > > this is written in the README. > > > > then customize files at /etc/ovirt-engine/extnesions.d/* > > /etc/ovirt-engine/aaa/* to match your setup > > > > > > > > > > > On Tue, Sep 22, 2015 at 8:00 PM, Alon Bar-Lev < alo...@redhat.com > > > <mailto: alo...@redhat.com >> wrote: > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Budur Nagaraju" < nbud...@gmail.com <mailto: nbud...@gmail.com > > > > > >> > > > > > To: "Alon Bar-Lev" < alo...@redhat.com <mailto: alo...@redhat.com >> > > > > > Cc:users@ovirt.org <mailto: users@ovirt.org > > > > > > Sent: Tuesday, September 22, 2015 5:24:36 PM > > > > > Subject: Re: [ovirt-users] LDAP Authentication > > > > > > > > > > HI Alon, > > > > > > > > > > Below is the configuration which I have done ,but unable to search > > > > > the > > > > > users in UI > > > > > can you pls help me ? > > > > > > > > you need three files, see the > > > > /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple > > > > > > > > > > > > > > > > > > > [root@cstlb2 aaa]# cat ldap1.properties > > > > > # > > > > > # Select one > > > > > # > > > > > include = <openldap.properties> > > > > > #include = <389ds.properties> > > > > > #include = <rhds.properties> > > > > > #include = <ipa.properties> > > > > > #include = <iplanet.properties> > > > > > #include = <rfc2307.properties> > > > > > #include = <rfc2307-openldap.properties> > > > > > > > > > > # > > > > > # Server > > > > > # > > > > > vars.server = my.abc.net < http://my.abc.net > > > > > > > > > > > # > > > > > # Search user and its password. > > > > > # > > > > > vars.user = > > > > > > > > > uid=search,cn=nbudoor,cn=Departments,cn=Corporate,cn=Bangalore,cn=users,dc=abc,dc=net > > > > > vars.password = company1 > > > > > > > > > > pool.default.serverset.single.server = ${global:vars.server} > > > > > pool.default.auth.simple.bindDN = ${global:vars.user} > > > > > pool.default.auth.simple.password = ${global:vars.password} > > > > > > > > > > # Create keystore, import certificate chain and uncomment > > > > > # if using ssl/tls. > > > > > #pool.default.ssl.startTLS = true > > > > > #pool.default.ssl.truststore.file = > > > > > ${local:_basedir}/${global:vars.server}.jks > > > > > #pool.default.ssl.truststore.password = changeit > > > > > [root@cstlb2 aaa]# > > > > > > > > > > > > > > > > > > > > On Tue, Sep 22, 2015 at 7:25 PM, Alon Bar-Lev < alo...@redhat.com > > > > > <mailto: alo...@redhat.com >> wrote: > > > > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Budur Nagaraju" < nbud...@gmail.com <mailto: > > > > > > > nbud...@gmail.com >> > > > > > > > To:users@ovirt.org <mailto: users@ovirt.org > > > > > > > > Sent: Tuesday, September 22, 2015 4:34:46 PM > > > > > > > Subject: [ovirt-users] LDAP Authentication > > > > > > > > > > > > > > HI All, > > > > > > > > > > > > > > Can someone help me in configuring LDAP authentication for Ovirt > > > > > > > ? > > > > > > > > > > > > Please review: > > > > > > http://www.ovirt.org/Features/AAA > > > > > > > > > > > > > > > > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0 > > > > > > > > > > > > > > > > > > > > > > > > -- > Daniel Helgenberger > m box bewegtbild GmbH > > P: +49/30/2408781-22 > F: +49/30/2408781-10 > > ACKERSTR. 19 > D-10115 BERLIN > > > www.m-box.de www.monkeymen.tv > > Geschäftsführer: Martin Retschitzegger / Michaela Göllner > Handeslregister: Amtsgericht Charlottenburg / HRB 112767 > > > > _______________________________________________ > Users mailing list Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > > > > > > > > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users