Hi, True. Are you able to check if it still is good for IPA 4.4 usage, it could be still IPA 3.x maybe or between 4.2 and 4.4 has been changed something ? Would be great!
Thanks, Matt 2017-01-31 11:30 GMT+01:00 Martin Perina <mper...@redhat.com>: > > > On Tue, Jan 31, 2017 at 11:17 AM, Matt . <yamakasi....@gmail.com> wrote: >> >> Hi Martin, >> >> Thanks for the explanation. But what happens on those tests during the >> setup the same happens as showed in oVirt. > > > Exactly, you can execute those tests even before publishing new profile to > engine and if something doesn't work you can fix even before users notice > that something is wrong. > > Also please bear in mind that there are variety of small differences in > schema across different setups even for the same LDAP server. So setup tool > uses only basic configurations, if you need something more complicated you > need to edit configuration manually. > > Thanks > > Martin Perina > >> >> >> Default IPA should just work I guess. >> >> I will test your command and report back. >> >> Cheers, >> >> Matt >> >> 2017-01-31 10:24 GMT+01:00 Martin Perina <mper...@redhat.com>: >> > Hi, >> > >> > it seem that your schema doesn't match the defaults or you home some >> > configuration issue. Could you please execute following and send us the >> > output for your IPA setup? >> > >> > ovirt-engine-extensions-tool --log-level=FINE aaa >> > authz-fetch_principal_record --authz-flag=resolve-groups-recursive >> > --authz-flag=resolve-groups --extension-name=<PROFILE-NAME> >> > --principal-name=<USERNAME> >> > >> > The above will search for a user by <USERNAME> and tries to fetch all >> > groups >> > he is member of. >> > >> > Btw you can test both "search users/groups" and "login a user" during >> > aaa-ldap-setup tool (and it's recommended to do so) and the output from >> > those commands should provide you the same details. >> > >> > Thanks >> > >> > Martin Perina >> > >> > >> > >> > On Mon, Jan 30, 2017 at 9:27 PM, Matt . <yamakasi....@gmail.com> wrote: >> >> >> >> Hi, >> >> >> >> When I do a ovirt-engine-extension-aaa-ldap-setup and chose IPA the >> >> groups are shown but the users are not. >> >> >> >> When I chose 389ds, the users are shown but not the groups. >> >> >> >> Is something wrong with the FreeIPA implementation ? I'm on latest IPA >> >> 4.4 version from Fedora >> >> >> >> Cheers, >> >> >> >> Matt >> >> _______________________________________________ >> >> Users mailing list >> >> Users@ovirt.org >> >> http://lists.ovirt.org/mailman/listinfo/users >> > >> > > > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
