Hi, I've just tried with:
# ipa --version VERSION: 4.4.0, API_VERSION: 2.213 And all worked good. Can you please share the logs, which Martin asked for, so we can investigate? Thanks, Ondra On Tue, Jan 31, 2017 at 12:50 PM, Matt . <yamakasi....@gmail.com> wrote: > Hi, > > True. Are you able to check if it still is good for IPA 4.4 usage, it > could be still IPA 3.x maybe or between 4.2 and 4.4 has been changed > something ? Would be great! > > Thanks, > > Matt > > 2017-01-31 11:30 GMT+01:00 Martin Perina <mper...@redhat.com>: >> >> >> On Tue, Jan 31, 2017 at 11:17 AM, Matt . <yamakasi....@gmail.com> wrote: >>> >>> Hi Martin, >>> >>> Thanks for the explanation. But what happens on those tests during the >>> setup the same happens as showed in oVirt. >> >> >> Exactly, you can execute those tests even before publishing new profile to >> engine and if something doesn't work you can fix even before users notice >> that something is wrong. >> >> Also please bear in mind that there are variety of small differences in >> schema across different setups even for the same LDAP server. So setup tool >> uses only basic configurations, if you need something more complicated you >> need to edit configuration manually. >> >> Thanks >> >> Martin Perina >> >>> >>> >>> Default IPA should just work I guess. >>> >>> I will test your command and report back. >>> >>> Cheers, >>> >>> Matt >>> >>> 2017-01-31 10:24 GMT+01:00 Martin Perina <mper...@redhat.com>: >>> > Hi, >>> > >>> > it seem that your schema doesn't match the defaults or you home some >>> > configuration issue. Could you please execute following and send us the >>> > output for your IPA setup? >>> > >>> > ovirt-engine-extensions-tool --log-level=FINE aaa >>> > authz-fetch_principal_record --authz-flag=resolve-groups-recursive >>> > --authz-flag=resolve-groups --extension-name=<PROFILE-NAME> >>> > --principal-name=<USERNAME> >>> > >>> > The above will search for a user by <USERNAME> and tries to fetch all >>> > groups >>> > he is member of. >>> > >>> > Btw you can test both "search users/groups" and "login a user" during >>> > aaa-ldap-setup tool (and it's recommended to do so) and the output from >>> > those commands should provide you the same details. >>> > >>> > Thanks >>> > >>> > Martin Perina >>> > >>> > >>> > >>> > On Mon, Jan 30, 2017 at 9:27 PM, Matt . <yamakasi....@gmail.com> wrote: >>> >> >>> >> Hi, >>> >> >>> >> When I do a ovirt-engine-extension-aaa-ldap-setup and chose IPA the >>> >> groups are shown but the users are not. >>> >> >>> >> When I chose 389ds, the users are shown but not the groups. >>> >> >>> >> Is something wrong with the FreeIPA implementation ? I'm on latest IPA >>> >> 4.4 version from Fedora >>> >> >>> >> Cheers, >>> >> >>> >> Matt >>> >> _______________________________________________ >>> >> Users mailing list >>> >> Users@ovirt.org >>> >> http://lists.ovirt.org/mailman/listinfo/users >>> > >>> > >> >> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
