Thank you for the replies. What would be the proper way to apply the fix?
I see the change in the source but I can't find the corresponding file on the system. Thanks, -- Peter On Mon, Mar 11, 2019 at 4:21 AM Ravi Shankar Nori <[email protected]> wrote: > > > On Mon, Mar 11, 2019 at 4:49 AM Martin Perina <[email protected]> wrote: > >> >> >> On Sat, Mar 9, 2019 at 10:43 AM <[email protected]> wrote: >> >>> > I just did a clean install of oVirt 4.3.1 (engine and nodes). >>> > >>> > I setup AD authentication and gave an AD group permissions needed work >>> with >>> > VMs. I gave them PowerUserRole on the Cluster and Storage. >>> > >>> > Users in the AD group can login and create VMs but after they log out >>> and >>> > log back in they don't see any of the VMs created in the previous >>> session. >>> > >>> > I noticed that in Administration -> Users a new row is created for each >>> > user every time they login. All columns for each user are the same: >>> same >>> > first and last name, same user name, authorization provider, and so on >>> but >>> > the behavior looks very much like they are being treated as new user >>> every >>> > time they login. >>> >> >> Ravi, is above the same issue as tracked in >> https://bugzilla.redhat.com/show_bug.cgi?id=1672860 ? >> >>> >>> > Yes it is the same issue and should be fixed by [1] > > [1] https://gerrit.ovirt.org/#/c/98169/ > > > >> >>> I have observed the same behaviour with oVirt 4.3.XY >>> >>> Delving deeper, in the oVirt engine 'users' table, external_id is *not* >>> being set for AD users as documented in (e.g.) >>> engines/packaging/dbscripts/common_sp.sql >>> >>> "The external identifier is the user identifier converted to an array of >>> bytes:" >>> >>> ovirt 4.3.0 >>> user@domain | f3de0b27-c2a0-463b-a2ff-d480bd88c77f | >>> ece7b8c2-4983-4c1e-9a33-c28d58d40213 >>> >>> >>> And under ovirt 4.2.8 for comparison: >>> >>> username | user_id | >>> external_id >>> user@domain | 364d176e-8813-4e67-bdd0-dc10b823d23c | >>> af5bbg/eTkuktBPXW4Ak5g== >>> >>> >>> Further information on replicating the issue: >>> >>> 1) Configure LDAP authentication: >>> >>> >>> https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles.html#configuring-an-external-ldap-provider >>> >>> >>> 2) Add an LDAP group via the Administration Portal: >>> >>> Administration >> Users > 'Add' button, click 'Group' >>> radio-button, select the relevant LDAP authorization >>> select the relevant LDAP authorization provider in the >>> drop-down list under 'Search', enter the LDAP group >>> in the search text-box then click 'GO'. >>> >>> The found group should appear below. Select the >>> toggle-button to the left of the group then click >>> 'Add and Close'. >>> >>> >>> 3) Add SuperUser system permission for the LDAP group. >>> >>> Back under Administration >> Users, click the 'Group' >>> button if groups are not already displayed. Click on >>> the LDAP group added in the previous step then click >>> 'Permissions' -> 'Add System Permissions' >>> >>> >>> 4) Log into the Administration Portal as an LDAP group member. >>> Logout then log back into the Administration Portal as a >>> member of the LDAP group specified above. Login should be >>> successful because that user will inherit the SuperUser >>> system permission but note the following issues below: >>> >>> - under Administration >> Users, note that a 'User' icon >>> is displayed for the LDAP user rather than an 'Admin' icon. >>> This is in contrast to 4.2.8, where an Admin icon would >>> be displayed. >>> >>> >>> 5) Repeat step 4 above. >>> If you logout then log back into the Administration Portal as >>> the same member of the LDAP group specified above then >>> check Administration >> Users, an additional user entry appears: >>> same First Name, Last Name, Authorization provider, Namespace >>> and E-mail. >>> _______________________________________________ >>> Users mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>> oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ >>> List Archives: >>> https://lists.ovirt.org/archives/list/[email protected]/message/PC2JLU65QED36MLLN7I5BJEPYEADKUO2/ >>> >> >> >> -- >> Martin Perina >> Associate Manager, Software Engineering >> Red Hat Czech s.r.o. >> > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/[email protected]/message/REPKBSLKHRM5QXRGWDJQRU3V5MZRGBV4/ >
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/4CCSUB5UEZADNNKJ6XBEQQBTQKW2PTAP/
