What's you LDAP and what profile did you choose? This looks like you have chosen incorect profile during setup. Are you sure you arent using posix group and using non-posix aaa profile? Sharing a debug log of ovirt-engine-extensions-tool would be helpfull.
On Fri, May 25, 2018, 10:04 AM Callum Smith <[email protected]> wrote: > Dear All, > > I'm having problems getting LDAP running, login works, but I'm getting > "user is not authorised to perform login" - this is even if i specify the > UserRole specifically to the LDAP group the user is in. > > 2018-05-25 08:56:16,212+01 INFO > [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-23) [] > User callum@Biomedical Research Computing successfully logged in with > scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal > ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all > ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search > ovirt-ext=token-info:validate ovirt-ext=token:password-access > 2018-05-25 08:56:16,391+01 INFO > [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-25) > [63e60fe9] Running command: CreateUserSessionCommand internal: false. > 2018-05-25 08:56:16,430+01 ERROR > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > (default task-25) [63e60fe9] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User > callum@Biomedical Research Computing connecting from '192.168.65.254' > failed to log in<UNKNOWN>. > 2018-05-25 08:56:16,430+01 ERROR > [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-25) > [] The user callum@Biomedical Research Computing is not authorized to > perform login > > > on a side note: is it possible to assign permissions to all members of an > LDAP tree where they dont have a common group membership? > > Regards, > Callum > > -- > > Callum Smith > Research Computing Core > Wellcome Trust Centre for Human Genetics > University of Oxford > e. [email protected] > > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/PCOI5I47AKTGEWCHVKKAEOOCN5FDOTYW/
