I'm using the latest ovirt on CentOS7 with the aaa-ldap extension. I can successfully authenticate as an LDAP user. I can also login as admin@internal and search for, find, and select LDAP users but I cannot add permissions for them. Each time I get the error "User admin@internal-authz failed to grant permission for Role UserRole on System to User/Group <UNKNOWN>."
I have no control over the LDAP server, which uses custom objectClasses and uses groupOfNames instead of PosixGroups. I assume I need to set sequence variables to accommodate our group configuration but I'm at a loss as to where to begin. the The config I have is as follows: include = <rfc2307-generic.properties> vars.server = labauth.lan.lab.org pool.authz.auth.type = none pool.default.serverset.type = single pool.default.serverset.single.server = ${global:vars.server} pool.default.ssl.startTLS = true pool.default.ssl.insecure = true pool.default.connection-options.connectTimeoutMillis = 10000 pool.default.connection-options.responseTimeoutMillis = 90000 sequence-init.init.100-my-basedn-init-vars = my-basedn-init-vars sequence.my-basedn-init-vars.010.description = set baseDN sequence.my-basedn-init-vars.010.type = var-set sequence.my-basedn-init-vars.010.var-set.variable = simple_baseDN sequence.my-basedn-init-vars.010.var-set.value = o=LANLAB sequence-init.init.101-my-objectclass-init-vars = my-objectclass-init-vars sequence.my-objectclass-init-vars.020.description = set objectClass sequence.my-objectclass-init-vars.020.type = var-set sequence.my-objectclass-init-vars.020.var-set.variable = simple_filterUserObject sequence.my-objectclass-init-vars.020.var-set.value = (objectClass=labPerson)(uid=*) search.default.search-request.derefPolicy = NEVER sequence-init.init.900-local-init-vars = local-init-vars sequence.local-init-vars.010.description = override name space sequence.local-init-vars.010.type = var-set sequence.local-init-vars.010.var-set.variable = simple_namespaceDefault sequence.local-init-vars.010.var-set.value = * sequence.local-init-vars.020.description = apply filter to users sequence.local-init-vars.020.type = var-set sequence.local-init-vars.020.var-set.variable = simple_filterUserObject sequence.local-init-vars.020.var-set.value = ${seq:simple_filterUserObject}(employeeStatus=3) sequence.local-init-vars.030.description = apply filter to groups sequence.local-init-vars.030.type = var-set sequence.local-init-vars.030.var-set.variable = simple_filterGroupObject sequence.local-init-vars.030.var-set.value = (objectClass=groupOfUniqueNames) -- IMPORTANT! This message has been scanned for viruses and phishing links. However, it is your responsibility to evaluate the links and attachments you choose to click. If you are uncertain, we always try to help. Greetings helpd...@actnet.se -- IMPORTANT! This message has been scanned for viruses and phishing links. However, it is your responsibility to evaluate the links and attachments you choose to click. If you are uncertain, we always try to help. Greetings helpd...@actnet.se
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OFTGDHHMO755ODWHZ6V5GGT4OSNPLCLO/