Bug 1380128

Summary: [RFE] Use authz name instead of profile name as domain for Cloud-Init/Sysprep for windows guests.
Product: Red Hat Enterprise Virtualization Manager Reporter: Ameya Charekar <achareka>
Component: ovirt-engineAssignee: Ondra Machacek <omachace>
Status: CLOSED ERRATA QA Contact: Israel Pinto <ipinto>
Severity: low Docs Contact:
Priority: unspecified    
Version: 4.0.3CC: achareka, bazulay, lsurette, mavital, mgoldboi, michal.skrivanek, mperina, oourfali, rbalakri, Rhev-m-bugs, srevivo, tjelinek, ykaul
Target Milestone: ovirt-4.1.2Keywords: FutureFeature, ZStream
Target Release: ---Flags: ipinto: testing_plan_complete+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-24 11:21:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1425122    
Bug Blocks:    

Description Ameya Charekar 2016-09-28 17:35:48 UTC 
Description of problem:

We can customize profile name that will be visible to users while configuring an External LDAP Provider for AD. Profile name is reflected in Domain field while using initial run for windows vm. For profile name created with space we can not save vm without manual changes.

Version-Release number of selected component (if applicable):
ovirt-engine-extension-aaa-ldap-1.2.1-1.el7ev.noarch
ovirt-engine-extension-aaa-ldap-setup-1.2.1-1.el7ev.noarch

How reproducible:

Always.

Steps to Reproduce:
1. Run ovirt-engine-extension-aaa-ldap-setup for configuring AD.
2. Provide profile name with space:
Please specify profile name that will be visible to users [<domain>.com]: <name with space>
3. For windows guest after enabling Use Cloud-Init/Sysprep unable to save vm as domain name with space is not allowed.

Actual results:

Domain name is profile name.

Expected results:

Domain name should be from "vars.domain = <domain>.com" irrespective of profile name.

Additional info:
Comment 1 Martin Perina 2016-09-29 12:19:36 UTC 
Currently profile name and authz name must be set to do domain name in order for both cloud-init/sysprep and VM Signle Sign-On to work correctly. If you want to have profile name different from domain name, then please change the bug to RFE and we could probably change the code to use only authz name for cloud-init/sysprep and VM Signle Sign-On in future.
Comment 9 Martin Perina 2016-10-06 19:05:06 UTC 
Currently profile name is used as domain name when configuring cloud-init/sysprep for Windows guest. But this is wrong, because we have no restrictions/recommendations for profile name and when user is successfully logged into engine we know only his authz name, but not profile name (multiple profile names can be mapped into single authz name). Also only authz name is required to be set to domain name for Windows guests features like Single Sign-On for VMs.
Comment 14 Israel Pinto 2017-05-04 08:03:14 UTC 
Verify with: 
RHVM Version: 4.1.2-0.1.el7

Steps:
1. Run ovirt-engine-extension-aaa-ldap-setup for configuring AD.
2. [Edit VM]
Create VM with 'other os' and update OS version to window_XX (desktop/server)
Enable sysprep and check that domain is update with 'aaaProfileName'
3. [New VM]
Create VM with OS version window_XX (desktop/server)
Enable sysprep and check that domain is update with 'aaaProfileName'

Results:
All cases pass
Comment 16 errata-xmlrpc 2017-05-24 11:21:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1280