Bug 803380

Summary: User can't login into webadmin when is registered via groups
Product: [Retired] oVirt Reporter: Pavel Stehlik <pstehlik>
Component: ovirt-engine-coreAssignee: Yair Zaslavsky <yzaslavs>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: acathrow, iheim, oourfali, sauchter, ykaul
Target Milestone: ---   
Target Release: 3.1   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 810244 810278 810400 (view as bug list) Environment:
Last Closed: 2012-08-09 08:02:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 810244, 810400, 810863    

Description Pavel Stehlik 2012-03-14 15:29:32 UTC 
Description of problem:
 Have group &  user in it on AD/IPA. Add group as SuperUser to the system - the user should login to webadmin. Instead group status is 'Inactive' & user can't login to wpf. 

(when group is added to VM as UserRole, then user can see the VM in UserPortal - it means this works).

Version-Release number of selected component (if applicable):
ovirt-engine-3.0.0_0001-3.git4364f1b.fc16.x86_64

How reproducible:
100% (also new setup, new group & user)

Steps to Reproduce:
1. see above
2.
3.
  
Actual results:
When adding group:
----------
2012-03-14 15:58:04,756 INFO  [org.ovirt.engine.core.bll.AddSystemPermissionCommand] (pool-5-thread-49) [aab360a] Running command: AddSystemPermissionCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: System

When trying to login with user:
------------------
2012-03-14 16:21:24,943 WARN  [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8443-4) CanDoAction of action LoginAdminUser failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION

Expected results:
It should be possible to register user via group.

Additional info:
Comment 1 Yair Zaslavsky 2012-03-25 15:34:07 UTC 
I followed your instructions the following way:
1. Worked on oVirt code (you used WPF so this was kinda confusing, based my checks on oVirt code as you set the "product" to "oVirt".
2. Tried reproducing on commit hash 6670ebb6fffacaf45cfd25253250d236b68025de
3. Created a group in ad - yair_group
4. Created a user in ad - yair_group_member. Set it as member of yair_group
5. Used webadmin -> configure -> System permissions -> Add
6. Searched for the group yair_group, and selected it.
7. Granted it SuperUserRole.
8. Group is inactive in DB (did some trick with debugger to get to this situation)
9. I still manage to login.

Please advice how to reproduce.
Comment 2 Yair Zaslavsky 2012-03-25 15:34:38 UTC 
I meant you used wpf in your bug description.
Comment 3 Pavel Stehlik 2012-03-26 13:24:54 UTC 
oh I shouldn't mention WPF, I mean webadmin... 
basically - yes, your steps as same as I tried on latest RPM version available to me.
Comment 4 Yair Zaslavsky 2012-03-28 11:28:43 UTC 
I take back what i said about upstream.
I reproduced upstream.

Merged 

http://gerrit.ovirt.org/#change,3122



http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=a3fb80fa7bc1531878a5b4e8543c94d9d85494f3
Comment 5 Yair Zaslavsky 2012-04-05 11:46:08 UTC 
This bug is for upstream.
Comment 6 Itamar Heim 2012-08-09 08:02:46 UTC 
closing ON_QA bugs as oVirt 3.1 was released:
http://www.ovirt.org/get-ovirt/
Comment 7 Itamar Heim 2012-08-09 08:03:48 UTC 
closing ON_QA bugs as oVirt 3.1 was released:
http://www.ovirt.org/get-ovirt/