Bug 803380 - User can't login into webadmin when is registered via groups
User can't login into webadmin when is registered via groups
Status: CLOSED CURRENTRELEASE
Product: oVirt
Classification: Community
Component: ovirt-engine-core (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: 3.1
Assigned To: Yair Zaslavsky
:
Depends On:
Blocks: 810244 810400 810863
  Show dependency treegraph
 
Reported: 2012-03-14 11:29 EDT by Pavel Stehlik
Modified: 2015-03-04 19:17 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 810244 810278 810400 (view as bug list)
Environment:
Last Closed: 2012-08-09 04:02:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pavel Stehlik 2012-03-14 11:29:32 EDT
Description of problem:
 Have group &  user in it on AD/IPA. Add group as SuperUser to the system - the user should login to webadmin. Instead group status is 'Inactive' & user can't login to wpf. 

(when group is added to VM as UserRole, then user can see the VM in UserPortal - it means this works).

Version-Release number of selected component (if applicable):
ovirt-engine-3.0.0_0001-3.git4364f1b.fc16.x86_64

How reproducible:
100% (also new setup, new group & user)

Steps to Reproduce:
1. see above
2.
3.
  
Actual results:
When adding group:
----------
2012-03-14 15:58:04,756 INFO  [org.ovirt.engine.core.bll.AddSystemPermissionCommand] (pool-5-thread-49) [aab360a] Running command: AddSystemPermissionCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: System

When trying to login with user:
------------------
2012-03-14 16:21:24,943 WARN  [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8443-4) CanDoAction of action LoginAdminUser failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION

Expected results:
It should be possible to register user via group.

Additional info:
Comment 1 Yair Zaslavsky 2012-03-25 11:34:07 EDT
I followed your instructions the following way:
1. Worked on oVirt code (you used WPF so this was kinda confusing, based my checks on oVirt code as you set the "product" to "oVirt".
2. Tried reproducing on commit hash 6670ebb6fffacaf45cfd25253250d236b68025de
3. Created a group in ad - yair_group
4. Created a user in ad - yair_group_member. Set it as member of yair_group
5. Used webadmin -> configure -> System permissions -> Add
6. Searched for the group yair_group, and selected it.
7. Granted it SuperUserRole.
8. Group is inactive in DB (did some trick with debugger to get to this situation)
9. I still manage to login.

Please advice how to reproduce.
Comment 2 Yair Zaslavsky 2012-03-25 11:34:38 EDT
I meant you used wpf in your bug description.
Comment 3 Pavel Stehlik 2012-03-26 09:24:54 EDT
oh I shouldn't mention WPF, I mean webadmin... 
basically - yes, your steps as same as I tried on latest RPM version available to me.
Comment 4 Yair Zaslavsky 2012-03-28 07:28:43 EDT
I take back what i said about upstream.
I reproduced upstream.

Merged 

http://gerrit.ovirt.org/#change,3122



http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=a3fb80fa7bc1531878a5b4e8543c94d9d85494f3
Comment 5 Yair Zaslavsky 2012-04-05 07:46:08 EDT
This bug is for upstream.
Comment 6 Itamar Heim 2012-08-09 04:02:46 EDT
closing ON_QA bugs as oVirt 3.1 was released:
http://www.ovirt.org/get-ovirt/
Comment 7 Itamar Heim 2012-08-09 04:03:48 EDT
closing ON_QA bugs as oVirt 3.1 was released:
http://www.ovirt.org/get-ovirt/

Note You need to log in before you can comment on or make changes to this bug.