Bug 803380 - User can't login into webadmin when is registered via groups
Summary: User can't login into webadmin when is registered via groups
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: oVirt
Classification: Retired
Component: ovirt-engine-core
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
: 3.1
Assignee: Yair Zaslavsky
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 810244 810400 810863
TreeView+ depends on / blocked
 
Reported: 2012-03-14 15:29 UTC by Pavel Stehlik
Modified: 2015-03-05 00:17 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 810244 810278 810400 (view as bug list)
Environment:
Last Closed: 2012-08-09 08:02:46 UTC
oVirt Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Pavel Stehlik 2012-03-14 15:29:32 UTC 
Description of problem:
 Have group &  user in it on AD/IPA. Add group as SuperUser to the system - the user should login to webadmin. Instead group status is 'Inactive' & user can't login to wpf. 

(when group is added to VM as UserRole, then user can see the VM in UserPortal - it means this works).

Version-Release number of selected component (if applicable):
ovirt-engine-3.0.0_0001-3.git4364f1b.fc16.x86_64

How reproducible:
100% (also new setup, new group & user)

Steps to Reproduce:
1. see above
2.
3.
  
Actual results:
When adding group:
----------
2012-03-14 15:58:04,756 INFO  [org.ovirt.engine.core.bll.AddSystemPermissionCommand] (pool-5-thread-49) [aab360a] Running command: AddSystemPermissionCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: System

When trying to login with user:
------------------
2012-03-14 16:21:24,943 WARN  [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8443-4) CanDoAction of action LoginAdminUser failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION

Expected results:
It should be possible to register user via group.

Additional info:
Comment 1 Yair Zaslavsky 2012-03-25 15:34:07 UTC 
I followed your instructions the following way:
1. Worked on oVirt code (you used WPF so this was kinda confusing, based my checks on oVirt code as you set the "product" to "oVirt".
2. Tried reproducing on commit hash 6670ebb6fffacaf45cfd25253250d236b68025de
3. Created a group in ad - yair_group
4. Created a user in ad - yair_group_member. Set it as member of yair_group
5. Used webadmin -> configure -> System permissions -> Add
6. Searched for the group yair_group, and selected it.
7. Granted it SuperUserRole.
8. Group is inactive in DB (did some trick with debugger to get to this situation)
9. I still manage to login.

Please advice how to reproduce.
Comment 2 Yair Zaslavsky 2012-03-25 15:34:38 UTC 
I meant you used wpf in your bug description.
Comment 3 Pavel Stehlik 2012-03-26 13:24:54 UTC 
oh I shouldn't mention WPF, I mean webadmin... 
basically - yes, your steps as same as I tried on latest RPM version available to me.
Comment 4 Yair Zaslavsky 2012-03-28 11:28:43 UTC 
I take back what i said about upstream.
I reproduced upstream.

Merged 

http://gerrit.ovirt.org/#change,3122



http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=a3fb80fa7bc1531878a5b4e8543c94d9d85494f3
Comment 5 Yair Zaslavsky 2012-04-05 11:46:08 UTC 
This bug is for upstream.
Comment 6 Itamar Heim 2012-08-09 08:02:46 UTC 
closing ON_QA bugs as oVirt 3.1 was released:
http://www.ovirt.org/get-ovirt/
Comment 7 Itamar Heim 2012-08-09 08:03:48 UTC 
closing ON_QA bugs as oVirt 3.1 was released:
http://www.ovirt.org/get-ovirt/
Note You need to log in before you can comment on or make changes to this bug.