Tested in si18 When adding an IPA domain using manage-domains I got the following warning "WARNING: No permissions were added to the Engine. Login either with the internal admin user or with another configured user.? Followed by a "success" message "Successfully added domain ......." The logs show 2012-09-12 04:57:52,788 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): rhev.redhat.com 2012-09-12 04:57:52,895 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): rhev.redhat.com 2012-09-12 04:57:52,895 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: rhev.redhat.com 2012-09-12 04:57:59,234 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully tested kerberos configuration for domain: rhev.redhat.com 2012-09-12 04:57:59,255 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Applying kerberos configuration 2012-09-12 04:57:59,277 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserName to rhev.redhat.com:admin.COM 2012-09-12 04:58:01,784 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserPassword to rhev.redhat.com:******** 2012-09-12 04:58:04,033 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LdapServers to 2012-09-12 04:58:06,507 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserId to rhev.redhat.com:6d39ec20-f096-11e1-a798-525400ecf885 2012-09-12 04:58:08,780 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LDAPSecurityAuthentication to rhev.redhat.com:GSSAPI 2012-09-12 04:58:10,043 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for DomainName to rhev.redhat.com 2012-09-12 04:58:11,571 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LDAPProviderTypes to rhev.redhat.com:ipa
Successfully added domain XYZ. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart). This is indeed false. Used with addPermissions, however once the service is restarted, browser offers only 'internal' domain anyway.
Upstream patch: http://gerrit.ovirt.org/#/c/8062/1