Description of problem:


Version-Release number of selected component (if applicable):
sf8

How reproducible:
always

Steps to Reproduce:
1. Add disabled/expired user UserVmManager role on cluster.
2. Try to login to UserPortal. - Denied
3. Try to add new user to rhevm from same domain as disabled/expired user is.

Actual results:
Domain don't respond

Expected results:
Domain respond

Additional info:
Login/logout don't help.
service ovirt-engine restart solve it, then domain work correctly.

engine logs:
------------
2013-08-07 15:46:08,535 INFO  [org.ovirt.engine.core.bll.AddPermissionCommand] (pool-5-thread-7) [30d4cb02] Running command: AddPermissionCommand internal: false. Entities affected :  ID: 99408929-82cf-4dc7-a532-9d998063fa95 Type: VdsGroups
2013-08-07 15:46:08,873 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (pool-5-thread-7) [30d4cb02] Correlation ID: 30d4cb02, Call Stack: null, Custom Event ID: -1, Message: User/Group disabled.eng.brq.redhat.com was granted permission for Role UserRole on Cluster Default, by admin@internal.
2013-08-07 15:46:21,493 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/127.0.0.1:8702-12) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User disabled.ENG.BRQ.REDHAT.COM cannot login, as it got disabled or locked. Please contact the system administrator.
2013-08-07 15:46:21,493 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (ajp-/127.0.0.1:8702-12) Kerberos error: Clients credentials have been revoked (18)
2013-08-07 15:46:21,493 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (ajp-/127.0.0.1:8702-12) Authentication failed. The user is either locked or disabled
2013-08-07 15:46:21,501 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp-/127.0.0.1:8702-12) Failed ldap search server LDAP://dc-01.rhev.lab.eng.brq.redhat.com:389 using user disabled.ENG.BRQ.REDHAT.COM due to Authentication failed. The user is either locked or disabled. We should not try the next server
2013-08-07 15:46:21,501 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (ajp-/127.0.0.1:8702-12) Failed authenticating user: disabled to domain rhev.lab.eng.brq.redhat.com. Ldap Query Type is getUserByName
2013-08-07 15:46:21,502 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (ajp-/127.0.0.1:8702-12) Authentication failed. The user is either locked or disabled
2013-08-07 15:46:21,502 ERROR [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/127.0.0.1:8702-12) USER_FAILED_TO_AUTHENTICATE_ACCOUNT_IS_LOCKED_OR_DISABLED : disabled
2013-08-07 15:46:21,504 WARN  [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/127.0.0.1:8702-12) CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_ACCOUNT_IS_LOCKED_OR_DISABLED
2013-08-07 15:46:51,593 INFO  [org.ovirt.engine.core.WelcomeServlet] (ajp-/127.0.0.1:8702-12) Detected Locale: en-US