You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/05/02 14:59:57 UTC
[GitHub] [cloudstack] PPisz opened a new issue #3364: LDAP users with similar permissions do not see each other's networks
PPisz opened a new issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and master branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete the comments.
-->
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Bug Report
* Improvement Request
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
LDAP, Network, UI
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on master branch.
-->
~~~
4.12
~~~
##### CONFIGURATION
<!--
Information about the configuration if relevant, e.g. basic network, advanced networking, etc. N/A otherwise
-->
~~~
Advanced networking with network service offering
~~~
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
CentOS 7
##### SUMMARY
<!-- Explain the problem/feature briefly -->
~~~
In one domain (eg. ROOT):
Admin create network offering
LDAP root admin user create network with network offering
Another LDAP root admin user not see this network
~~~
##### STEPS TO REPRODUCE
<!--
For bugs, show exactly how to reproduce the problem, using a minimal test-case. Use Screenshots if accurate.
For new features, show how the feature would be used.
-->
<!-- Paste example playbooks or commands between quotes below -->
~~~
Create two LDAP users with root admin permissions and create networks.
~~~
<!-- You can also paste gist.github.com links for larger files -->
##### EXPECTED RESULTS
<!-- What did you expect to happen when running the steps above? -->
~~~
All users in one domain with root admin privileges have the same capabilities (in this case, they can create a VM with a network created by another user).
~~~
##### ACTUAL RESULTS
<!-- What actually happened? -->
<!-- Paste verbatim command output between quotes below -->
~~~
LDAP user with root admin privileges can not see the networks created by the standard admin user (on the same domain). If such a user (ldap) with root admin privileges creates a new network, it is not visible to other users in UI
I consider this to be an error which makes work with users with root admin privileges very difficult
~~~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] Spaceman1984 commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
Spaceman1984 commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-831764320
> Thanks @PPisz I need one case to be checked which on behaviour when there are multiple root admins. I'm temporarily opening the ticket. Will close of it turns out to be a non issue.
@rhtyd are you testing the case or should I go ahead?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] PPisz commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
PPisz commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-826932762
@rhtyd
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] PPisz closed issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
PPisz closed issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd closed issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
rhtyd closed issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] Spaceman1984 commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
Spaceman1984 commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-833473724
I tested with multiple root admin accounts, not an issue in 4.14 or 4.15.
I didn't test 4.12. and I didn't specifically test with an LDAP admin user.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] PPisz commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
PPisz commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-826933096
I checked it in 4.15 on Primate, no change.
I understand that it was designed this way, I am closing the ticket.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] andrijapanicsb closed issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
andrijapanicsb closed issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-824708442
ping @PPisz cc @Spaceman1984 @shwstppr @Pearl1594
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-825442694
@PPisz pl check and close the ticket, or help explain for further investigation. Thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-824708621
cc @svenvogel @utchoang can you test in the new UI?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-831833279
@Spaceman1984 pl test by creating two root admin accounts and compare the UI vs legacy UI.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-825442267
@PPisz I reviewed the ticket again, per your comment there are two accounts:
```
Two accounts with root admin privileges:
ppisz | Root Admin | Admin | ROOT | enabled
tome | Root Admin | Admin | ROOT | enabled
```
Since resources are owned by account, they are treated different entities/owners even if they may have the same user (physical person) who has LDAP access to both accounts. If my understanding is correct, this is by design and not a CloudStack bug.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-655309779
Can you test Primate @PPisz we're targeting GA/1.0 now
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-830822464
Thanks @PPisz I need one case to be checked which on behaviour when there are multiple root admins. I'm temporarily opening the ticket. Will close of it turns out to be a non issue.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] rhtyd commented on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
rhtyd commented on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-833562197
Thanks Darrin, closing on your remark
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [cloudstack] PPisz removed a comment on issue #3364: LDAP users with similar permissions do not see each other's networks
Posted by GitBox <gi...@apache.org>.
PPisz removed a comment on issue #3364:
URL: https://github.com/apache/cloudstack/issues/3364#issuecomment-826932762
@rhtyd
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org