<div dir="ltr">hello i'm trying to use ad authentication in my ovirt setup<div>however i can't seem to get it to work.</div><div><br></div><div>i can browse the ad and select users & groups but logging in does not work</div>
<div><br></div><div>output of engine-manage-domains</div><div><div>engine-manage-domains -report -action=validate</div><div>Domain <a href="http://mydomain.com">mydomain.com</a> is valid.</div><div>The configured user for domain <a href="http://mydomain.com">mydomain.com</a> is <a href="mailto:sync@MYDOMAIN.COM">sync@MYDOMAIN.COM</a></div>
<div>Manage Domains completed successfully</div></div><div><br></div><div>in the egine.log i see following info :</div><div><div>2013-11-05 09:53:45,088 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''</div>
<div>2013-11-05 09:53:45,100 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://<a href="http://srvdc06.mydomain.com:389">srvdc06.mydomain.com:389</a> using user <a href="mailto:vzeebrod@MYDOMAIN.COM">vzeebrod@MYDOMAIN.COM</a> due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''. We should try the next server</div>
<div>2013-11-05 09:53:45,179 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''</div>
<div>2013-11-05 09:53:45,189 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://<a href="http://srvdc04.mydomain.com:389">srvdc04.mydomain.com:389</a> using user <a href="mailto:vzeebrod@MYDOMAIN.COM">vzeebrod@MYDOMAIN.COM</a> due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''. We should try the next server</div>
<div>2013-11-05 09:53:45,253 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''</div>
<div>2013-11-05 09:53:45,262 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://<a href="http://srvdc05.mydomain.com:389">srvdc05.mydomain.com:389</a> using user <a href="mailto:vzeebrod@MYDOMAIN.COM">vzeebrod@MYDOMAIN.COM</a> due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''. We should try the next server</div>
<div>2013-11-05 09:53:45,335 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; remaining name ''</div>
<div>2013-11-05 09:53:45,353 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://<a href="http://srvdc08.mydomain.com:389">srvdc08.mydomain.com:389</a> using user <a href="mailto:vzeebrod@MYDOMAIN.COM">vzeebrod@MYDOMAIN.COM</a> due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; remaining name ''. We should try the next server</div>
<div>2013-11-05 09:53:45,433 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; remaining name ''</div>
<div>2013-11-05 09:53:45,451 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://<a href="http://srvdc07.mydomain.com:389">srvdc07.mydomain.com:389</a> using user <a href="mailto:vzeebrod@MYDOMAIN.COM">vzeebrod@MYDOMAIN.COM</a> due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; remaining name ''. We should try the next server</div>
<div>2013-11-05 09:53:45,523 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''</div>
<div>2013-11-05 09:53:45,540 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://<a href="http://srvdc03.mydomain.com:389">srvdc03.mydomain.com:389</a> using user <a href="mailto:vzeebrod@MYDOMAIN.COM">vzeebrod@MYDOMAIN.COM</a> due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''. We should try the next server</div>
<div>2013-11-05 09:53:45,987 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--127.0.0.1-8702-11) CanDoAction of action LoginAdminUser failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION</div></div><div><br>
</div><div>when i try to get a kerberos ticket on the server i'm able to get a correct ticket</div></div>