<div dir="ltr"><div><div>Hello Alon,<br><br></div>I have done what you have said. My new configuration files are:<br><br>/etc/ovirt-engine/extensions.d/siee-local-authn.properties:<br><br><a href="http://ovirt.engine.extension.name">ovirt.engine.extension.name</a> = siee-local-authn<br>ovirt.engine.extension.bindings.method = jbossmodule<br>ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap<br>ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension<br>ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn<br><a href="http://ovirt.engine.aaa.authn.profile.name">ovirt.engine.aaa.authn.profile.name</a> = siee<br>ovirt.engine.aaa.authn.authz.plugin = siee-local-authz<br>config.profile.file.1 = aaa/siee.properties<br><br>/etc/ovirt-engine/extensions.d/siee-local-authz.properties:<br><br><a href="http://ovirt.engine.extension.name">ovirt.engine.extension.name</a> = siee-local-authz<br>ovirt.engine.extension.bindings.method = jbossmodule<br>ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap<br>ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension<br>ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz<br>config.profile.file.1 = aaa/siee.properties<br><br>/etc/ovirt-engine/extensions.d/aaa/siee.properties:<br><br>include = <ad.properties><br><br>#<br># Active directory domain name.<br>#<br>vars.domain = siee.local<br><br>#<br># Search user and its password.<br>#<br>vars.user = searcher@${global:vars.domain}<br>vars.password = xxxxxxx<br><br>#<br># Optional DNS servers, if enterprise<br># DNS server cannot resolve the domain srvrecord.<br>#<br>#vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}<br><br>pool.default.serverset.type = srvrecord<br>pool.default.serverset.srvrecord.domain = ${global:vars.domain}<br>pool.default.auth.simple.bindDN = ${global:vars.user}<br>pool.default.auth.simple.password = ${global:vars.password}<br><br># Uncomment if using custom DNS<br>#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns}<br>#pool.default.socketfactory.resolver.uRL = ${global:vars.dns}<br><br># Create keystore, import certificate chain and uncomment<br># if using ssl/tls.<br>#pool.default.ssl.startTLS = true<br>#pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks<br>#pool.default.ssl.truststore.password = changeit<br><br></div><div>After reconfigure my files with ovirt-engine stopped I have started ovirt-engine and I have tried to log in. The error persist,<br>"<span style class="">General command validation failure." and after that I have stopped ovirt-engine again. I attach my engine.log file.<br><br></span></div><div><span style class="">Many thanks again,<br><br></span></div><div><span style class="">Juanjo.<br></span></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 2, 2014 at 3:46 PM, Alon Bar-Lev <span dir="ltr"><<a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
----- Original Message -----<br>
> From: "Juan Jose" <<a href="mailto:jj197005@gmail.com">jj197005@gmail.com</a>><br>
> To: "Alon Bar-Lev" <<a href="mailto:alonbl@redhat.com">alonbl@redhat.com</a>><br>
> Cc: "Ondra Machacek" <<a href="mailto:omachace@redhat.com">omachace@redhat.com</a>>, "Yair Zaslavsky" <<a href="mailto:yzaslavs@redhat.com">yzaslavs@redhat.com</a>>, <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
</span><span class="">> Sent: Tuesday, December 2, 2014 3:48:54 PM<br>
> Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue<br>
><br>
> Hello Alon and everybody,<br>
><br>
</span><span class="">> I have installed package ovirt-engine-extension-aaa-ldap and configure my<br>
> files as the documentation says. The files are:<br>
><br>
> /etc/ovirt-engine/extensions.d/siee.local-authn.properties:<br>
><br>
> <a href="http://ovirt.engine.extension.name" target="_blank">ovirt.engine.extension.name</a> = siee.local-authn<br>
> ovirt.engine.extension.bindings.method = jbossmodule<br>
> ovirt.engine.extension.binding.jbossmodule.module =<br>
> org.ovirt.engine-extensions.aaa.ldap<br>
> ovirt.engine.extension.binding.jbossmodule.class =<br>
> org.ovirt.engineextensions.aaa.ldap.AuthnExtension<br>
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn<br>
> <a href="http://ovirt.engine.aaa.authn.profile.name" target="_blank">ovirt.engine.aaa.authn.profile.name</a> = siee.local<br>
> ovirt.engine.aaa.authn.authz.plugin = siee.local-authz<br>
> config.profile.file.1 = aaa/siee.local.properties<br>
<br>
</span>please use absolute file name for 3.5.0 relative will be available in 3.5.1<br>
<span class=""><br>
><br>
> /etc/ovirt-engine/extensions.d/siee.local-authz.properties:<br>
><br>
> <a href="http://ovirt.engine.extension.name" target="_blank">ovirt.engine.extension.name</a> = siee.local-authz<br>
> ovirt.engine.extension.bindings.method = jbossmodule<br>
> ovirt.engine.extension.binding.jbossmodule.module =<br>
> org.ovirt.engine-extensions.aaa.ldap<br>
> ovirt.engine.extension.binding.jbossmodule.class =<br>
> org.ovirt.engineextensions.aaa.ldap.AuthzExtension<br>
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz<br>
> config.profile.file.1 = aaa/siee.local.properties<br>
<br>
</span>please use absolute file name for 3.5.0 relative will be available in 3.5.1<br>
<span class=""><br>
<br>
><br>
> /etc/ovirt-engine/extensions.d/aaa/siee.local.properties:<br>
><br>
> include = <ad.properties><br>
><br>
> #<br>
> # Active directory domain name.<br>
> #<br>
> vars.domain = siee.local<br>
><br>
> #<br>
> # Search user and its password.<br>
> #<br>
> vars.user = juanjo@${global:vars.domain}<br>
> vars.password = xxxxxxxx<br>
<br>
</span>this should be dedicate user for search not your private user.<br>
<div><div class="h5"><br>
><br>
> #<br>
> # Optional DNS servers, if enterprise<br>
> # DNS server cannot resolve the domain srvrecord.<br>
> #<br>
> #vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}<br>
><br>
> pool.default.serverset.type = srvrecord<br>
> pool.default.serverset.srvrecord.domain = ${global:vars.domain}<br>
> pool.default.auth.simple.bindDN = ${global:vars.user}<br>
> pool.default.auth.simple.password = ${global:vars.password}<br>
><br>
> # Uncomment if using custom DNS<br>
> #pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url<br>
> = ${global:vars.dns}<br>
> #pool.default.socketfactory.resolver.uRL = ${global:vars.dns}<br>
><br>
> # Create keystore, import certificate chain and uncomment<br>
> # if using ssl/tls.<br>
> #pool.default.ssl.startTLS = true<br>
> #pool.default.ssl.truststore.file =<br>
> ${local:_basedir}/${global:vars.domain}.jks<br>
> #pool.default.ssl.truststore.password = changeit<br>
><br>
> And after this configuration I restart ovirt-engine service. When I try to<br>
> login in administrator portal I can see the error "The user name or<br>
> password is incorrect.". In /var/log/ovirt-engine/engine.log I have the<br>
> errors:<br>
><br>
> 2014-12-02 14:02:21,983 ERROR<br>
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
> (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom<br>
> Event ID: -1, Message: User juanjo cannot login, please verify the username<br>
> and password.<br>
> 2014-12-02 14:02:21,991 ERROR<br>
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
> (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom<br>
> Event ID: -1, Message: User juanjo failed to log in.<br>
><br>
> I'm using correct user and password becuase I can login in a Windows client<br>
> machine which is inside siee.local domain with this user and its correct<br>
> password.<br>
><br>
> What do you think it could be the problem?<br>
><br>
> If you need more information or I have to configure any other parameters,<br>
> please tell me.<br>
<br>
</div></div>please attach full engine.log, more correctly, stop engine, remove engine.log start engine, try to login and send log.<br>
please make sure you select the "siee.local" domain in dropdown of login screen.<br>
<br>
when I get the engine.log I will be able to understand who to progress.<br>
<br>
thanks!<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
><br>
> Many thanks in advanced,<br>
><br>
> Juanjo.<br>
><br>
><br>
><br>
> On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <<a href="mailto:alonbl@redhat.com">alonbl@redhat.com</a>> wrote:<br>
><br>
> ><br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Juan Jose" <<a href="mailto:jj197005@gmail.com">jj197005@gmail.com</a>><br>
> > > To: "Alon Bar-Lev" <<a href="mailto:alonbl@redhat.com">alonbl@redhat.com</a>><br>
> > > Cc: "Ondra Machacek" <<a href="mailto:omachace@redhat.com">omachace@redhat.com</a>>, "Yair Zaslavsky" <<br>
> > <a href="mailto:yzaslavs@redhat.com">yzaslavs@redhat.com</a>>, <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> > > Sent: Wednesday, November 26, 2014 3:04:14 PM<br>
> > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue<br>
> > ><br>
> > > Hello Alon and everybody,<br>
> > ><br>
> > > Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package and it<br>
> > > is not available:<br>
> > ><br>
> > > yum list "ovirt-engine*"<br>
> > > Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock<br>
> > > Loading mirror speeds from cached hostfile<br>
> > > * base: <a href="http://ftp.udl.es" target="_blank">ftp.udl.es</a><br>
> > > * epel: <a href="http://mirror.uv.es" target="_blank">mirror.uv.es</a><br>
> > > * extras: <a href="http://ftp.udl.es" target="_blank">ftp.udl.es</a><br>
> > > * ovirt-3.5: <a href="http://ftp.nluug.nl" target="_blank">ftp.nluug.nl</a><br>
> > > * ovirt-3.5-epel: <a href="http://mirror.uv.es" target="_blank">mirror.uv.es</a><br>
> > > * ovirt-3.5-jpackage-6.0-generic: <a href="http://mirror.ibcp.fr" target="_blank">mirror.ibcp.fr</a><br>
> > > * ovirt-epel: <a href="http://mirror.uv.es" target="_blank">mirror.uv.es</a><br>
> > > * ovirt-jpackage-6.0-generic: <a href="http://mirror.ibcp.fr" target="_blank">mirror.ibcp.fr</a><br>
> > > * updates: <a href="http://ftp.udl.es" target="_blank">ftp.udl.es</a><br>
> > > Installed Packages<br>
> > > ovirt-engine.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-backend.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-cli.noarch<br>
> > > 3.3.0.6-1.el6 @ovirt-3.3.3<br>
> > > ovirt-engine-dbscripts.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-extensions-api-impl.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-jboss-as.x86_64<br>
> > > 7.1.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-lib.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-restapi.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-sdk-python.noarch<br>
> > > 3.5.0.8-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-setup.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-setup-base.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-setup-plugin-ovirt-engine.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-setup-plugin-ovirt-engine-common.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-setup-plugin-websocket-proxy.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-tools.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-userportal.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-webadmin-portal.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > ovirt-engine-websocket-proxy.noarch<br>
> > > 3.5.0.1-1.el6 @ovirt-3.5<br>
> > > Available Packages<br>
> > > ovirt-engine-cli.noarch<br>
> > > 3.5.0.5-1.el6 ovirt-3.5<br>
> > > ovirt-engine-dwh.noarch<br>
> > > 3.5.0-1.el6 ovirt-3.5<br>
> > > ovirt-engine-dwh-setup.noarch<br>
> > > 3.5.0-1.el6 ovirt-3.5<br>
> > > ovirt-engine-extensions-api-impl-javadoc.noarch<br>
> > > 3.5.0.1-1.el6 ovirt-3.5<br>
> > > ovirt-engine-reports.noarch<br>
> > > 3.5.1-0.1.el6 ovirt-3.5<br>
> > > ovirt-engine-reports-setup.noarch<br>
> > > 3.5.1-0.1.el6 ovirt-3.5<br>
> > > ovirt-engine-sdk-java.noarch<br>
> > > 3.5.0.5-1.el6 ovirt-3.5<br>
> > > ovirt-engine-sdk-java-javadoc.noarch<br>
> > > 3.5.0.5-1.el6 ovirt-3.5<br>
> > > ovirt-engine-setup-plugin-allinone.noarch<br>
> > ><br>
> > > How can I get this package?<br>
> ><br>
> ><br>
> > Thanks for trying!<br>
> ><br>
> > Package is available at ovirt-3.5-snapshot[1].<br>
> ><br>
> > [1] <a href="http://resources.ovirt.org/pub/ovirt-3.5-snapshot/" target="_blank">http://resources.ovirt.org/pub/ovirt-3.5-snapshot/</a><br>
> ><br>
><br>
</div></div></blockquote></div><br></div>