> ----- Original Message -----
> From: "Alexander Wels" <awels(a)redhat.com>
> Sent: Friday, August 9, 2013 8:19:34 AM
>
> On Thursday, August 08, 2013 09:10:33 PM Einav Cohen wrote:
> > > ----- Original Message -----
> > > From: "Dead Horse" <deadhorseconsulting(a)gmail.com>
> > > Sent: Thursday, August 8, 2013 7:51:03 PM
> > >
> > > I verified the fix against current master with multiple installs and
> > > browsers. Thanks guys!
> > >
> > > Fix verified to work with:
> > > Firefox Version 22.0-1
> > > Google Chrome Version 28.0.1500.95
> > >
> > > I still noted an odd issue with Firefox Version 17.0.8-1 (Current
> > > Firefox
> > > EL6 Version).
> > > The login into the user portal succeeds and a successful login is
> > > logged,
> > > however the login remains hung at the login dialog indefinitely.
> > > Reloading the page and closing the browser does not change things.
> > > Also removing ~/<username>/.mozilla and starting fresh results in
the
> > > same.
> > > Can someone else check and verify similar oddness with EL6 Firefox.
> >
> > similar oddness was indeed encountered lately. Alexander (added) is
> > currently investigating.
> > @Alexander - can you please update on the investigation progress in this
> > thread?
>
> As noted this seems to only happen with FF 17 ESR, which is the current
> EL6
> version. If I use firebug or attach a GWT debugger, the problem goes away.
> Heck
> if I compile GWT in draft mode the problem goes away. I did however make
> some
> progress yesterday in determining the cause. It seems to me that for some
> reason revealDefaultPlace in the user portal is called multiple times and
> in certain cases the second time the method is called it never finishes
> which causes the behavior we are seeing.
>
> Still no solution, but this is my top priority to get working.
many thanks for the update, Alexander.
this is a long shot, but it just occurred to me that recently the Message of
the day feature has been introduced to the user portal login page [1].
@Alexander - maybe worth investigating in that direction (i.e. if this
patch is reverted, does the problem go away?)
[1]
http://gerrit.ovirt.org/#/c/17545/
I reversed that patch, but it had no effect on the problem. It did make the
weird looking box underneath the login box go away, so at least I know where
that came from.
> Alexander
>
> > > - DHC
> > >
> > >
> > > On Wed, Aug 7, 2013 at 1:50 PM, Dead Horse <
> > > deadhorseconsulting(a)gmail.com
> > >
> > > > wrote:
> > > I see the fix in Gerrit/GIT. Thanks guys! I will test and update
> > > results
> > > tomorrow morning.
> > > - DHC
> > >
> > >
> > > On Wed, Aug 7, 2013 at 1:01 PM, Yair Zaslavsky < yzaslavs(a)redhat.com
>
> > > wrote:
> > >
> > >
> > >
> > >
> > >
> > > ----- Original Message -----
> > >
> > > > From: "Yair Zaslavsky" < yzaslavs(a)redhat.com >
> > > > To: "Dead Horse" < deadhorseconsulting(a)gmail.com >
> > > > Cc: "engine-devel" < engine-devel(a)ovirt.org >
> > > > Sent: Wednesday, August 7, 2013 9:00:34 PM
> > > > Subject: Re: [Engine-devel] users cannot log into userportal
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > >
> > > > > From: "Dead Horse" < deadhorseconsulting(a)gmail.com
>
> > > > > To: "Itamar Heim" < iheim(a)redhat.com >
> > > > > Cc: "engine-devel" < engine-devel(a)ovirt.org >,
"Yair Zaslavsky"
> > > > > < yzaslavs(a)redhat.com >
> > > > > Sent: Wednesday, August 7, 2013 6:14:02 PM
> > > > > Subject: Re: [Engine-devel] users cannot log into userportal
> > > > >
> > > > > BZ994604 (
https://bugzilla.redhat.com/show_bug.cgi?id=994604 )
> > > > > has
> > > > > been
> > > > > opened.
> > > > > - DHC
> > > >
> > > > Thanks for your help DHC,
> > > > This was already fixed by rnori.
> > >
> > > Of course "already fixed" comparing with current time. This was
indeed
> > > a
> > > real issue.
> > >
> > > > > On Wed, Aug 7, 2013 at 5:35 AM, Itamar Heim <
iheim(a)redhat.com >
>
> wrote:
> > > > > > On 08/07/2013 12:10 AM, Dead Horse wrote:
> > > > > >> I have found some steps to reproduce this easily.
> > > > > >>
> > > > > >> Start the engine bound to an AD for authentication
> > > > > >> log in to the user portal as an AD user which has been
granted
> > > > > >> a
> > > > > >> Role
> > > > > >> (I
> > > > > >> used PowerUserRole)
> > > > > >>
> > > > > >> Result: Login will succeed
> > > > > >> Data from engine.log:
> > > > > >> 2013-08-06 15:54:10,088 INFO
> > > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > > >> (ajp--127.0.0.1-8702-10)
> > > > > >> Running command: LoginUserCommand internal: false.
> > > > > >> 2013-08-06 15:54:10,139 INFO
> > > > > >>
[org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > > > > >> AuditLogDirector]
> > > > > >> (ajp--127.0.0.1-8702-10) Correlation ID: 23c4709, Call
Stack:
> > > > > >> null,
> > > > > >> Custom Event ID: -1, Message: User ovirttest logged
in.
> > > > > >>
> > > > > >> log out of the user portal
> > > > > >> Result: log out succeeds
> > > > > >> Data from engine.log:
> > > > > >> 2013-08-06 15:54:12,448 INFO
> > > > > >> [org.ovirt.engine.core.bll.**LogoutUserCommand]
> > > > > >> (ajp--127.0.0.1-8702-2)
> > > > > >> Running command: LogoutUserCommand internal: false.
> > > > > >> 2013-08-06 15:54:12,474 INFO
> > > > > >>
[org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > > > > >> AuditLogDirector]
> > > > > >> (ajp--127.0.0.1-8702-2) Correlation ID: 52a89e7d, Call
Stack:
> > > > > >> null,
> > > > > >> Custom Event ID: -1, Message: User ovirttest logged
out.
> > > > > >>
> > > > > >> As the same user log in to the user portal again but
this
> > > > > >> purposely
> > > > > >> input the wrong password.
> > > > > >> Result: log in will fail
> > > > > >> Data from engine.log:
> > > > > >> 2013-08-06 15:54:20,830 ERROR
> > > > > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthent
> > > > > >> icat
> > > > > >> ion**
> > > > > >> Strategy]
> > > > > >> (ajp--127.0.0.1-8702-7) Kerberos error:
Pre-authentication
> > > > > >> information
> > > > > >> was invalid (24)
> > > > > >> 2013-08-06 15:54:20,832 ERROR
> > > > > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthent
> > > > > >> icat
> > > > > >> ion**
> > > > > >> Strategy]
> > > > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please
verify
> > > > > >> the
> > > > > >> username and password.
> > > > > >> 2013-08-06 15:54:20,843 ERROR
> > > > > >>
[org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > > > > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > > > > >> LDAP://foodc02.foo.test.com:**389 <
> > > > > >>
http://foodc02.foo.test.com:389
> > > > > >>
> > > > > >> <
> > > > > >>
http://foodc02.foo.test.com:**389 <
> > > > > >>
http://foodc02.foo.test.com:389
> > > > > >>
> > > > > >> using
> > > > > >> user ovirttest(a)FOO.TEST.COM <mailto:
ovirttest(a)FOO.TEST.COM **>
> > > > > >> due
> > > > > >> to
> > > > > >>
> > > > > >> Authentication Failed. Please verify the username and
> > > > > >> password..
> > > > > >> We
> > > > > >> should not try the next server
> > > > > >> 2013-08-06 15:54:20,850 ERROR
> > > > > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthent
> > > > > >> icat
> > > > > >> ion**
> > > > > >> Strategy]
> > > > > >> (ajp--127.0.0.1-8702-7) Kerberos error:
Pre-authentication
> > > > > >> information
> > > > > >> was invalid (24)
> > > > > >> 2013-08-06 15:54:20,851 ERROR
> > > > > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthent
> > > > > >> icat
> > > > > >> ion**
> > > > > >> Strategy]
> > > > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please
verify
> > > > > >> the
> > > > > >> username and password.
> > > > > >> 2013-08-06 15:54:20,852 ERROR
> > > > > >>
[org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > > > > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > > > > >> LDAP://foodc01.foo.test.com:**389 <
> > > > > >>
http://foodc01.foo.test.com:389
> > > > > >>
> > > > > >> <
> > > > > >>
http://foodc01.foo.test.com:**389 <
> > > > > >>
http://foodc01.foo.test.com:389
> > > > > >>
> > > > > >> using
> > > > > >> user ovirttest(a)FOO.TEST.COM <mailto:
ovirttest(a)FOO.TEST.COM **>
> > > > > >> due
> > > > > >> to
> > > > > >>
> > > > > >> Authentication Failed. Please verify the username and
> > > > > >> password..
> > > > > >> We
> > > > > >> should not try the next server
> > > > > >> 2013-08-06 15:54:20,853 ERROR
> > > > > >>
[org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCom
> > > > > >> mand
> > > > > >> ]
> > > > > >> (ajp--127.0.0.1-8702-7) Failed authenticating user:
ovirttest
> > > > > >> to
> > > > > >> domain
> > > > > >>
gso.med.ge.com <
http://gso.med.ge.com >. Ldap
Query Type is
> > > > > >> getUserByName
> > > > > >>
> > > > > >> 2013-08-06 15:54:20,854 ERROR
> > > > > >>
[org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCom
> > > > > >> mand
> > > > > >> ]
> > > > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please
verify
> > > > > >> the
> > > > > >> username and password.
> > > > > >> 2013-08-06 15:54:20,855 ERROR
> > > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > > >> (ajp--127.0.0.1-8702-7)
> > > > > >>
USER_FAILED_TO_AUTHENTICATE_**WRONG_USERNAME_OR_PASSWORD :
> > > > > >> ovirttest
> > > > > >> 2013-08-06 15:54:20,856 WARN
> > > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > > >> (ajp--127.0.0.1-8702-7)
> > > > > >> CanDoAction of action LoginUser failed.
> > > > > >>
Reasons:USER_FAILED_TO_**AUTHENTICATE_WRONG_USERNAME_**OR_PASSW
> > > > > >> ORD
> > > > > >>
> > > > > >> Try again to log in as the same user this time typing
the
> > > > > >> correct
> > > > > >> password.
> > > > > >> Result: Login fails!
> > > > > >> Data from engine.log:
> > > > > >> 2013-08-06 15:54:25,186 ERROR
> > > > > >>
[org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCom
> > > > > >> mand
> > > > > >> ]
> > > > > >> (ajp--127.0.0.1-8702-7) Failed authenticating user:
ovirttest
> > > > > >> to
> > > > > >> domain
> > > > > >>
gso.med.ge.com <
http://gso.med.ge.com >. Ldap
Query Type is
> > > > > >> getUserByName
> > > > > >>
> > > > > >> 2013-08-06 15:54:25,187 ERROR
> > > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > > >> (ajp--127.0.0.1-8702-7)
> > > > > >> USER_FAILED_TO_AUTHENTICATE : ovirttest
> > > > > >> 2013-08-06 15:54:25,187 WARN
> > > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > > >> (ajp--127.0.0.1-8702-7)
> > > > > >> CanDoAction of action LoginUser failed.
> > > > > >> Reasons:USER_FAILED_TO_**
> > > > > >> AUTHENTICATE
> > > > > >>
> > > > > >> Try again with another AD user.
> > > > > >> Result: Login fails!
> > > > > >> Data from engine.log:
> > > > > >> 2013-08-06 15:54:38,056 ERROR
> > > > > >>
[org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCom
> > > > > >> mand
> > > > > >> ]
> > > > > >> (ajp--127.0.0.1-8702-5) Failed authenticating user:
ovirtadmin
> > > > > >> to
> > > > > >> domain
> > > > > >>
gso.med.ge.com <
http://gso.med.ge.com >. Ldap
Query Type is
> > > > > >> getUserByName
> > > > > >>
> > > > > >> 2013-08-06 15:54:38,057 ERROR
> > > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > > >> (ajp--127.0.0.1-8702-5)
> > > > > >> USER_FAILED_TO_AUTHENTICATE : ovirtadmin
> > > > > >> 2013-08-06 15:54:38,058 WARN
> > > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > > >> (ajp--127.0.0.1-8702-5)
> > > > > >> CanDoAction of action LoginUser failed.
> > > > > >> Reasons:USER_FAILED_TO_**
> > > > > >> AUTHENTICATE
> > > > > >>
> > > > > >> Logging into the admin portal as the admin@internal
user will
> > > > > >> yield
> > > > > >> that
> > > > > >> engine seems to have forgotten about and can no longer
> > > > > >> enumerate
> > > > > >> AD
> > > > > >> users and groups.
> > > > > >> engine stays in this state until it has been
restarted.
> > > > > >>
> > > > > >> I also note the two following errors in the engine log
file as
> > > > > >> well:
> > > > > >> 2013-08-06 15:53:41,098 ERROR
> > > > > >>
[org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils]
> > > > > >> (MSC
> > > > > >> service
> > > > > >> thread 1-9) Could not parse option
AutoRecoveryAllowedTypes
> > > > > >> value.
> > > > > >> 2013-08-06 15:53:41,161 ERROR
> > > > > >>
[org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils]
> > > > > >> (MSC
> > > > > >> service
> > > > > >> thread 1-9) Failed to decrypt value for property
> > > > > >> AttestationTruststorePass will be used encrypted
value:
> > > > > >> javax.crypto.**BadPaddingException: Data must start
with zero
> > > > > >>
> > > > > >> - DHC
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> On Tue, Aug 6, 2013 at 1:31 PM, Dead Horse
> > > > > >> < deadhorseconsulting(a)gmail.com
> > > > > >> <mailto: deadhorseconsulting@ **
gmail.com <
> > > > > >> deadhorseconsulting(a)gmail.com >
> > > > > >>
> > > > > >>
> > > > > >> wrote:
> > > > > >>
> > > > > >> Really attaching logs from other install.
> > > > > >> - DHC
> > > > > >>
> > > > > >>
> > > > > >> On Tue, Aug 6, 2013 at 1:30 PM, Dead Horse
> > > > > >> < deadhorseconsulting(a)gmail.com
> > > > > >> <mailto: deadhorseconsulting@ **
gmail.com <
> > > > > >> deadhorseconsulting(a)gmail.com >>>
> > > > > >> wrote:
> > > > > >>
> > > > > >> Also I note that he login does succeed in the AD
servers logs
> > > > > >> as
> > > > > >> well as the engine also acknowledges the same. However
the
> > > > > >> login
> > > > > >> ends up in either the user logging in and the dialog
sitting in
> > > > > >> space forever and/or the engine no longer enumerating
the AD
> > > > > >> users/groups.
> > > > > >>
> > > > > >> Attached are logs from another install seeing the same
thing.
> > > > > >> -DHC
> > > > > >>
> > > > > >>
> > > > > >> On Tue, Aug 6, 2013 at 1:20 PM, Dead Horse
> > > > > >> < deadhorseconsulting(a)gmail.com
> > > > > >> <mailto: deadhorseconsulting@ **
gmail.com <
> > > > > >> deadhorseconsulting(a)gmail.com >>>
> > > > > >> wrote:
> > > > > >>
> > > > > >>
> > > > > >> Seeing and issue where users are not able to log in.
Also
> > > > > >> for some reason the engine is seemingly forgeting about
AD
> > > > > >> users. Removing the AD domain via engine-manage-domains
and
> > > > > >> re-adding it works for enumerating the users, however
the
> > > > > >> first attempt to login as a user results in the engine
no
> > > > > >> longer enumerating the users nor allowing logins.
> > > > > >> Attached are the pertinent logs.
> > > > > >>
> > > > > >> Engine is built and running from current master as of
this
> > > > > >> morning, and was installed/built and upgraded via RPMs
> > > > > >> yum/engine-upgrade
> > > > > >>
> > > > > >> - DHC
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> ______________________________**_________________
> > > > > >> Engine-devel mailing list
> > > > > >> Engine-devel(a)ovirt.org
> > > > > >>
http://lists.ovirt.org/**mailman/listinfo/engine-devel
<
> > > > > >>
http://lists.ovirt.org/mailman/listinfo/engine-devel
>
> > > > > >
> > > > > > thanks for reproducing with such clear steps. can you
please
> > > > > > open a
> > > > > > bug?
> > > > > > yair - can you try and reproduce as well (I tried on an
older
> > > > > > rhev
> > > > > > 3.2
> > > > > > i
> > > > > > have and couldn't with the IPA provider)
> > > >
> > > > _______________________________________________
> > > > Engine-devel mailing list
> > > > Engine-devel(a)ovirt.org
> > > >
http://lists.ovirt.org/mailman/listinfo/engine-devel
> > >
> > > _______________________________________________
> > > Engine-devel mailing list
> > > Engine-devel(a)ovirt.org
> > >
http://lists.ovirt.org/mailman/listinfo/engine-devel