----- Original Message -----
From: "Alexander Wels" <awels(a)redhat.com>
Sent: Friday, August 9, 2013 8:19:34 AM
On Thursday, August 08, 2013 09:10:33 PM Einav Cohen wrote:
> > ----- Original Message -----
> > From: "Dead Horse" <deadhorseconsulting(a)gmail.com>
> > Sent: Thursday, August 8, 2013 7:51:03 PM
> >
> > I verified the fix against current master with multiple installs and
> > browsers. Thanks guys!
> >
> > Fix verified to work with:
> > Firefox Version 22.0-1
> > Google Chrome Version 28.0.1500.95
> >
> > I still noted an odd issue with Firefox Version 17.0.8-1 (Current Firefox
> > EL6 Version).
> > The login into the user portal succeeds and a successful login is
> > logged,
> > however the login remains hung at the login dialog indefinitely.
> > Reloading the page and closing the browser does not change things.
> > Also removing ~/<username>/.mozilla and starting fresh results in the
> > same.
> > Can someone else check and verify similar oddness with EL6 Firefox.
>
> similar oddness was indeed encountered lately. Alexander (added) is
> currently investigating.
> @Alexander - can you please update on the investigation progress in this
> thread?
As noted this seems to only happen with FF 17 ESR, which is the current EL6
version. If I use firebug or attach a GWT debugger, the problem goes away.
Heck
if I compile GWT in draft mode the problem goes away. I did however make
some
progress yesterday in determining the cause. It seems to me that for some
reason revealDefaultPlace in the user portal is called multiple times and in
certain cases the second time the method is called it never finishes which
causes the behavior we are seeing.
Still no solution, but this is my top priority to get working.
many thanks for the update, Alexander.
this is a long shot, but it just occurred to me that recently the Message of
the day feature has been introduced to the user portal login page [1].
@Alexander - maybe worth investigating in that direction (i.e. if this patch
is reverted, does the problem go away?)
[1]
Alexander
> > - DHC
> >
> >
> > On Wed, Aug 7, 2013 at 1:50 PM, Dead Horse <
> > deadhorseconsulting(a)gmail.com
> > > wrote:
> >
> >
> >
> > I see the fix in Gerrit/GIT. Thanks guys! I will test and update results
> > tomorrow morning.
> > - DHC
> >
> >
> > On Wed, Aug 7, 2013 at 1:01 PM, Yair Zaslavsky < yzaslavs(a)redhat.com >
> > wrote:
> >
> >
> >
> >
> >
> > ----- Original Message -----
> >
> > > From: "Yair Zaslavsky" < yzaslavs(a)redhat.com >
> > > To: "Dead Horse" < deadhorseconsulting(a)gmail.com >
> > > Cc: "engine-devel" < engine-devel(a)ovirt.org >
> > > Sent: Wednesday, August 7, 2013 9:00:34 PM
> > > Subject: Re: [Engine-devel] users cannot log into userportal
> > >
> > >
> > >
> > > ----- Original Message -----
> > >
> > > > From: "Dead Horse" < deadhorseconsulting(a)gmail.com >
> > > > To: "Itamar Heim" < iheim(a)redhat.com >
> > > > Cc: "engine-devel" < engine-devel(a)ovirt.org >,
"Yair Zaslavsky"
> > > > < yzaslavs(a)redhat.com >
> > > > Sent: Wednesday, August 7, 2013 6:14:02 PM
> > > > Subject: Re: [Engine-devel] users cannot log into userportal
> > > >
> > > > BZ994604 (
https://bugzilla.redhat.com/show_bug.cgi?id=994604 ) has
> > > > been
> > > > opened.
> > > > - DHC
> > >
> > > Thanks for your help DHC,
> > > This was already fixed by rnori.
> >
> > Of course "already fixed" comparing with current time. This was
indeed a
> > real issue.
> >
> > > > On Wed, Aug 7, 2013 at 5:35 AM, Itamar Heim < iheim(a)redhat.com
>
wrote:
> > > > > On 08/07/2013 12:10 AM, Dead Horse wrote:
> > > > >> I have found some steps to reproduce this easily.
> > > > >>
> > > > >> Start the engine bound to an AD for authentication
> > > > >> log in to the user portal as an AD user which has been
granted a
> > > > >> Role
> > > > >> (I
> > > > >> used PowerUserRole)
> > > > >>
> > > > >> Result: Login will succeed
> > > > >> Data from engine.log:
> > > > >> 2013-08-06 15:54:10,088 INFO
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-10)
> > > > >> Running command: LoginUserCommand internal: false.
> > > > >> 2013-08-06 15:54:10,139 INFO
> > > > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > > > >> AuditLogDirector]
> > > > >> (ajp--127.0.0.1-8702-10) Correlation ID: 23c4709, Call
Stack:
> > > > >> null,
> > > > >> Custom Event ID: -1, Message: User ovirttest logged in.
> > > > >>
> > > > >> log out of the user portal
> > > > >> Result: log out succeeds
> > > > >> Data from engine.log:
> > > > >> 2013-08-06 15:54:12,448 INFO
> > > > >> [org.ovirt.engine.core.bll.**LogoutUserCommand]
> > > > >> (ajp--127.0.0.1-8702-2)
> > > > >> Running command: LogoutUserCommand internal: false.
> > > > >> 2013-08-06 15:54:12,474 INFO
> > > > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.**
> > > > >> AuditLogDirector]
> > > > >> (ajp--127.0.0.1-8702-2) Correlation ID: 52a89e7d, Call
Stack:
> > > > >> null,
> > > > >> Custom Event ID: -1, Message: User ovirttest logged out.
> > > > >>
> > > > >> As the same user log in to the user portal again but this
> > > > >> purposely
> > > > >> input the wrong password.
> > > > >> Result: log in will fail
> > > > >> Data from engine.log:
> > > > >> 2013-08-06 15:54:20,830 ERROR
> > > > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthenticat
> > > > >> ion**
> > > > >> Strategy]
> > > > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication
> > > > >> information
> > > > >> was invalid (24)
> > > > >> 2013-08-06 15:54:20,832 ERROR
> > > > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthenticat
> > > > >> ion**
> > > > >> Strategy]
> > > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify
the
> > > > >> username and password.
> > > > >> 2013-08-06 15:54:20,843 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > > > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > > > >> LDAP://foodc02.foo.test.com:**389 <
> > > > >>
http://foodc02.foo.test.com:389
> > > > >> >
> > > > >> <
> > > > >>
http://foodc02.foo.test.com:**389 <
> > > > >>
http://foodc02.foo.test.com:389
> > > > >> >>
> > > > >> using
> > > > >> user ovirttest(a)FOO.TEST.COM <mailto:
ovirttest(a)FOO.TEST.COM **>
> > > > >> due
> > > > >> to
> > > > >>
> > > > >> Authentication Failed. Please verify the username and
password..
> > > > >> We
> > > > >> should not try the next server
> > > > >> 2013-08-06 15:54:20,850 ERROR
> > > > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthenticat
> > > > >> ion**
> > > > >> Strategy]
> > > > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication
> > > > >> information
> > > > >> was invalid (24)
> > > > >> 2013-08-06 15:54:20,851 ERROR
> > > > >>
[org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthenticat
> > > > >> ion**
> > > > >> Strategy]
> > > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify
the
> > > > >> username and password.
> > > > >> 2013-08-06 15:54:20,852 ERROR
> > > > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher]
> > > > >> (ajp--127.0.0.1-8702-7) Failed ldap search server
> > > > >> LDAP://foodc01.foo.test.com:**389 <
> > > > >>
http://foodc01.foo.test.com:389
> > > > >> >
> > > > >> <
> > > > >>
http://foodc01.foo.test.com:**389 <
> > > > >>
http://foodc01.foo.test.com:389
> > > > >> >>
> > > > >> using
> > > > >> user ovirttest(a)FOO.TEST.COM <mailto:
ovirttest(a)FOO.TEST.COM **>
> > > > >> due
> > > > >> to
> > > > >>
> > > > >> Authentication Failed. Please verify the username and
password..
> > > > >> We
> > > > >> should not try the next server
> > > > >> 2013-08-06 15:54:20,853 ERROR
> > > > >>
[org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand
> > > > >> ]
> > > > >> (ajp--127.0.0.1-8702-7) Failed authenticating user:
ovirttest to
> > > > >> domain
> > > > >>
gso.med.ge.com <
http://gso.med.ge.com >. Ldap Query
Type is
> > > > >> getUserByName
> > > > >>
> > > > >> 2013-08-06 15:54:20,854 ERROR
> > > > >>
[org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand
> > > > >> ]
> > > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify
the
> > > > >> username and password.
> > > > >> 2013-08-06 15:54:20,855 ERROR
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-7)
> > > > >> USER_FAILED_TO_AUTHENTICATE_**WRONG_USERNAME_OR_PASSWORD :
> > > > >> ovirttest
> > > > >> 2013-08-06 15:54:20,856 WARN
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-7)
> > > > >> CanDoAction of action LoginUser failed.
> > > > >>
Reasons:USER_FAILED_TO_**AUTHENTICATE_WRONG_USERNAME_**OR_PASSWORD
> > > > >>
> > > > >> Try again to log in as the same user this time typing the
correct
> > > > >> password.
> > > > >> Result: Login fails!
> > > > >> Data from engine.log:
> > > > >> 2013-08-06 15:54:25,186 ERROR
> > > > >>
[org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand
> > > > >> ]
> > > > >> (ajp--127.0.0.1-8702-7) Failed authenticating user:
ovirttest to
> > > > >> domain
> > > > >>
gso.med.ge.com <
http://gso.med.ge.com >. Ldap Query
Type is
> > > > >> getUserByName
> > > > >>
> > > > >> 2013-08-06 15:54:25,187 ERROR
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-7)
> > > > >> USER_FAILED_TO_AUTHENTICATE : ovirttest
> > > > >> 2013-08-06 15:54:25,187 WARN
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-7)
> > > > >> CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_**
> > > > >> AUTHENTICATE
> > > > >>
> > > > >> Try again with another AD user.
> > > > >> Result: Login fails!
> > > > >> Data from engine.log:
> > > > >> 2013-08-06 15:54:38,056 ERROR
> > > > >>
[org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand
> > > > >> ]
> > > > >> (ajp--127.0.0.1-8702-5) Failed authenticating user:
ovirtadmin to
> > > > >> domain
> > > > >>
gso.med.ge.com <
http://gso.med.ge.com >. Ldap Query
Type is
> > > > >> getUserByName
> > > > >>
> > > > >> 2013-08-06 15:54:38,057 ERROR
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-5)
> > > > >> USER_FAILED_TO_AUTHENTICATE : ovirtadmin
> > > > >> 2013-08-06 15:54:38,058 WARN
> > > > >> [org.ovirt.engine.core.bll.**LoginUserCommand]
> > > > >> (ajp--127.0.0.1-8702-5)
> > > > >> CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_**
> > > > >> AUTHENTICATE
> > > > >>
> > > > >> Logging into the admin portal as the admin@internal user
will
> > > > >> yield
> > > > >> that
> > > > >> engine seems to have forgotten about and can no longer
enumerate
> > > > >> AD
> > > > >> users and groups.
> > > > >> engine stays in this state until it has been restarted.
> > > > >>
> > > > >> I also note the two following errors in the engine log file
as
> > > > >> well:
> > > > >> 2013-08-06 15:53:41,098 ERROR
> > > > >>
[org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils]
> > > > >> (MSC
> > > > >> service
> > > > >> thread 1-9) Could not parse option AutoRecoveryAllowedTypes
value.
> > > > >> 2013-08-06 15:53:41,161 ERROR
> > > > >>
[org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils]
> > > > >> (MSC
> > > > >> service
> > > > >> thread 1-9) Failed to decrypt value for property
> > > > >> AttestationTruststorePass will be used encrypted value:
> > > > >> javax.crypto.**BadPaddingException: Data must start with
zero
> > > > >>
> > > > >> - DHC
> > > > >>
> > > > >>
> > > > >>
> > > > >> On Tue, Aug 6, 2013 at 1:31 PM, Dead Horse
> > > > >> < deadhorseconsulting(a)gmail.com
> > > > >> <mailto: deadhorseconsulting@ **
gmail.com <
> > > > >> deadhorseconsulting(a)gmail.com >
> > > > >>
> > > > >>
> > > > >> wrote:
> > > > >>
> > > > >> Really attaching logs from other install.
> > > > >> - DHC
> > > > >>
> > > > >>
> > > > >> On Tue, Aug 6, 2013 at 1:30 PM, Dead Horse
> > > > >> < deadhorseconsulting(a)gmail.com
> > > > >> <mailto: deadhorseconsulting@ **
gmail.com <
> > > > >> deadhorseconsulting(a)gmail.com >>>
> > > > >> wrote:
> > > > >>
> > > > >> Also I note that he login does succeed in the AD servers
logs as
> > > > >> well as the engine also acknowledges the same. However the
login
> > > > >> ends up in either the user logging in and the dialog sitting
in
> > > > >> space forever and/or the engine no longer enumerating the
AD
> > > > >> users/groups.
> > > > >>
> > > > >> Attached are logs from another install seeing the same
thing.
> > > > >> -DHC
> > > > >>
> > > > >>
> > > > >> On Tue, Aug 6, 2013 at 1:20 PM, Dead Horse
> > > > >> < deadhorseconsulting(a)gmail.com
> > > > >> <mailto: deadhorseconsulting@ **
gmail.com <
> > > > >> deadhorseconsulting(a)gmail.com >>>
> > > > >> wrote:
> > > > >>
> > > > >>
> > > > >> Seeing and issue where users are not able to log in. Also
> > > > >> for some reason the engine is seemingly forgeting about AD
> > > > >> users. Removing the AD domain via engine-manage-domains and
> > > > >> re-adding it works for enumerating the users, however the
> > > > >> first attempt to login as a user results in the engine no
> > > > >> longer enumerating the users nor allowing logins.
> > > > >> Attached are the pertinent logs.
> > > > >>
> > > > >> Engine is built and running from current master as of this
> > > > >> morning, and was installed/built and upgraded via RPMs
> > > > >> yum/engine-upgrade
> > > > >>
> > > > >> - DHC
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >> ______________________________**_________________
> > > > >> Engine-devel mailing list
> > > > >> Engine-devel(a)ovirt.org
> > > > >>
http://lists.ovirt.org/**mailman/listinfo/engine-devel <
> > > > >>
http://lists.ovirt.org/mailman/listinfo/engine-devel >
> > > > >
> > > > > thanks for reproducing with such clear steps. can you please
open a
> > > > > bug?
> > > > > yair - can you try and reproduce as well (I tried on an older
rhev
> > > > > 3.2
> > > > > i
> > > > > have and couldn't with the IPA provider)
> > >
> > > _______________________________________________
> > > Engine-devel mailing list
> > > Engine-devel(a)ovirt.org
> > >
http://lists.ovirt.org/mailman/listinfo/engine-devel
> >
> > _______________________________________________
> > Engine-devel mailing list
> > Engine-devel(a)ovirt.org
> >
http://lists.ovirt.org/mailman/listinfo/engine-devel