Re: [ovirt-users] Can not configure with simple LDAP.

----- Original Message ----- > From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; > To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; > Cc: users(a)ovirt.org > Sent: Monday, October 6, 2014 3:40:05 PM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > Alon, > > Thanks, the ovirt-engine-extension-aaa-ldap was updated successfully. > and then I restarted my ovirt-engine. > > I tried the following: > > 1) Login to the User Portal using LDAP account "tani". > Failed. (it was able to login before doing update.) > > 2) Then deleting the LDAP account "tani" from admin portal. > > 3) Tried to add new account "tani" again. > I selected "rxc05271.com (authz-company)" instead of "internal (internal)" > but "Go" bottun is hidden. > > What should I do next? it probably means that the engine cannot interact with the ldap. can you see any error message during engine startup that related? can you stop engine remove engine.log start engine and send me the engine.log? > Regards, > Fumihide Tani > > (2014/10/06 20:39), Alon Bar-Lev wrote: >> ----- Original Message ----- >>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>> Cc: users(a)ovirt.org >>> Sent: Monday, October 6, 2014 2:36:38 PM >>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>> >>> Hi, Alon >>> >>> I can not update the ovirt-engine-extension-aaa-ldap.noarch >>> 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the one you specified. >>> Is it still not exist in ovirt-3.5-pre repo? >> right, they are at snapshots. >> you can take the extension rpm and only update it. >> >> yum localupdate >> http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-en... >> >>> Regards, >>> Fumihide Tani >>> >>> (2014/10/06 17:07), Alon Bar-Lev wrote: >>>> Hello Fumihide, >>>> >>>> I pushed a significant change into ldap package, in some cases it will >>>> provide better response times. >>>> The change is within group resolution. >>>> I wounder if you can test it, should be at least >>>> ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d. >>>> >>>> Regards, >>>> Alon Bar-Lev. >>>> >>>> ----- Original Message ----- >>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>> Cc: users(a)ovirt.org >>>>> Sent: Thursday, September 25, 2014 4:41:09 PM >>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>> >>>>> Hi, Alon, >>>>> >>>>> Without waiting until the weekend, >>>>> I have finished the flesh install of the oVirt 3.5 RC3 today. >>>>> As a result, with same AAA settings, >>>>> My OpenLDAP's users became possible to login to the Web User Portal now. >>>>> Yes, RC3 is good for integrating with newest OpenLDAP 2.4.23, RC2 is >>>>> not. >>>>> >>>>> Very much thanks, >>>>> Fumihide Tani >>>>> >>>>> (2014/09/25 7:27), Alon Bar-Lev wrote: >>>>>> This is severe, the upgrade is not working properly you have issues >>>>>> with >>>>>> accessing database. >>>>>> If database is not important I suggest a fresh install, run >>>>>> engine-cleanup >>>>>> then engine-setup. >>>>>> If database is important please forward this to devel mailing list for >>>>>> someone to help, regardless of LDAP. >>>>>> Regards, >>>>>> Alon >>>>>> >>>>>> >>>>>> 4-09-25 00:36:08,389 ERROR >>>>>> [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] >>>>>> (DefaultQuartzScheduler_Worker-7) ArrayIndexOutOfBoundsException: 1: >>>>>> java.lang.ArrayIndexOutOfBoundsException: 1 >>>>>> at >>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208) >>>>>> [dal.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20) >>>>>> [dal.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184) >>>>>> [dal.jar:] >>>>>> at >>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168) >>>>>> [dal.jar:] >>>>>> >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>> Sent: Wednesday, September 24, 2014 6:40:58 PM >>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>> >>>>>>> Result of running engine-setup: >>>>>>> [root@ovirt ~]# yum list installed|grep ovirt-engine >>>>>>> ovirt-engine.noarch 3.5.0-0.0.master.20140923231936.git42065cc.el6 >>>>>>> >>>>>>> Yes, engine is updated to newest one.! >>>>>>> >>>>>>> But I still continued failing to login. >>>>>>> engine.log attached. >>>>>>> >>>>>>> Very thanks, >>>>>>> >>>>>>> (2014/09/24 23:59), Alon Bar-Lev wrote: >>>>>>>> you probably need to run engine-setup >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>> Sent: Wednesday, September 24, 2014 4:59:22 PM >>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>> >>>>>>>>> Oops! >>>>>>>>> # yum list installed | grep ovirt-engine >>>>>>>>> ovirt-engine.noarch 3.5.0-0.0.master.20140821064931.gitb794d66.el6 >>>>>>>>> (snip) >>>>>>>>> ..... >>>>>>>>> >>>>>>>>> Many ovirt-3.5-* modules are updated by yum today but engine is not. >>>>>>>>> Why not updated to RC3?? >>>>>>>>> >>>>>>>>> >>>>>>>>> (2014/09/24 22:42), Alon Bar-Lev wrote: >>>>>>>>>> Unless I am missing something, you run old engine: >>>>>>>>>> >>>>>>>>>> 2014-09-24 22:16:24,136 INFO [org.ovirt.engine.core.bll.Backend] >>>>>>>>>> (MSC >>>>>>>>>> service thread 1-12) Running ovirt-engine >>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:21:09 PM >>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>> >>>>>>>>>>> Attached engine.log with "FINEST" >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> >>>>>>>>>>> (2014/09/24 21:32), Alon Bar-Lev wrote: >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>> Cc: users(a)ovirt.org >>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 3:24:23 PM >>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>>>> >>>>>>>>>>>>> Hi, Alon, >>>>>>>>>>>>> >>>>>>>>>>>>> I have updated the oVirt 3.5 RC2 to the newest RC3 today. >>>>>>>>>>>>> >>>>>>>>>>>>> From my CentOS6.5 based oVirt Engine server and the oVirt >>>>>>>>>>>>> Host >>>>>>>>>>>>> server, >>>>>>>>>>>>> # yum clean all >>>>>>>>>>>>> # yum update >>>>>>>>>>>>> Then rebooted these servers. >>>>>>>>>>>>> >>>>>>>>>>>>> But my LDAP problem is continued and same result as before. >>>>>>>>>>>>> >>>>>>>>>>>>> When I login to the oVirt User Portal, >>>>>>>>>>>>> User Name: tani >>>>>>>>>>>>> Password: (OpenLDAP's userPassword) >>>>>>>>>>>>> Domain: rxc05271.com >>>>>>>>>>>>> >>>>>>>>>>>>> UI displays "General command validation failure." >>>>>>>>>>>>> >>>>>>>>>>>>> Please advice. >>>>>>>>>>>> Hopefully I can if you provide log... :) >>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Fumihide Tani >>>>>>>>>>>>> >>>>>>>>>>>>> (2014/09/22 22:20), Alon Bar-Lev wrote: >>>>>>>>>>>>>> The version of engine you are using is probably out of date and >>>>>>>>>>>>>> unsynced >>>>>>>>>>>>>> with latest ldap package (20140821064931). >>>>>>>>>>>>>> Please make sure you take latest from[1] >>>>>>>>>>>>>> Thanks! >>>>>>>>>>>>>> >>>>>>>>>>>>>> [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/ >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>>>> Cc: users(a)ovirt.org >>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:42:52 PM >>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi, Alon, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Your requested engine.log attached. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Also, I tried to login to web user portal by "tani" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> User Name: tani >>>>>>>>>>>>>>> Password: (OpenLDAP userPassword) >>>>>>>>>>>>>>> Domain: rxc05271.com >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> cause: "General command validation failure." >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Attated log includes login by "Fumihide" first, "tani" second. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Very thanks, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> (2014/09/22 21:24), Alon Bar-Lev wrote: >>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>>>>>> Cc: users(a)ovirt.org >>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:06:39 PM >>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple >>>>>>>>>>>>>>>>> LDAP. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Sorry, I misunderstood. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> This is outputs after LDAP user logged in. >>>>>>>>>>>>>>>> Please attach log as files, not inline, easier to handle. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 2014-09-22 21:01:32,638 DEBUG >>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] >>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) >>>>>>>>>>>>>>>> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', >>>>>>>>>>>>>>>> scope=SUB, >>>>>>>>>>>>>>>> deref=NEVER, sizeLimit=0, timeLimit=0, >>>>>>>>>>>>>>>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', >>>>>>>>>>>>>>>> attrs={entryUUID, >>>>>>>>>>>>>>>> uid, displayName, memberOf, department, givenName, sn, title, >>>>>>>>>>>>>>>> mail}, >>>>>>>>>>>>>>>> controls={SimplePagedResultsControl(pageSize=100, >>>>>>>>>>>>>>>> isCritical=false)}) >>>>>>>>>>>>>>>> 2014-09-22 21:01:32,640 DEBUG >>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] >>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) >>>>>>>>>>>>>>>> SearchResult: SearchResult(resultCode=0 (success), >>>>>>>>>>>>>>>> messageID=3, >>>>>>>>>>>>>>>> entriesReturned=0, referencesReturned=0, >>>>>>>>>>>>>>>> responseControls={SimplePagedResultsControl(pageSize=0, >>>>>>>>>>>>>>>> isCritical=false)}) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >From the above I see that a search was issued: >>>>>>>>>>>>>>>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide) >>>>>>>>>>>>>>>> And no result returned. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Per previous output: >>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>> # tani, Users, rxc05271.com >>>>>>>>>>>>>>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com >>>>>>>>>>>>>>>> objectClass: inetOrgPerson >>>>>>>>>>>>>>>> objectClass: uidObject >>>>>>>>>>>>>>>> uid: tani >>>>>>>>>>>>>>>> cn: Fumihide Tani >>>>>>>>>>>>>>>> givenName: Fumihide >>>>>>>>>>>>>>>> mail: tani(a)rxc05271.com >>>>>>>>>>>>>>>> sn: Tani >>>>>>>>>>>>>>>> userPassword:: a3VtaXRhbg== >>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Your user name is tani and not Fumihide. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Alon >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>> > >