[ovirt-users] ovirt-engine-extension-aaa-ldap-setup failed

in the ovirt-engine-extension-aaa-ldap-setup i try to login to the ldap user but it show CREDENTIALS_INVALID ,put if i make search option it will show successful : the question is how to make login successfully ? [root@ovirt_engine home]# ovirt-engine-extension-aaa-ldap-setup [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packa ging.conf'] Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20180924120156-wutrcv.log Version: otopi-1.7.8 (otopi-1.7.8-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment customization Welcome to LDAP extension configuration program Available LDAP implementations: 1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IBM Security Directory Server 5 - IBM Security Directory Server RFC-2307 Schema 6 - IPA 7 - Novell eDirectory RFC-2307 Schema 8 - OpenLDAP RFC-2307 Schema 9 - OpenLDAP Standard Schema 10 - Oracle Unified Directory RFC-2307 Schema 11 - RFC-2307 Schema (Generic) 12 - RHDS 13 - RHDS RFC-2307 Schema 14 - iPlanet Please select: 9 NOTE: It is highly recommended to use DNS resolution for LDAP server. If for some reason you intend to use hosts or plain address disable DNS usage. Use DNS (Yes, No) [Yes]: Available policy method: 1 - Single server 2 - DNS domain LDAP SRV record 3 - Round-robin between multiple hosts 4 - Failover between multiple hosts Please select: 1 Please enter host address: ldap23.exalt.ps [ INFO ] Trying to resolve host 'ldap23.exalt.ps' NOTE: It is highly recommended to use secure protocol to access the LDAP server. Protocol startTLS is the standard recommended method to do so. Only in cases in which the startTLS is not supported, fallback to non standard ld aps protocol. Use plain for test environments only. Please select protocol to use (startTLS, ldaps, plain) [startTLS]: ldaps Please select method to obtain PEM encoded CA certificate (File, URL, Inline, Sys tem, Insecure): file File path: /home/server.pem [ INFO ] Connecting to LDAP using 'ldaps://ldap23.exalt.ps:636' [ INFO ] Connection succeeded Enter search user DN (for example uid=username,dc=example,dc=com or leave empty f or anonymous): cn=admin,dc=exalt,dc=ps Enter search user password: [ INFO ] Attempting to bind using 'cn=admin,dc=exalt,dc=ps' Please enter base DN (dc=exalt,dc=ps) [dc=exalt,dc=ps]: Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: no Please specify profile name that will be visible to users [ldap23.exalt.ps]: [ INFO ] Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before applying it into engine. Login sequence is executed automatically, but it is recommended to also execute S earch sequence manually after successful Login sequence. Please provide credentials to test login flow: Enter user name: taha Enter user password: [ INFO ] Executing login sequence... Login output: 2018-09-24 12:03:10,832+03 INFO ============================================== ========================== 2018-09-24 12:03:10,851+03 INFO ============================ Initialization == ========================== 2018-09-24 12:03:10,851+03 INFO ============================================== ========================== 2018-09-24 12:03:10,879+03 INFO Loading extension 'ldap23.exalt.ps-authn' 2018-09-24 12:03:10,930+03 INFO Extension 'ldap23.exalt.ps-authn' loaded 2018-09-24 12:03:10,934+03 INFO Loading extension 'ldap23.exalt.ps-authz' 2018-09-24 12:03:10,943+03 INFO Extension 'ldap23.exalt.ps-authz' loaded 2018-09-24 12:03:10,943+03 INFO Initializing extension 'ldap23.exalt.ps-authn' 2018-09-24 12:03:10,944+03 INFO [ovirt-engine-extension-aaa-ldap.authn::ldap23 .exalt.ps-authn] Creating LDAP pool 'authz' 2018-09-24 12:03:11,472+03 INFO [ovirt-engine-extension-aaa-ldap.authn::ldap23 .exalt.ps-authn] LDAP pool 'authz' information: vendor='null' version='null' 2018-09-24 12:03:11,473+03 INFO [ovirt-engine-extension-aaa-ldap.authn::ldap23 .exalt.ps-authn] Creating LDAP pool 'authn' 2018-09-24 12:03:11,745+03 INFO [ovirt-engine-extension-aaa-ldap.authn::ldap23 .exalt.ps-authn] LDAP pool 'authn' information: vendor='null' version='null' 2018-09-24 12:03:11,745+03 INFO Extension 'ldap23.exalt.ps-authn' initialized 2018-09-24 12:03:11,746+03 INFO Initializing extension 'ldap23.exalt.ps-authz' 2018-09-24 12:03:11,746+03 INFO [ovirt-engine-extension-aaa-ldap.authz::ldap23 .exalt.ps-authz] Creating LDAP pool 'authz' 2018-09-24 12:03:12,076+03 INFO [ovirt-engine-extension-aaa-ldap.authz::ldap23 .exalt.ps-authz] LDAP pool 'authz' information: vendor='null' version='null' 2018-09-24 12:03:12,077+03 INFO [ovirt-engine-extension-aaa-ldap.authz::ldap23 .exalt.ps-authz] Available Namespaces: [dc=exalt,dc=ps] 2018-09-24 12:03:12,077+03 INFO Extension 'ldap23.exalt.ps-authz' initialized 2018-09-24 12:03:12,078+03 INFO Start of enabled extensions list 2018-09-24 12:03:12,078+03 INFO Instance name: 'ldap23.exalt.ps-authn', Extens ion name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www. ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpDADej Q/extensions.d/ldap23.exalt.ps-authn.properties', Initialized: 'true' 2018-09-24 12:03:12,078+03 INFO Instance name: 'ldap23.exalt.ps-authz', Extens ion name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www. ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpDADej Q/extensions.d/ldap23.exalt.ps-authz.properties', Initialized: 'true' 2018-09-24 12:03:12,078+03 INFO End of enabled extensions list 2018-09-24 12:03:12,079+03 INFO ============================================== ========================== 2018-09-24 12:03:12,079+03 INFO ============================== Execution ===== ========================== 2018-09-24 12:03:12,079+03 INFO ============================================== ========================== 2018-09-24 12:03:12,079+03 INFO Iteration: 0 2018-09-24 12:03:12,080+03 INFO Profile='ldap23.exalt.ps' authn='ldap23.exalt. ps-authn' authz='ldap23.exalt.ps-authz' mapping='null' 2018-09-24 12:03:12,080+03 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CRED ENTIALS profile='ldap23.exalt.ps' user='taha' 2018-09-24 12:03:12,122+03 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CRED ENTIALS profile='ldap23.exalt.ps' result=CREDENTIALS_INVALID 2018-09-24 12:03:12,126+03 SEVERE Authn.Result code is: CREDENTIALS_INVALID [ ERROR ] Login sequence failed Please investigate details of the failure (search for lines containing SEVERE log level). Select test sequence to execute (Done, Abort, Login, Search) [Abort]: search Please provide parameters for Search sequence: Select entity to search (Principal, Group) [Principal]: Term to search, trailing '*' is allowed: * Resolve Groups (Yes, No) [No]: [ INFO ] Executing search sequence... Login output: 2018-09-24 12:03:27,952+03 INFO ============================================== ========================== 2018-09-24 12:03:27,970+03 INFO ============================ Initialization == ========================== 2018-09-24 12:03:27,970+03 INFO ============================================== ========================== 2018-09-24 12:03:27,997+03 INFO Loading extension 'ldap23.exalt.ps-authn' 2018-09-24 12:03:28,049+03 INFO Extension 'ldap23.exalt.ps-authn' loaded 2018-09-24 12:03:28,053+03 INFO Loading extension 'ldap23.exalt.ps-authz' 2018-09-24 12:03:28,061+03 INFO Extension 'ldap23.exalt.ps-authz' loaded 2018-09-24 12:03:28,062+03 INFO Initializing extension 'ldap23.exalt.ps-authn' 2018-09-24 12:03:28,062+03 INFO [ovirt-engine-extension-aaa-ldap.authn::ldap23 .exalt.ps-authn] Creating LDAP pool 'authz' 2018-09-24 12:03:28,508+03 INFO [ovirt-engine-extension-aaa-ldap.authn::ldap23 .exalt.ps-authn] LDAP pool 'authz' information: vendor='null' version='null' 2018-09-24 12:03:28,509+03 INFO [ovirt-engine-extension-aaa-ldap.authn::ldap23 .exalt.ps-authn] Creating LDAP pool 'authn' 2018-09-24 12:03:28,779+03 INFO [ovirt-engine-extension-aaa-ldap.authn::ldap23 .exalt.ps-authn] LDAP pool 'authn' information: vendor='null' version='null' 2018-09-24 12:03:28,780+03 INFO Extension 'ldap23.exalt.ps-authn' initialized 2018-09-24 12:03:28,781+03 INFO Initializing extension 'ldap23.exalt.ps-authz' 2018-09-24 12:03:28,781+03 INFO [ovirt-engine-extension-aaa-ldap.authz::ldap23 .exalt.ps-authz] Creating LDAP pool 'authz' 2018-09-24 12:03:29,020+03 INFO [ovirt-engine-extension-aaa-ldap.authz::ldap23 .exalt.ps-authz] LDAP pool 'authz' information: vendor='null' version='null' 2018-09-24 12:03:29,021+03 INFO [ovirt-engine-extension-aaa-ldap.authz::ldap23 .exalt.ps-authz] Available Namespaces: [dc=exalt,dc=ps] 2018-09-24 12:03:29,021+03 INFO Extension 'ldap23.exalt.ps-authz' initialized 2018-09-24 12:03:29,021+03 INFO Start of enabled extensions list 2018-09-24 12:03:29,021+03 INFO Instance name: 'ldap23.exalt.ps-authn', Extens ion name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www. ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpDADej Q/extensions.d/ldap23.exalt.ps-authn.properties', Initialized: 'true' 2018-09-24 12:03:29,022+03 INFO Instance name: 'ldap23.exalt.ps-authz', Extens ion name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.7', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License: 'ASL 2.0', Home: 'http://www. ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpDADej Q/extensions.d/ldap23.exalt.ps-authz.properties', Initialized: 'true' 2018-09-24 12:03:29,022+03 INFO End of enabled extensions list 2018-09-24 12:03:29,022+03 INFO ============================================== ========================== 2018-09-24 12:03:29,022+03 INFO ============================== Execution ===== ========================== 2018-09-24 12:03:29,022+03 INFO ============================================== ========================== 2018-09-24 12:03:29,022+03 INFO Iteration: 0 2018-09-24 12:03:29,026+03 INFO --- Begin QueryFilterRecord --- 2018-09-24 12:03:29,026+03 INFO AAA_AUTHZ_QUERY_FILTER_OPERATOR: 102 2018-09-24 12:03:29,027+03 INFO AAA_AUTHZ_QUERY_ENTITY: AAA_AUTHZ_QUERY_ENTITY _PRINCIPAL[1695cd36-4656-474f-b7bc-4466e12634e4] 2018-09-24 12:03:29,027+03 INFO --- Begin QueryFilterRecord --- 2018-09-24 12:03:29,027+03 INFO AAA_AUTHZ_QUERY_FILTER_OPERATOR: 0 2018-09-24 12:03:29,028+03 INFO AAA_AUTHZ_QUERY_FILTER_KEY: Extkey[name=AAA_ AUTHZ_PRINCIPAL_NAME;type=class java.lang.String;uuid=AAA_AUTHZ_PRINCIPAL_NAME[a0df5bcc-6ea d-40a2-8565-2f5cc8773bdd];] 2018-09-24 12:03:29,028+03 INFO AAA_AUTHZ_PRINCIPAL_NAME: * 2018-09-24 12:03:29,028+03 INFO --- End QueryFilterRecord --- 2018-09-24 12:03:29,028+03 INFO --- End QueryFilterRecord --- 2018-09-24 12:03:29,029+03 INFO API: -->Authz.InvokeCommands.QUERY_OPEN namesp ace='dc=exalt,dc=ps' 2018-09-24 12:03:29,035+03 INFO API: <--Authz.InvokeCommands.QUERY_OPEN 2018-09-24 12:03:29,035+03 INFO API: -->Authz.InvokeCommands.QUERY_EXECUTE 2018-09-24 12:03:29,059+03 INFO API: <--Authz.InvokeCommands.QUERY_EXECUTE cou nt=END 2018-09-24 12:03:29,060+03 INFO API: -->Authz.InvokeCommands.QUERY_CLOSE 2018-09-24 12:03:29,060+03 INFO API: <--Authz.InvokeCommands.QUERY_CLOSE [ INFO ] Search sequence executed successfully Please make sure that entity details are correct and that depending on the type o f the query group membership meets expectations (search for PrincipalRecord and GroupRecord titles).