Re: [Users] unable to use ad authentication

----- Original Message -----

From: "david van zeebroeck" <david@analytics.brusselsairport.be> To: users@ovirt.org Sent: Tuesday, November 5, 2013 10:59:43 AM Subject: [Users] unable to use ad authentication

hello i'm trying to use ad authentication in my ovirt setup however i can't seem to get it to work.

i can browse the ad and select users & groups but logging in does not work

output of engine-manage-domains engine-manage-domains -report -action=validate Domain mydomain.com is valid. The configured user for domain mydomain.com is sync@MYDOMAIN.COM Manage Domains completed successfully

in the egine.log i see following info : 2013-11-05 09:53:45,088 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name '' 2013-11-05 09:53:45,100 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// srvdc06.mydomain.com:389 using user vzeebrod@MYDOMAIN.COM due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''. We should try the next server 2013-11-05 09:53:45,179 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name '' 2013-11-05 09:53:45,189 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// srvdc04.mydomain.com:389 using user vzeebrod@MYDOMAIN.COM due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''. We should try the next server 2013-11-05 09:53:45,253 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name '' 2013-11-05 09:53:45,262 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// srvdc05.mydomain.com:389 using user vzeebrod@MYDOMAIN.COM due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''. We should try the next server 2013-11-05 09:53:45,335 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; remaining name '' 2013-11-05 09:53:45,353 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// srvdc08.mydomain.com:389 using user vzeebrod@MYDOMAIN.COM due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; remaining name ''. We should try the next server 2013-11-05 09:53:45,433 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; remaining name '' 2013-11-05 09:53:45,451 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// srvdc07.mydomain.com:389 using user vzeebrod@MYDOMAIN.COM due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0]; remaining name ''. We should try the next server 2013-11-05 09:53:45,523 ERROR [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name '' 2013-11-05 09:53:45,540 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// srvdc03.mydomain.com:389 using user vzeebrod@MYDOMAIN.COM due to : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1]; remaining name ''. We should try the next server 2013-11-05 09:53:45,987 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--127.0.0.1-8702-11) CanDoAction of action LoginAdminUser failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION

Hi It seems that you had added a user using AD but didn't assign him any role. Please note that you should assign entities permissions (shown on the permission TAB when you select an entity instance)

when i try to get a kerberos ticket on the server i'm able to get a correct ticket

_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users