7:54 p.m.
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Monday, October 6, 2014 7:46:05 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
(2014/10/07 0:50), Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Monday, October 6, 2014 6:47:15 PM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> Alon,
>>
>> Sorry, I forgetted to start my DNS server.
>> After that everything goes well.
>> I can add LDAP account and login to the Web Portal by LDAP account
>> successfully!
> great, now try this sequence:
> 1. define a group X in ldap.
> 2. define a group Y in ldap which is member of group X.
> 3. define user U that is member of group Y.
> 4. add group X into ovirt-engine as superuser.
> 5. try to login with user U.
>
> it should work unless we have an issue.
I have done sequence 1 to 4.
I can successflly login to the User Portal using ldap's user U.
But my VMs which I have added permission to the group X as superuser
are not displayed on the screen.
Why not? something wrong?
Can you please confirm the X is shown under "Directory Groups" tag when you
select user U?
>
>> (2014/10/07 0:33), Alon Bar-Lev wrote:
>>> 2014-10-07 00:27:59,829 DEBUG
>>> [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-14)
>>> Exception during sequence: LDAPException(resultCode=91 (connect error),
>>> errorMessage='An error occurred while attempting to connect to server
>>> ldap.rxc05271.com:389: java.io.IOException: An error occurred while
>>> attempting to establish a connection to server
>>> ldap.rxc05271.com/111.64.166.75:389: java.net.ConnectException:
>>> Connection refused')
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>> Cc: users(a)ovirt.org
>>>> Sent: Monday, October 6, 2014 6:31:17 PM
>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>
>>>> engine.log attached.
>>>>
>>>> Regards
>>>>
>>>> (2014/10/06 23:57), Alon Bar-Lev wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>> Cc: users(a)ovirt.org
>>>>>> Sent: Monday, October 6, 2014 3:40:05 PM
>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>
>>>>>> Alon,
>>>>>>
>>>>>> Thanks, the ovirt-engine-extension-aaa-ldap was updated
successfully.
>>>>>> and then I restarted my ovirt-engine.
>>>>>>
>>>>>> I tried the following:
>>>>>>
>>>>>> 1) Login to the User Portal using LDAP account
"tani".
>>>>>> Failed. (it was able to login before doing update.)
>>>>>>
>>>>>> 2) Then deleting the LDAP account "tani" from admin
portal.
>>>>>>
>>>>>> 3) Tried to add new account "tani" again.
>>>>>> I selected "rxc05271.com (authz-company)" instead of
"internal
>>>>>> (internal)"
>>>>>> but "Go" bottun is hidden.
>>>>>>
>>>>>> What should I do next?
>>>>> it probably means that the engine cannot interact with the ldap.
>>>>> can you see any error message during engine startup that related?
>>>>> can you stop engine remove engine.log start engine and send me the
>>>>> engine.log?
>>>>>
>>>>>> Regards,
>>>>>> Fumihide Tani
>>>>>>
>>>>>> (2014/10/06 20:39), Alon Bar-Lev wrote:
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>>>> Cc: users(a)ovirt.org
>>>>>>>> Sent: Monday, October 6, 2014 2:36:38 PM
>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
LDAP.
>>>>>>>>
>>>>>>>> Hi, Alon
>>>>>>>>
>>>>>>>> I can not update the
ovirt-engine-extension-aaa-ldap.noarch
>>>>>>>> 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the
one you
>>>>>>>> specified.
>>>>>>>> Is it still not exist in ovirt-3.5-pre repo?
>>>>>>> right, they are at snapshots.
>>>>>>> you can take the extension rpm and only update it.
>>>>>>>
>>>>>>> yum localupdate
>>>>>>>
http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-en...
>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Fumihide Tani
>>>>>>>>
>>>>>>>> (2014/10/06 17:07), Alon Bar-Lev wrote:
>>>>>>>>> Hello Fumihide,
>>>>>>>>>
>>>>>>>>> I pushed a significant change into ldap package, in
some cases it
>>>>>>>>> will
>>>>>>>>> provide better response times.
>>>>>>>>> The change is within group resolution.
>>>>>>>>> I wounder if you can test it, should be at least
>>>>>>>>>
ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d.
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Alon Bar-Lev.
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>>> From: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>>>> To: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>>>> Cc: users(a)ovirt.org
>>>>>>>>>> Sent: Thursday, September 25, 2014 4:41:09 PM
>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure
with simple LDAP.
>>>>>>>>>>
>>>>>>>>>> Hi, Alon,
>>>>>>>>>>
>>>>>>>>>> Without waiting until the weekend,
>>>>>>>>>> I have finished the flesh install of the oVirt
3.5 RC3 today.
>>>>>>>>>> As a result, with same AAA settings,
>>>>>>>>>> My OpenLDAP's users became possible to login
to the Web User
>>>>>>>>>> Portal
>>>>>>>>>> now.
>>>>>>>>>> Yes, RC3 is good for integrating with newest
OpenLDAP 2.4.23, RC2
>>>>>>>>>> is
>>>>>>>>>> not.
>>>>>>>>>>
>>>>>>>>>> Very much thanks,
>>>>>>>>>> Fumihide Tani
>>>>>>>>>>
>>>>>>>>>> (2014/09/25 7:27), Alon Bar-Lev wrote:
>>>>>>>>>>> This is severe, the upgrade is not working
properly you have
>>>>>>>>>>> issues
>>>>>>>>>>> with
>>>>>>>>>>> accessing database.
>>>>>>>>>>> If database is not important I suggest a
fresh install, run
>>>>>>>>>>> engine-cleanup
>>>>>>>>>>> then engine-setup.
>>>>>>>>>>> If database is important please forward this
to devel mailing
>>>>>>>>>>> list
>>>>>>>>>>> for
>>>>>>>>>>> someone to help, regardless of LDAP.
>>>>>>>>>>> Regards,
>>>>>>>>>>> Alon
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 4-09-25 00:36:08,389 ERROR
>>>>>>>>>>>
[org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo]
>>>>>>>>>>> (DefaultQuartzScheduler_Worker-7)
ArrayIndexOutOfBoundsException:
>>>>>>>>>>> 1:
>>>>>>>>>>> java.lang.ArrayIndexOutOfBoundsException: 1
>>>>>>>>>>> at
>>>>>>>>>>>
org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208)
>>>>>>>>>>> [dal.jar:]
>>>>>>>>>>> at
>>>>>>>>>>>
org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20)
>>>>>>>>>>> [dal.jar:]
>>>>>>>>>>> at
>>>>>>>>>>>
org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184)
>>>>>>>>>>> [dal.jar:]
>>>>>>>>>>> at
>>>>>>>>>>>
org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168)
>>>>>>>>>>> [dal.jar:]
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>> From: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>>>>>> To: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>>>>>> Sent: Wednesday, September 24, 2014
6:40:58 PM
>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not
configure with simple LDAP.
>>>>>>>>>>>>
>>>>>>>>>>>> Result of running engine-setup:
>>>>>>>>>>>> [root@ovirt ~]# yum list installed|grep
ovirt-engine
>>>>>>>>>>>> ovirt-engine.noarch
>>>>>>>>>>>>
3.5.0-0.0.master.20140923231936.git42065cc.el6
>>>>>>>>>>>>
>>>>>>>>>>>> Yes, engine is updated to newest one.!
>>>>>>>>>>>>
>>>>>>>>>>>> But I still continued failing to login.
>>>>>>>>>>>> engine.log attached.
>>>>>>>>>>>>
>>>>>>>>>>>> Very thanks,
>>>>>>>>>>>>
>>>>>>>>>>>> (2014/09/24 23:59), Alon Bar-Lev wrote:
>>>>>>>>>>>>> you probably need to run
engine-setup
>>>>>>>>>>>>>
>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>> From: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>>>>>>>> To: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>>>>>>>> Sent: Wednesday, September 24,
2014 4:59:22 PM
>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can
not configure with simple LDAP.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Oops!
>>>>>>>>>>>>>> # yum list installed | grep
ovirt-engine
>>>>>>>>>>>>>> ovirt-engine.noarch
>>>>>>>>>>>>>>
3.5.0-0.0.master.20140821064931.gitb794d66.el6
>>>>>>>>>>>>>> (snip)
>>>>>>>>>>>>>> .....
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Many ovirt-3.5-* modules are
updated by yum today but engine
>>>>>>>>>>>>>> is
>>>>>>>>>>>>>> not.
>>>>>>>>>>>>>> Why not updated to RC3??
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> (2014/09/24 22:42), Alon Bar-Lev
wrote:
>>>>>>>>>>>>>>> Unless I am missing
something, you run old engine:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 2014-09-24 22:16:24,136
INFO
>>>>>>>>>>>>>>>
[org.ovirt.engine.core.bll.Backend]
>>>>>>>>>>>>>>> (MSC
>>>>>>>>>>>>>>> service thread 1-12) Running
ovirt-engine
>>>>>>>>>>>>>>>
3.5.0-0.0.master.20140821064931.gitb794d66.el6
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ----- Original Message
-----
>>>>>>>>>>>>>>>> From: "Fumihide
Tani" <RXC05271(a)nifty.com>
>>>>>>>>>>>>>>>> To: "Alon
Bar-Lev" <alonbl(a)redhat.com>
>>>>>>>>>>>>>>>> Sent: Wednesday,
September 24, 2014 4:21:09 PM
>>>>>>>>>>>>>>>> Subject: Re:
[ovirt-users] Can not configure with simple
>>>>>>>>>>>>>>>> LDAP.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Attached engine.log with
"FINEST"
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> (2014/09/24 21:32), Alon
Bar-Lev wrote:
>>>>>>>>>>>>>>>>> ----- Original
Message -----
>>>>>>>>>>>>>>>>>> From:
"Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>>>>>>>>>>>>>> To: "Alon
Bar-Lev" <alonbl(a)redhat.com>
>>>>>>>>>>>>>>>>>> Cc:
users(a)ovirt.org
>>>>>>>>>>>>>>>>>> Sent: Wednesday,
September 24, 2014 3:24:23 PM
>>>>>>>>>>>>>>>>>> Subject: Re:
[ovirt-users] Can not configure with simple
>>>>>>>>>>>>>>>>>> LDAP.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi, Alon,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> I have updated
the oVirt 3.5 RC2 to the newest RC3 today.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> From
my CentOS6.5 based oVirt Engine server and
>>>>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>>>>> oVirt
>>>>>>>>>>>>>>>>>> Host
>>>>>>>>>>>>>>>>>>
server,
>>>>>>>>>>>>>>>>>> # yum clean all
>>>>>>>>>>>>>>>>>> # yum update
>>>>>>>>>>>>>>>>>> Then rebooted
these servers.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> But my LDAP
problem is continued and same result as
>>>>>>>>>>>>>>>>>> before.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> When I login to
the oVirt User Portal,
>>>>>>>>>>>>>>>>>> User Name: tani
>>>>>>>>>>>>>>>>>> Password:
(OpenLDAP's userPassword)
>>>>>>>>>>>>>>>>>> Domain:
rxc05271.com
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> UI displays
"General command validation failure."
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Please advice.
>>>>>>>>>>>>>>>>> Hopefully I can if
you provide log... :)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>> Fumihide Tani
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> (2014/09/22
22:20), Alon Bar-Lev wrote:
>>>>>>>>>>>>>>>>>>> The version
of engine you are using is probably out of
>>>>>>>>>>>>>>>>>>> date
>>>>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>>>> unsynced
>>>>>>>>>>>>>>>>>>> with latest
ldap package (20140821064931).
>>>>>>>>>>>>>>>>>>> Please make
sure you take latest from[1]
>>>>>>>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> [1]
http://resources.ovirt.org/pub/ovirt-3.5-snapshot/
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> -----
Original Message -----
>>>>>>>>>>>>>>>>>>>> From:
"Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>>>>>>>>>>>>>>>> To:
"Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>>>>>>>>>>>>>>>> Cc:
users(a)ovirt.org
>>>>>>>>>>>>>>>>>>>> Sent:
Monday, September 22, 2014 3:42:52 PM
>>>>>>>>>>>>>>>>>>>> Subject:
Re: [ovirt-users] Can not configure with simple
>>>>>>>>>>>>>>>>>>>> LDAP.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi,
Alon,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Your
requested engine.log attached.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Also, I
tried to login to web user portal by "tani"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> User
Name: tani
>>>>>>>>>>>>>>>>>>>>
Password: (OpenLDAP userPassword)
>>>>>>>>>>>>>>>>>>>> Domain:
rxc05271.com
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> cause:
"General command validation failure."
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Attated
log includes login by "Fumihide" first, "tani"
>>>>>>>>>>>>>>>>>>>> second.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Very
thanks,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
(2014/09/22 21:24), Alon Bar-Lev wrote:
>>>>>>>>>>>>>>>>>>>>>
----- Original Message -----
>>>>>>>>>>>>>>>>>>>>>>
From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>>>>>>>>>>>>>>>>>>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>>>>>>>>>>>>>>>>>>
Cc: users(a)ovirt.org
>>>>>>>>>>>>>>>>>>>>>>
Sent: Monday, September 22, 2014 3:06:39 PM
>>>>>>>>>>>>>>>>>>>>>>
Subject: Re: [ovirt-users] Can not configure with
>>>>>>>>>>>>>>>>>>>>>>
simple
>>>>>>>>>>>>>>>>>>>>>>
LDAP.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
Sorry, I misunderstood.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
This is outputs after LDAP user logged in.
>>>>>>>>>>>>>>>>>>>>>
Please attach log as files, not inline, easier to
>>>>>>>>>>>>>>>>>>>>>
handle.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
2014-09-22 21:01:32,638 DEBUG
>>>>>>>>>>>>>>>>>>>>>
[org.ovirt.engineextensions.aaa.ldap.Framework]
>>>>>>>>>>>>>>>>>>>>>
(ajp--127.0.0.1-8702-4)
>>>>>>>>>>>>>>>>>>>>>
SearchRequest:
>>>>>>>>>>>>>>>>>>>>>
SearchRequest(baseDN='dc=rxc05271,dc=com',
>>>>>>>>>>>>>>>>>>>>>
scope=SUB,
>>>>>>>>>>>>>>>>>>>>>
deref=NEVER, sizeLimit=0, timeLimit=0,
>>>>>>>>>>>>>>>>>>>>>
filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)',
>>>>>>>>>>>>>>>>>>>>>
attrs={entryUUID,
>>>>>>>>>>>>>>>>>>>>> uid,
displayName, memberOf, department, givenName, sn,
>>>>>>>>>>>>>>>>>>>>>
title,
>>>>>>>>>>>>>>>>>>>>>
mail},
>>>>>>>>>>>>>>>>>>>>>
controls={SimplePagedResultsControl(pageSize=100,
>>>>>>>>>>>>>>>>>>>>>
isCritical=false)})
>>>>>>>>>>>>>>>>>>>>>
2014-09-22 21:01:32,640 DEBUG
>>>>>>>>>>>>>>>>>>>>>
[org.ovirt.engineextensions.aaa.ldap.Framework]
>>>>>>>>>>>>>>>>>>>>>
(ajp--127.0.0.1-8702-4)
>>>>>>>>>>>>>>>>>>>>>
SearchResult: SearchResult(resultCode=0 (success),
>>>>>>>>>>>>>>>>>>>>>
messageID=3,
>>>>>>>>>>>>>>>>>>>>>
entriesReturned=0, referencesReturned=0,
>>>>>>>>>>>>>>>>>>>>>
responseControls={SimplePagedResultsControl(pageSize=0,
>>>>>>>>>>>>>>>>>>>>>
isCritical=false)})
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>From the above I see that a search was issued:
>>>>>>>>>>>>>>>>>>>>>>
&(objectClass=uidObject)(uid=*)(uid=Fumihide)
>>>>>>>>>>>>>>>>>>>>> And
no result returned.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Per
previous output:
>>>>>>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>>>>>>> #
tani, Users, rxc05271.com
>>>>>>>>>>>>>>>>>>>>> dn:
uid=tani,ou=Users,dc=rxc05271,dc=com
>>>>>>>>>>>>>>>>>>>>>
objectClass: inetOrgPerson
>>>>>>>>>>>>>>>>>>>>>
objectClass: uidObject
>>>>>>>>>>>>>>>>>>>>> uid:
tani
>>>>>>>>>>>>>>>>>>>>> cn:
Fumihide Tani
>>>>>>>>>>>>>>>>>>>>>
givenName: Fumihide
>>>>>>>>>>>>>>>>>>>>>
mail: tani(a)rxc05271.com
>>>>>>>>>>>>>>>>>>>>> sn:
Tani
>>>>>>>>>>>>>>>>>>>>>
userPassword:: a3VtaXRhbg==
>>>>>>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Your
user name is tani and not Fumihide.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
Alon
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>
>>
>