4:46 a.m.
On Thu, May 30, 2019 at 11:22 AM <rubennunes12(a)gmail.com> wrote:
Hello everyone.
So i don't know what i'm doing wrong but this doesn't seem to work, i
already made the confgurations needed on the
ovirt-engine-extension-aaa-ldap i'm a little desperate here.
I'm going to put all the commands that i already made and the errors that
they give:
- ovirt-engine-extension-aaa-ldap-setup
Stage: Setup validation
NOTE:
It is highly recommended to test drive the configuration before
applying it into engine.
Login sequence is executed automatically, but it is recommended
to also execute Search sequence manually after successful Login sequence.
Please provide credentials to test login flow:
Enter user name: node1
Enter user password:
[ INFO ] Executing login sequence...
[snip]
2019-05-29 03:45:59,778+01 INFO
========================================================================
2019-05-29 03:45:59,778+01 INFO
============================== Execution ===============================
2019-05-29 03:45:59,778+01 INFO
========================================================================
2019-05-29 03:45:59,779+01 INFO Iteration: 0
2019-05-29 03:45:59,780+01 INFO Profile='192.168.16.114'
authn='192.168.16.114-authn' authz='192.168.16.114'
mapping='null'
2019-05-29 03:45:59,780+01 INFO API:
-->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='192.168.16.114'
user='node1'
2019-05-29 03:45:59,835+01 INFO API:
<--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='192.168.16.114'
result=CREDENTIALS_INVALID
2019-05-29 03:45:59,843+01 SEVERE Authn.Result code is:
CREDENTIALS_INVALID
[ ERROR ] Login sequence failed
Please investigate details of the failure (search for lines
containing SEVERE log level).
Select test sequence to execute (Done, Abort, Login, Search)
[Abort]:
The setup command above didn't succeed, so before going ahead with further
steps you have to fix it. Error has been
2019-05-29 03:45:59,843+01 SEVERE Authn.Result code is: CREDENTIALS_INVALID
So the password used for user node1 is not ok. Is this the user you want to
use to bind?
What option did you choose:
9 - OpenLDAP Standard Schema
?
- ovirt-engine-extensions-tool aaa login-user --profile=lab.local
--user-name=node1
[snip]
2019-05-29 03:57:35,859+01 WARNING Exception: An error occurred
while
attempting to connect to server ldap.lab.local:389:
IOException(LDAPException(resultCode=91 (connect error), errorMessage='An
error occurred while attempting to establish a connection to server
ldap.lab.local/192.168.16.114:389: UnknownHostException(ldap.lab.local),
ldapSDKVersion=4.0.5, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58'))
here you go apparently now with an hostname (ldap.lab.local) but it seems
not
resolved.
So you have to decide if going with hostname or ip and use consistently,
because then your ldapsearch test is used below, it is used with ip
(192.168.16.114)
- ldapsearch -x -h 192.168.16.114 -b "dc=ldap,dc=local" -D
"cn=ldapadm,dc=lab,dc=local" -W
Enter LDAP Password:
# extended LDIF
#
Also, to bind here you use DN cn=ldapadm,dc=lab,dc=local, while in test
above you use node1...
I also see you have profile1 and profile 2 with profile1 using something
like "dc=sybase,dc=pt"... is this a working profile?
Anyway, as a starting point you could also read the automatic workflow here:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/...
or the manual method here:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/...
In particular:
Prerequisites:
- You must know the domain name of the DNS or the LDAP server.
- To set up secure connection between the LDAP server and the Manager,
ensure that a PEM-encoded CA certificate has been prepared.
- Have at least one set of account name and password ready to perform
search and login queries to the LDAP server.
HIH,
Gianluca