----- Original Message -----
From: "Ondra Machacek" <omachace(a)redhat.com>
To: "Yair Zaslavsky" <yzaslavs(a)redhat.com>
Cc: "cameron christensen" <cameron.christensen(a)uk2group.com>, "Alon
Bar-Lev" <alonbl(a)redhat.com>, users(a)ovirt.org
Sent: Thursday, November 20, 2014 6:09:53 PM
Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
Hi,
just tried it too.
I was not successfull to reproduce, but the problem is that
the domain part of LDAPSecurityAuthentication is uppercase
as Cameron wrote.
In 3.4 it is OK when it's upper case - everything works OK,
but in 3.5 it's not.
I checked differences and something like this would be enough, Yair?
diff --git
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExte
index f5ab28d..ccaf04a 100644
---
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
+++
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
@@ -240,7 +240,7 @@ public class EngineExtensionsManager extends
ExtensionsManager {
)
);
}
- if (nameValue[0].equals(domain)) {
+ if (nameValue[0].equalsIgnoreCase(domain)) {
result = nameValue[1];
break;
}
Ondra
Looks fine, but please email me in private a testing environment where I can check that.
Thanks!
P.S:
Another option worth trying is simply remove and add the domain, but hey, if you're
already in 3.5, and removed the domain, why not use he generic ldap provider?
----- Original Message -----
> From: "Alon Bar-Lev" <alonbl at redhat.com>
> To: "Cameron Christensen" <cameron.christensen at uk2group.com>,
"Yair
> Zaslavsky" <yzaslavs at redhat.com>
> Cc: users at
ovirt.org
> Sent: Monday, November 17, 2014 11:48:15 PM
> Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> IPA
>
>
>
> ----- Original Message -----
> > From: "Cameron Christensen" <cameron.christensen at
uk2group.com>
> > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > Cc: users at
ovirt.org
> > Sent: Monday, November 17, 2014 11:43:34 PM
> > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > IPA
> >
> >
> >
> > On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
> > >
> > > ----- Original Message -----
> > > > From: "Cameron Christensen" <cameron.christensen at
uk2group.com>
> > > > To: users at
ovirt.org
> > > > Sent: Friday, November 14, 2014 5:39:54 PM
> > > > Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails
to
> > > > IPA
> > > >
> > > > Hello,
> > > >
> > > > I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> > > > Starting up ovrit-engine the extension manager fails to properly
load
> > > > the service that handles Kerberos/LDAP.
> > >
> > > This is probably a bug, can you please execute the following and paste
> > > result:
> > >
> > > # PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c
"select * from
> > > vdc_options where option_name='LDAPSecurityAuthentication'"
> > >
> >
> > option_id | option_name | option_value | version
> > -----------+----------------------------+-------------------+---------
> > 165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
> >
> > I replaced my domain name with 'example.org'
> >
>
> I thought it will be empty... and it contains valid value. Yair?
No, this is fine actually.
>
> Any I truly suggest you try out the new provider... Much easier to resolve
> any issue, current and future, including easier to debug.
>
> Alon
>