9:55 a.m.
Hello,
I'm running oVirt Engine, OpenLDAP and BIND on same machine. and running oVirt
host (hypervisor) on another machine.
I tried to configure OpenLDAP using ovirt-engine-extension-aaa-ldap, but No
LDAP users can search and add from Web Admin Portal.
CentOS release 6.5 (Final)
ovirt-engine.noarch 3.5.0-0.0.master.20140821064931.gitb794d66.el6
ovirt-engine-extension-aaa-ldap.noarch
0.0.0-0.0.master.20140904095149.gitc7bd415.el6
openldap-clients.x86_64 2.4.23-34.el6_5.1
openldap-servers.x86_64 2.4.23-34.el6_5.1
cyrus-sasl-gssapi.x86_64 2.1.23-13.el6_3.1
bind.x86_64 32:9.8.2-0.23.rc1.el6_5.1
My setup procedures:
-------------------------------------------------------------------------------
# yum -y install openldap-servers openldap-clients
# yum -y install cyrus-sasl-gssapi
-------------------------------------------------------------------------------
# rm -rf /etc/openldap/slapd.d
# rm -rf /var/lib/ldap/*
-------------------------------------------------------------------------------
(Copy slapd.conf template)
# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
-------------------------------------------------------------------------------
# vi /etc/openldap/slapd.conf
....(snip)....
# remove comment out
moduleload memberof.la
....(snip)....
# modify value
by dn.exact="cn=Manager,dc=rxc05271,dc=com" read
....(snip)....
# add next two lines right under "database definitions"
authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=Manager,dc=rxc05271,dc=com"
....(snip)....
# modify value
suffix "dc=rxc05271,dc=com"
....(snip)....
# modify value
rootdn "cn=Manager,dc=rxc05271,dc=com"
....(snip)....
# remove comment out
rootpw secret
....(snip)....
# add next line to end of the file
overlay memberof
loglevel 4
-------------------------------------------------------------------------------
(Enabling SSL/TLS)
# vi /etc/sysconfig/ldap
SLAPD_LDAPS=yes
-------------------------------------------------------------------------------
(Enabling OpenLDAP log output)
# echo "local4.* /var/log/ldap.log" > /etc/rsyslog.d/ldaplog.conf
# service rsyslog restart
-------------------------------------------------------------------------------
# service slapd start
# chkconfig slapd on
-------------------------------------------------------------------------------
# vi ldapconfig.ldif
dn: dc=rxc05271,dc=com
objectClass: dcObject
objectClass: organization
dc: rxc05271
o: RXC05271
dn: ou=Groups,dc=rxc05271,dc=com
objectclass: organizationalUnit
ou: Groups
dn: ou=Users,dc=rxc05271,dc=com
objectclass: organizationalUnit
ou: Users
dn: uid=tani,ou=Users,dc=rxc05271,dc=com
objectclass: inetOrgPerson
objectclass: uidObject
uid: tani
cn: Tani
givenName: Fumihide
mail: tani(a)rxc05271.com
sn: 0
dn: cn=Power-Users,ou=Groups,dc=rxc05271,dc=com
objectclass: groupOfNames
cn: Power-Users
member: uid=tani,ou=Users,dc=rxc05271,dc=com
-------------------------------------------------------------------------------
# ldapadd -x -D "cn=Manager,dc=rxc05271,dc=com" -w secret -f ldapconfig.ldif
-------------------------------------------------------------------------------
# vi setsasl.ldif
replace: olcSaslSecProps
olcSaslSecProps: noanonymous,noplain,minssf=1
-
-------------------------------------------------------------------------------
# ldapmodify -x -D "cn=Manager,dc=rxc05271,dc=com" -w secret -f setsasl.ldif
-------------------------------------------------------------------------------
# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(uid=tani)" -b dc=rxc05271,dc=com
memberOf
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
version: 1
dn: uid=tani,ou=Users,dc=rxc05271,dc=com
memberOf: cn=Power-Users,ou=Groups,dc=rxc05271,dc=com
-------------------------------------------------------------------------------
# yum install ovirt-engine-extension-aaa-ldap
-------------------------------------------------------------------------------
# vi /etc/ovirt-engine/extensions.d/authn-company.properties
ovirt.engine.extension.name = authn-company
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = rxc05271.com
ovirt.engine.aaa.authn.authz.plugin = authz-company
config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
-------------------------------------------------------------------------------
# vi /etc/ovirt-engine/aaa/rxc05271.properties
include = <openldap.properties>
vars.user = cn=Manager,dc=rxc05271,dc=com
vars.password = 12345678
vars.server = ldap.rxc05271.com
pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file = /etc/openldap/certs/ldap.jks
pool.default.ssl.truststore.password = 12345678
pool.default.serverset.single.server = ${global:vars.server}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
-------------------------------------------------------------------------------
(Add DNS records)
# vi /var/named/rxc05271.com.db
(snip)
ldap IN A 192.168.0.5
_ldap._tcp.rxc05271.com. IN SRV 10 0 389 ovirt.rxc05271.com.
# vi /var/named/0.168.192.in-addr.arpa.db
(snip)
5 IN PTR ldap.rxc05271.com.
# service named restart
-------------------------------------------------------------------------------
# service ovirt-engine restart
-------------------------------------------------------------------------------
(ldap.log outputs after ovirt-engine restart)
[root@ovirt ~]# cat /var/log/ldap.log
Sep 21 14:33:20 ovirt slapd[19276]: connection_get(15)
Sep 21 14:33:20 ovirt slapd[19276]: connection_get(18)
Sep 21 14:33:20 ovirt slapd[19276]: connection_get(17)
Sep 21 14:33:20 ovirt slapd[19276]: connection_get(19)
Sep 21 14:33:20 ovirt slapd[19276]: connection_get(20)
Sep 21 14:33:20 ovirt slapd[19276]: connection_get(21)
Sep 21 14:33:20 ovirt slapd[19276]: connection_get(23)
Sep 21 14:33:20 ovirt slapd[19276]: connection_get(22)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(15)
Sep 21 14:33:25 ovirt slapd[19276]: do_extended: oid=1.3.6.1.4.1.1466.20037
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(15)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(15)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(15)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(15)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(15)
Sep 21 14:33:25 ovirt slapd[19276]: ==> bdb_bind: dn: cn=Manager,dc=rxc05271,dc=com
Sep 21 14:33:25 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(17)
Sep 21 14:33:25 ovirt slapd[19276]: do_extended: oid=1.3.6.1.4.1.1466.20037
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(17)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(17)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(17)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(17)
Sep 21 14:33:25 ovirt slapd[19276]: ==> bdb_bind: dn: cn=Manager,dc=rxc05271,dc=com
Sep 21 14:33:25 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(18)
Sep 21 14:33:25 ovirt slapd[19276]: do_extended: oid=1.3.6.1.4.1.1466.20037
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(18)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(18)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(18)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(18)
Sep 21 14:33:25 ovirt slapd[19276]: ==> bdb_bind: dn: cn=Manager,dc=rxc05271,dc=com
Sep 21 14:33:25 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(19)
Sep 21 14:33:25 ovirt slapd[19276]: do_extended: oid=1.3.6.1.4.1.1466.20037
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(19)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(19)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(19)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(19)
Sep 21 14:33:25 ovirt slapd[19276]: ==> bdb_bind: dn: cn=Manager,dc=rxc05271,dc=com
Sep 21 14:33:25 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(15)
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(15)
Sep 21 14:33:25 ovirt slapd[19276]: SRCH "" 0 0
Sep 21 14:33:25 ovirt slapd[19276]: 1 0 0
Sep 21 14:33:25 ovirt slapd[19276]: filter: (objectClass=*)
Sep 21 14:33:25 ovirt slapd[19276]: attrs:
Sep 21 14:33:25 ovirt slapd[19276]: *
Sep 21 14:33:25 ovirt slapd[19276]: +
Sep 21 14:33:25 ovirt slapd[19276]: altServer
Sep 21 14:33:25 ovirt slapd[19276]: changelog
Sep 21 14:33:25 ovirt slapd[19276]: firstChangeNumber
Sep 21 14:33:25 ovirt slapd[19276]: lastChangeNumber
Sep 21 14:33:25 ovirt slapd[19276]: lastPurgedChangeNumber
Sep 21 14:33:25 ovirt slapd[19276]: namingContexts
Sep 21 14:33:25 ovirt slapd[19276]: subschemaSubentry
Sep 21 14:33:25 ovirt slapd[19276]: supportedAuthPasswordSchemes
Sep 21 14:33:25 ovirt slapd[19276]: supportedControl
Sep 21 14:33:25 ovirt slapd[19276]: supportedExtension
Sep 21 14:33:25 ovirt slapd[19276]: supportedFeatures
Sep 21 14:33:25 ovirt slapd[19276]: supportedLDAPVersion
Sep 21 14:33:25 ovirt slapd[19276]: supportedSASLMechanisms
Sep 21 14:33:25 ovirt slapd[19276]: vendorName
Sep 21 14:33:25 ovirt slapd[19276]: vendorVersion
Sep 21 14:33:25 ovirt slapd[19276]:
Sep 21 14:33:25 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
Sep 21 14:33:25 ovirt slapd[19276]: connection_get(20)
Sep 21 14:33:25 ovirt slapd[19276]: do_extended: oid=1.3.6.1.4.1.1466.20037
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(20)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(20)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(20)
Sep 21 14:33:26 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(21)
Sep 21 14:33:26 ovirt slapd[19276]: do_extended: oid=1.3.6.1.4.1.1466.20037
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(21)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(21)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(21)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(21)
Sep 21 14:33:26 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(22)
Sep 21 14:33:26 ovirt slapd[19276]: do_extended: oid=1.3.6.1.4.1.1466.20037
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(22)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(22)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(22)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(22)
Sep 21 14:33:26 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(23)
Sep 21 14:33:26 ovirt slapd[19276]: do_extended: oid=1.3.6.1.4.1.1466.20037
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(23)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(23)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(23)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(23)
Sep 21 14:33:26 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(20)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(20)
Sep 21 14:33:26 ovirt slapd[19276]: SRCH "" 0 0
Sep 21 14:33:26 ovirt slapd[19276]: 1 0 0
Sep 21 14:33:26 ovirt slapd[19276]: filter: (objectClass=*)
Sep 21 14:33:26 ovirt slapd[19276]: attrs:
Sep 21 14:33:26 ovirt slapd[19276]: *
Sep 21 14:33:26 ovirt slapd[19276]: +
Sep 21 14:33:26 ovirt slapd[19276]: altServer
Sep 21 14:33:26 ovirt slapd[19276]: changelog
Sep 21 14:33:26 ovirt slapd[19276]: firstChangeNumber
Sep 21 14:33:26 ovirt slapd[19276]: lastChangeNumber
Sep 21 14:33:26 ovirt slapd[19276]: lastPurgedChangeNumber
Sep 21 14:33:26 ovirt slapd[19276]: namingContexts
Sep 21 14:33:26 ovirt slapd[19276]: subschemaSubentry
Sep 21 14:33:26 ovirt slapd[19276]: supportedAuthPasswordSchemes
Sep 21 14:33:26 ovirt slapd[19276]: supportedControl
Sep 21 14:33:26 ovirt slapd[19276]: supportedExtension
Sep 21 14:33:26 ovirt slapd[19276]: supportedFeatures
Sep 21 14:33:26 ovirt slapd[19276]: supportedLDAPVersion
Sep 21 14:33:26 ovirt slapd[19276]: supportedSASLMechanisms
Sep 21 14:33:26 ovirt slapd[19276]: vendorName
Sep 21 14:33:26 ovirt slapd[19276]: vendorVersion
Sep 21 14:33:26 ovirt slapd[19276]:
Sep 21 14:33:26 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(17)
Sep 21 14:33:26 ovirt slapd[19276]: connection_get(17)
Sep 21 14:33:26 ovirt slapd[19276]: SRCH "" 0 0
Sep 21 14:33:26 ovirt slapd[19276]: 0 0 0
Sep 21 14:33:26 ovirt slapd[19276]: filter: (&(objectClass=*))
Sep 21 14:33:26 ovirt slapd[19276]: attrs:
Sep 21 14:33:26 ovirt slapd[19276]: namingContexts
Sep 21 14:33:26 ovirt slapd[19276]:
Sep 21 14:33:26 ovirt slapd[19276]: send_ldap_result: err=0 matched=""
text=""
-------------------------------------------------------------------------------
(engine.log outputs after ovirt-engine restart)
# cat /var/log/ovirt-engine/engine.log | grep extensions
2014-09-21 14:33:25,591 INFO [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service
thread 1-15) Creating LDAP pool 'authz' for 'authn-company'
2014-09-21 14:33:25,962 INFO [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service
thread 1-15) Creating LDAP pool 'authn' for 'authn-company'
2014-09-21 14:33:26,195 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-15) Start of enabled extensions list
2014-09-21 14:33:26,196 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-15) Instance name: 'builtin-authn-internal', Extension name:
'Internal Authn (Built-in)', Version: 'N/A', Notes: '', License:
'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt
Project', Build interface Version: '0', File: 'N/A', Initialized:
'true'
2014-09-21 14:33:26,196 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-15) Instance name: 'authn-company', Extension name:
'aaa.ldap.authn', Version: '0.0.0_master', Notes: 'Display name:
ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20140904095149.gitc7bd415.el6',
License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt
Project', Build interface Version: '0', File:
'/etc/ovirt-engine/extensions.d/authn-company.properties', Initialized:
'true'
2014-09-21 14:33:26,197 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-15) Instance name: 'internal', Extension name: 'Internal
Authz (Built-in)', Version: 'N/A', Notes: '', License: 'ASL
2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interface Version: '0', File: 'N/A', Initialized: 'true'
2014-09-21 14:33:26,197 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC
service thread 1-15) End of enabled extensions list
-------------------------------------------------------------------------------
I could not find out any erros in engine.log as well as ldap.log.
And I can not search add ldap users from Web Admin Portal.
Click "Users" tab, then click "Add".
I can select "internal (internal)" only on [Add Users and Groups] in
"Search"
field.
I do not know where the cause is. I'm missing another settings required?
Thanks,
Fumihide Tani
10:19 a.m.
Hi,
You need to create authz extension as well (authz-company).
The configuration you provided is establishing authentication only (authn) which refer to
authz-company but you did not add it.
The terms are:
1. authn - who the user is.
2. authz - what user is permitted.
3. profile - combination of the two.
-----------------------------
# vi /etc/ovirt-engine/extensions.d/authz-company.properties
ovirt.engine.extension.name = authz-company
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
--------------------------------------------------
Regards,
Alon
10:19 a.m.
----- Original Message -----
From: "Alon Bar-Lev" <alonbl(a)redhat.com>
To: "Fumihide Tani" <RXC05271(a)nifty.com>
Cc: users(a)ovirt.org
Sent: Sunday, September 21, 2014 10:19:11 AM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
Hi,
You need to create authz extension as well (authz-company).
The configuration you provided is establishing authentication only (authn)
which refer to authz-company but you did not add it.
The terms are:
1. authn - who the user is.
2. authz - what user is permitted.
3. profile - combination of the two.
-----------------------------
# vi /etc/ovirt-engine/extensions.d/authz-company.properties
ovirt.engine.extension.name = authz-company
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
Sorry:
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides =
org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
--------------------------------------------------
Regards,
Alon
11:11 a.m.
Hi, Alon
Very thanks for your help.
My problem was solved and the AAA is working now.
I could add LDAP user. :)
Fumihide Tani
(2014/09/21 16:19), Alon Bar-Lev wrote:
----- Original Message -----
> From: "Alon Bar-Lev" <alonbl(a)redhat.com>
> To: "Fumihide Tani" <RXC05271(a)nifty.com>
> Cc: users(a)ovirt.org
> Sent: Sunday, September 21, 2014 10:19:11 AM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>
> Hi,
>
> You need to create authz extension as well (authz-company).
> The configuration you provided is establishing authentication only (authn)
> which refer to authz-company but you did not add it.
>
> The terms are:
> 1. authn - who the user is.
> 2. authz - what user is permitted.
> 3. profile - combination of the two.
>
> -----------------------------
> # vi /etc/ovirt-engine/extensions.d/authz-company.properties
> ovirt.engine.extension.name = authz-company
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
Sorry:
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
> config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
> --------------------------------------------------
>
> Regards,
> Alon
11:13 a.m.
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Sunday, September 21, 2014 11:11:11 AM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
Hi, Alon
Very thanks for your help.
My problem was solved and the AAA is working now.
I could add LDAP user. :)
Great.
Can you please send me a patch or modified README to make it better?
Alon
Fumihide Tani
(2014/09/21 16:19), Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> To: "Fumihide Tani" <RXC05271(a)nifty.com>
>> Cc: users(a)ovirt.org
>> Sent: Sunday, September 21, 2014 10:19:11 AM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> Hi,
>>
>> You need to create authz extension as well (authz-company).
>> The configuration you provided is establishing authentication only (authn)
>> which refer to authz-company but you did not add it.
>>
>> The terms are:
>> 1. authn - who the user is.
>> 2. authz - what user is permitted.
>> 3. profile - combination of the two.
>>
>> -----------------------------
>> # vi /etc/ovirt-engine/extensions.d/authz-company.properties
>> ovirt.engine.extension.name = authz-company
>> ovirt.engine.extension.bindings.method = jbossmodule
>> ovirt.engine.extension.binding.jbossmodule.module =
>> org.ovirt.engine-extensions.aaa.ldap
>> ovirt.engine.extension.binding.jbossmodule.class =
>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
> Sorry:
> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>> ovirt.engine.extension.provides =
>> org.ovirt.engine.api.extensions.aaa.Authz
>> config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
>> --------------------------------------------------
>>
>> Regards,
>> Alon
>
6 p.m.
Hi, Alon,
Following Alon's advice, I added authz-company.properties file to the configuration
directory.
Then OpenLDAP users can searched from oVirt Web admin. and I could add it's users
to the portal successfully.
But I have another problem.
These OpenLDAP users that I added can not login to ovirt web user portal.
User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as
"First Name")
Password: (I specified it as OpenLDAP's userPassword for "Fumihide")
Domain: rxc05271.com (I selected instead of "internal")
?
Please advice me, it's so thanksfull.
Fumihide Tani
(2014/09/21 17:13), Alon Bar-Lev wrote:
----- Original Message -----
> From: "Fumihide Tani" <RXC05271(a)nifty.com>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Sunday, September 21, 2014 11:11:11 AM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>
> Hi, Alon
>
> Very thanks for your help.
> My problem was solved and the AAA is working now.
> I could add LDAP user. :)
Great.
Can you please send me a patch or modified README to make it better?
Alon
> Fumihide Tani
>
> (2014/09/21 16:19), Alon Bar-Lev wrote:
>> ----- Original Message -----
>>> From: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>> To: "Fumihide Tani" <RXC05271(a)nifty.com>
>>> Cc: users(a)ovirt.org
>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>
>>> Hi,
>>>
>>> You need to create authz extension as well (authz-company).
>>> The configuration you provided is establishing authentication only (authn)
>>> which refer to authz-company but you did not add it.
>>>
>>> The terms are:
>>> 1. authn - who the user is.
>>> 2. authz - what user is permitted.
>>> 3. profile - combination of the two.
>>>
>>> -----------------------------
>>> # vi /etc/ovirt-engine/extensions.d/authz-company.properties
>>> ovirt.engine.extension.name = authz-company
>>> ovirt.engine.extension.bindings.method = jbossmodule
>>> ovirt.engine.extension.binding.jbossmodule.module =
>>> org.ovirt.engine-extensions.aaa.ldap
>>> ovirt.engine.extension.binding.jbossmodule.class =
>>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>> Sorry:
>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>> ovirt.engine.extension.provides =
>>> org.ovirt.engine.api.extensions.aaa.Authz
>>> config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
>>> --------------------------------------------------
>>>
>>> Regards,
>>> Alon
>
>
6:16 p.m.
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Sunday, September 21, 2014 6:00:48 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
Hi, Alon,
Following Alon's advice, I added authz-company.properties file to the
configuration directory.
Then OpenLDAP users can searched from oVirt Web admin. and I could add it's
users
to the portal successfully.
But I have another problem.
These OpenLDAP users that I added can not login to ovirt web user portal.
User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as
"First
Name")
Password: (I specified it as OpenLDAP's userPassword for "Fumihide")
Domain: rxc05271.com (I selected instead of "internal")
?
1. What error do you get at ui?
2. Please look at engine.log while attempting to login, if you see something helpful.
3. Please make sure that the following is a success:
$ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b <BASE_DN>
uid=<LOGIN_NAME>
4. If working please modify
/usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
---
<file-handler name="ENGINE" autoflush="true">
- <level name="INFO"/>
- <level name="FINEST"/>
<snip>
+ <logger category="org.ovirt.engineextensions.aaa.ldap">
+ <level name="FINEST"/>
+ </logger>
<logger category="org.ovirt.engine.core.bll">
---
Restart engine, attempt login, send me the output.
Please advice me, it's so thanksfull.
Fumihide Tani
(2014/09/21 17:13), Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Sunday, September 21, 2014 11:11:11 AM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> Hi, Alon
>>
>> Very thanks for your help.
>> My problem was solved and the AAA is working now.
>> I could add LDAP user. :)
> Great.
> Can you please send me a patch or modified README to make it better?
>
> Alon
>
>> Fumihide Tani
>>
>> (2014/09/21 16:19), Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>> To: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>> Cc: users(a)ovirt.org
>>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>
>>>> Hi,
>>>>
>>>> You need to create authz extension as well (authz-company).
>>>> The configuration you provided is establishing authentication only
>>>> (authn)
>>>> which refer to authz-company but you did not add it.
>>>>
>>>> The terms are:
>>>> 1. authn - who the user is.
>>>> 2. authz - what user is permitted.
>>>> 3. profile - combination of the two.
>>>>
>>>> -----------------------------
>>>> # vi /etc/ovirt-engine/extensions.d/authz-company.properties
>>>> ovirt.engine.extension.name = authz-company
>>>> ovirt.engine.extension.bindings.method = jbossmodule
>>>> ovirt.engine.extension.binding.jbossmodule.module =
>>>> org.ovirt.engine-extensions.aaa.ldap
>>>> ovirt.engine.extension.binding.jbossmodule.class =
>>>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>> Sorry:
>>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>>> ovirt.engine.extension.provides =
>>>> org.ovirt.engine.api.extensions.aaa.Authz
>>>> config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
>>>> --------------------------------------------------
>>>>
>>>> Regards,
>>>> Alon
>>
>>
>
4:16 a.m.
(2014/09/22 0:16), Alon Bar-Lev wrote:
----- Original Message -----
> From: "Fumihide Tani" <RXC05271(a)nifty.com>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Sunday, September 21, 2014 6:00:48 PM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>
> Hi, Alon,
>
> Following Alon's advice, I added authz-company.properties file to the
> configuration directory.
> Then OpenLDAP users can searched from oVirt Web admin. and I could add it's
> users
> to the portal successfully.
>
> But I have another problem.
> These OpenLDAP users that I added can not login to ovirt web user portal.
>
> User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as
"First
> Name")
> Password: (I specified it as OpenLDAP's userPassword for "Fumihide")
> Domain: rxc05271.com (I selected instead of "internal")
>
> ?
1. What error do you get at ui?
"The user name or password is incorrect."
2. Please look at engine.log while attempting to login, if you see something helpful.
2014-09-22 09:53:27,669 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with authentication profile
"rxc05271.com" because the authentication failed.
2014-09-22 09:53:27,685 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event ID: -1,
Message: User Fumihide cannot login, please verify the username and password.
2014-09-22 09:53:27,693 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event ID: -1,
Message: User Fumihide failed to log in.
2014-09-22 09:53:27,693 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
(ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
3. Please make sure that the following is a success:
$ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b <BASE_DN>
uid=<LOGIN_NAME>
[root@ovirt ~]# ldapsearch -H ldapi:/// -x -W -D
"uid=tani,ou=Users,dc=rxc05271,dc=com" -b 'dc=rxc05271,dc=com' -x
'(uid=tani)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=rxc05271,dc=com> with scope subtree
# filter: (uid=tani)
# requesting: ALL
#
# tani, Users, rxc05271.com
dn: uid=tani,ou=Users,dc=rxc05271,dc=com
objectClass: inetOrgPerson
objectClass: uidObject
uid: tani
cn: Fumihide Tani
givenName: Fumihide
mail: tani(a)rxc05271.com
sn: Tani
userPassword:: a3VtaXRhbg==
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@ovirt ~]#
4. If working please modify
/usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
---
<file-handler name="ENGINE" autoflush="true">
- <level name="INFO"/>
- <level name="FINEST"/>
<snip>
+ <logger category="org.ovirt.engineextensions.aaa.ldap">
+ <level name="FINEST"/>
+ </logger>
<logger category="org.ovirt.engine.core.bll">
---
Restart engine, attempt login, send me the output.
2014-09-22 10:03:57,517 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-7) Cant login user "Fumihide" with authentication profile
"rxc05271.com" because the authentication failed.
2014-09-22 10:03:57,534 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event ID: -1,
Message: User Fumihide cannot login, please verify the username and password.
2014-09-22 10:03:57,545 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event ID: -1,
Message: User Fumihide failed to log in.
2014-09-22 10:03:57,545 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
(ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
(logger level is not changed to FINEST? outputs is same as above.)
Thanks,
Fumihide Tani
> Please advice me, it's so thanksfull.
>
> Fumihide Tani
>
>
> (2014/09/21 17:13), Alon Bar-Lev wrote:
>> ----- Original Message -----
>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>> Cc: users(a)ovirt.org
>>> Sent: Sunday, September 21, 2014 11:11:11 AM
>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>
>>> Hi, Alon
>>>
>>> Very thanks for your help.
>>> My problem was solved and the AAA is working now.
>>> I could add LDAP user. :)
>> Great.
>> Can you please send me a patch or modified README to make it better?
>>
>> Alon
>>
>>> Fumihide Tani
>>>
>>> (2014/09/21 16:19), Alon Bar-Lev wrote:
>>>> ----- Original Message -----
>>>>> From: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>> To: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>> Cc: users(a)ovirt.org
>>>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>
>>>>> Hi,
>>>>>
>>>>> You need to create authz extension as well (authz-company).
>>>>> The configuration you provided is establishing authentication only
>>>>> (authn)
>>>>> which refer to authz-company but you did not add it.
>>>>>
>>>>> The terms are:
>>>>> 1. authn - who the user is.
>>>>> 2. authz - what user is permitted.
>>>>> 3. profile - combination of the two.
>>>>>
>>>>> -----------------------------
>>>>> # vi /etc/ovirt-engine/extensions.d/authz-company.properties
>>>>> ovirt.engine.extension.name = authz-company
>>>>> ovirt.engine.extension.bindings.method = jbossmodule
>>>>> ovirt.engine.extension.binding.jbossmodule.module =
>>>>> org.ovirt.engine-extensions.aaa.ldap
>>>>> ovirt.engine.extension.binding.jbossmodule.class =
>>>>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>>> Sorry:
>>>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>>>> ovirt.engine.extension.provides =
>>>>> org.ovirt.engine.api.extensions.aaa.Authz
>>>>> config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
>>>>> --------------------------------------------------
>>>>>
>>>>> Regards,
>>>>> Alon
>>>
>
>
9 a.m.
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Monday, September 22, 2014 4:16:17 AM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
(2014/09/22 0:16), Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Sunday, September 21, 2014 6:00:48 PM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> Hi, Alon,
>>
>> Following Alon's advice, I added authz-company.properties file to the
>> configuration directory.
>> Then OpenLDAP users can searched from oVirt Web admin. and I could add
>> it's
>> users
>> to the portal successfully.
>>
>> But I have another problem.
>> These OpenLDAP users that I added can not login to ovirt web user portal.
>>
>> User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as
>> "First
>> Name")
>> Password: (I specified it as OpenLDAP's userPassword for
"Fumihide")
>> Domain: rxc05271.com (I selected instead of "internal")
>>
>> ?
> 1. What error do you get at ui?
"The user name or password is incorrect."
>
> 2. Please look at engine.log while attempting to login, if you see
> something helpful.
2014-09-22 09:53:27,669 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with authentication
profile "rxc05271.com" because the authentication failed.
2014-09-22 09:53:27,685 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User Fumihide cannot login, please verify the username and
password.
2014-09-22 09:53:27,693 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User Fumihide failed to log in.
2014-09-22 09:53:27,693 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
(ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>
> 3. Please make sure that the following is a success:
> $ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b <BASE_DN>
> uid=<LOGIN_NAME>
[root@ovirt ~]# ldapsearch -H ldapi:/// -x -W -D
"uid=tani,ou=Users,dc=rxc05271,dc=com" -b 'dc=rxc05271,dc=com' -x
'(uid=tani)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=rxc05271,dc=com> with scope subtree
# filter: (uid=tani)
# requesting: ALL
#
# tani, Users, rxc05271.com
dn: uid=tani,ou=Users,dc=rxc05271,dc=com
objectClass: inetOrgPerson
objectClass: uidObject
uid: tani
cn: Fumihide Tani
givenName: Fumihide
mail: tani(a)rxc05271.com
sn: Tani
userPassword:: a3VtaXRhbg==
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@ovirt ~]#
>
> 4. If working please modify
> /usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
> ---
> <file-handler name="ENGINE" autoflush="true">
> - <level name="INFO"/>
> - <level name="FINEST"/>
> <snip>
> + <logger category="org.ovirt.engineextensions.aaa.ldap">
> + <level name="FINEST"/>
> + </logger>
> <logger category="org.ovirt.engine.core.bll">
> ---
> Restart engine, attempt login, send me the output.
2014-09-22 10:03:57,517 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-7) Cant login user "Fumihide" with authentication
profile "rxc05271.com" because the authentication failed.
2014-09-22 10:03:57,534 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User Fumihide cannot login, please verify the username and
password.
2014-09-22 10:03:57,545 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User Fumihide failed to log in.
2014-09-22 10:03:57,545 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
(ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
(logger level is not changed to FINEST? outputs is same as above.)
I had a mistake above... the file-handler level should be set to finest.
<file-handler name="ENGINE" autoflush="true">
<level name="FINEST"/>
can you confirm?
or best send me the engine.xml.in file and I can see what's wrong.
thanks!
Thanks,
Fumihide Tani
>> Please advice me, it's so thanksfull.
>>
>> Fumihide Tani
>>
>>
>> (2014/09/21 17:13), Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>> Cc: users(a)ovirt.org
>>>> Sent: Sunday, September 21, 2014 11:11:11 AM
>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>
>>>> Hi, Alon
>>>>
>>>> Very thanks for your help.
>>>> My problem was solved and the AAA is working now.
>>>> I could add LDAP user. :)
>>> Great.
>>> Can you please send me a patch or modified README to make it better?
>>>
>>> Alon
>>>
>>>> Fumihide Tani
>>>>
>>>> (2014/09/21 16:19), Alon Bar-Lev wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>> To: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>> Cc: users(a)ovirt.org
>>>>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> You need to create authz extension as well (authz-company).
>>>>>> The configuration you provided is establishing authentication
only
>>>>>> (authn)
>>>>>> which refer to authz-company but you did not add it.
>>>>>>
>>>>>> The terms are:
>>>>>> 1. authn - who the user is.
>>>>>> 2. authz - what user is permitted.
>>>>>> 3. profile - combination of the two.
>>>>>>
>>>>>> -----------------------------
>>>>>> # vi /etc/ovirt-engine/extensions.d/authz-company.properties
>>>>>> ovirt.engine.extension.name = authz-company
>>>>>> ovirt.engine.extension.bindings.method = jbossmodule
>>>>>> ovirt.engine.extension.binding.jbossmodule.module =
>>>>>> org.ovirt.engine-extensions.aaa.ldap
>>>>>> ovirt.engine.extension.binding.jbossmodule.class =
>>>>>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>>>> Sorry:
>>>>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>>>>> ovirt.engine.extension.provides =
>>>>>> org.ovirt.engine.api.extensions.aaa.Authz
>>>>>> config.profile.file.1 =
/etc/ovirt-engine/aaa/rxc05271.properties
>>>>>> --------------------------------------------------
>>>>>>
>>>>>> Regards,
>>>>>> Alon
>>>>
>>
>>
>
1:10 p.m.
(2014/09/22 15:00), Alon Bar-Lev wrote:
----- Original Message -----
> From: "Fumihide Tani" <RXC05271(a)nifty.com>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Monday, September 22, 2014 4:16:17 AM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>
> (2014/09/22 0:16), Alon Bar-Lev wrote:
>> ----- Original Message -----
>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>> Cc: users(a)ovirt.org
>>> Sent: Sunday, September 21, 2014 6:00:48 PM
>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>
>>> Hi, Alon,
>>>
>>> Following Alon's advice, I added authz-company.properties file to the
>>> configuration directory.
>>> Then OpenLDAP users can searched from oVirt Web admin. and I could add
>>> it's
>>> users
>>> to the portal successfully.
>>>
>>> But I have another problem.
>>> These OpenLDAP users that I added can not login to ovirt web user portal.
>>>
>>> User Name: Fumihide (This is shown on Web Admin Portal "Users" tab
as
>>> "First
>>> Name")
>>> Password: (I specified it as OpenLDAP's userPassword for
"Fumihide")
>>> Domain: rxc05271.com (I selected instead of "internal")
>>>
>>> ?
>> 1. What error do you get at ui?
> "The user name or password is incorrect."
>
>> 2. Please look at engine.log while attempting to login, if you see
>> something helpful.
> 2014-09-22 09:53:27,669 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
> (ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with authentication
> profile "rxc05271.com" because the authentication failed.
> 2014-09-22 09:53:27,685 ERROR
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event
> ID: -1, Message: User Fumihide cannot login, please verify the username and
> password.
> 2014-09-22 09:53:27,693 ERROR
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event
> ID: -1, Message: User Fumihide failed to log in.
> 2014-09-22 09:53:27,693 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
> (ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>
>> 3. Please make sure that the following is a success:
>> $ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b <BASE_DN>
>> uid=<LOGIN_NAME>
> [root@ovirt ~]# ldapsearch -H ldapi:/// -x -W -D
> "uid=tani,ou=Users,dc=rxc05271,dc=com" -b 'dc=rxc05271,dc=com' -x
> '(uid=tani)'
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=rxc05271,dc=com> with scope subtree
> # filter: (uid=tani)
> # requesting: ALL
> #
>
> # tani, Users, rxc05271.com
> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
> objectClass: inetOrgPerson
> objectClass: uidObject
> uid: tani
> cn: Fumihide Tani
> givenName: Fumihide
> mail: tani(a)rxc05271.com
> sn: Tani
> userPassword:: a3VtaXRhbg==
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> [root@ovirt ~]#
>
>> 4. If working please modify
>> /usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
>> ---
>> <file-handler name="ENGINE" autoflush="true">
>> - <level name="INFO"/>
>> - <level name="FINEST"/>
>> <snip>
>> + <logger category="org.ovirt.engineextensions.aaa.ldap">
>> + <level name="FINEST"/>
>> + </logger>
>> <logger category="org.ovirt.engine.core.bll">
>> ---
>> Restart engine, attempt login, send me the output.
> 2014-09-22 10:03:57,517 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
> (ajp--127.0.0.1-8702-7) Cant login user "Fumihide" with authentication
> profile "rxc05271.com" because the authentication failed.
> 2014-09-22 10:03:57,534 ERROR
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event
> ID: -1, Message: User Fumihide cannot login, please verify the username and
> password.
> 2014-09-22 10:03:57,545 ERROR
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom Event
> ID: -1, Message: User Fumihide failed to log in.
> 2014-09-22 10:03:57,545 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
> (ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed.
> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>
> (logger level is not changed to FINEST? outputs is same as above.)
>
I had a mistake above... the file-handler level should be set to finest.
<file-handler name="ENGINE" autoflush="true">
<level name="FINEST"/>
can you confirm?
or best send me the engine.xml.in file and I can see what's wrong.
thanks!
I set file-handler's level name to "FINEST". but outputs are same as
before.
I attached the ovirt-engine.xml.in
Regards,
> Thanks,
> Fumihide Tani
>
>
>>> Please advice me, it's so thanksfull.
>>>
>>> Fumihide Tani
>>>
>>>
>>> (2014/09/21 17:13), Alon Bar-Lev wrote:
>>>> ----- Original Message -----
>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>> Cc: users(a)ovirt.org
>>>>> Sent: Sunday, September 21, 2014 11:11:11 AM
>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>
>>>>> Hi, Alon
>>>>>
>>>>> Very thanks for your help.
>>>>> My problem was solved and the AAA is working now.
>>>>> I could add LDAP user. :)
>>>> Great.
>>>> Can you please send me a patch or modified README to make it better?
>>>>
>>>> Alon
>>>>
>>>>> Fumihide Tani
>>>>>
>>>>> (2014/09/21 16:19), Alon Bar-Lev wrote:
>>>>>> ----- Original Message -----
>>>>>>> From: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>>> To: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>>> Cc: users(a)ovirt.org
>>>>>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
LDAP.
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> You need to create authz extension as well (authz-company).
>>>>>>> The configuration you provided is establishing authentication
only
>>>>>>> (authn)
>>>>>>> which refer to authz-company but you did not add it.
>>>>>>>
>>>>>>> The terms are:
>>>>>>> 1. authn - who the user is.
>>>>>>> 2. authz - what user is permitted.
>>>>>>> 3. profile - combination of the two.
>>>>>>>
>>>>>>> -----------------------------
>>>>>>> # vi /etc/ovirt-engine/extensions.d/authz-company.properties
>>>>>>> ovirt.engine.extension.name = authz-company
>>>>>>> ovirt.engine.extension.bindings.method = jbossmodule
>>>>>>> ovirt.engine.extension.binding.jbossmodule.module =
>>>>>>> org.ovirt.engine-extensions.aaa.ldap
>>>>>>> ovirt.engine.extension.binding.jbossmodule.class =
>>>>>>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>>>>> Sorry:
>>>>>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>>>>>> ovirt.engine.extension.provides =
>>>>>>> org.ovirt.engine.api.extensions.aaa.Authz
>>>>>>> config.profile.file.1 =
/etc/ovirt-engine/aaa/rxc05271.properties
>>>>>>> --------------------------------------------------
>>>>>>>
>>>>>>> Regards,
>>>>>>> Alon
>>>
>
>
1:15 p.m.
You need to add the following:
+ <logger category="org.ovirt.engineextensions.aaa.ldap">
+ <level name="FINEST"/>
+ </logger>
<logger category="org.ovirt.engine.core.bll">
Look at the + lines, please add these (without the +) just before: <logger
category="org.ovirt.engine.core.bll">
Thanks!
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Monday, September 22, 2014 1:10:57 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
(2014/09/22 15:00), Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Monday, September 22, 2014 4:16:17 AM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> (2014/09/22 0:16), Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>> Cc: users(a)ovirt.org
>>>> Sent: Sunday, September 21, 2014 6:00:48 PM
>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>
>>>> Hi, Alon,
>>>>
>>>> Following Alon's advice, I added authz-company.properties file to
the
>>>> configuration directory.
>>>> Then OpenLDAP users can searched from oVirt Web admin. and I could add
>>>> it's
>>>> users
>>>> to the portal successfully.
>>>>
>>>> But I have another problem.
>>>> These OpenLDAP users that I added can not login to ovirt web user
>>>> portal.
>>>>
>>>> User Name: Fumihide (This is shown on Web Admin Portal "Users"
tab as
>>>> "First
>>>> Name")
>>>> Password: (I specified it as OpenLDAP's userPassword for
"Fumihide")
>>>> Domain: rxc05271.com (I selected instead of "internal")
>>>>
>>>> ?
>>> 1. What error do you get at ui?
>> "The user name or password is incorrect."
>>
>>> 2. Please look at engine.log while attempting to login, if you see
>>> something helpful.
>> 2014-09-22 09:53:27,669 INFO
>> [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
>> (ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with
authentication
>> profile "rxc05271.com" because the authentication failed.
>> 2014-09-22 09:53:27,685 ERROR
>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom
>> Event
>> ID: -1, Message: User Fumihide cannot login, please verify the username
>> and
>> password.
>> 2014-09-22 09:53:27,693 ERROR
>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom
>> Event
>> ID: -1, Message: User Fumihide failed to log in.
>> 2014-09-22 09:53:27,693 WARN
>> [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
>> (ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
>> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>>
>>> 3. Please make sure that the following is a success:
>>> $ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b
<BASE_DN>
>>> uid=<LOGIN_NAME>
>> [root@ovirt ~]# ldapsearch -H ldapi:/// -x -W -D
>> "uid=tani,ou=Users,dc=rxc05271,dc=com" -b 'dc=rxc05271,dc=com'
-x
>> '(uid=tani)'
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=rxc05271,dc=com> with scope subtree
>> # filter: (uid=tani)
>> # requesting: ALL
>> #
>>
>> # tani, Users, rxc05271.com
>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
>> objectClass: inetOrgPerson
>> objectClass: uidObject
>> uid: tani
>> cn: Fumihide Tani
>> givenName: Fumihide
>> mail: tani(a)rxc05271.com
>> sn: Tani
>> userPassword:: a3VtaXRhbg==
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>> [root@ovirt ~]#
>>
>>> 4. If working please modify
>>> /usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
>>> ---
>>> <file-handler name="ENGINE"
autoflush="true">
>>> - <level name="INFO"/>
>>> - <level name="FINEST"/>
>>> <snip>
>>> + <logger
category="org.ovirt.engineextensions.aaa.ldap">
>>> + <level name="FINEST"/>
>>> + </logger>
>>> <logger category="org.ovirt.engine.core.bll">
>>> ---
>>> Restart engine, attempt login, send me the output.
>> 2014-09-22 10:03:57,517 INFO
>> [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
>> (ajp--127.0.0.1-8702-7) Cant login user "Fumihide" with
authentication
>> profile "rxc05271.com" because the authentication failed.
>> 2014-09-22 10:03:57,534 ERROR
>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom
>> Event
>> ID: -1, Message: User Fumihide cannot login, please verify the username
>> and
>> password.
>> 2014-09-22 10:03:57,545 ERROR
>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom
>> Event
>> ID: -1, Message: User Fumihide failed to log in.
>> 2014-09-22 10:03:57,545 WARN
>> [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
>> (ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed.
>> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>>
>> (logger level is not changed to FINEST? outputs is same as above.)
>>
> I had a mistake above... the file-handler level should be set to finest.
>
> <file-handler name="ENGINE" autoflush="true">
> <level name="FINEST"/>
>
> can you confirm?
> or best send me the engine.xml.in file and I can see what's wrong.
>
> thanks!
I set file-handler's level name to "FINEST". but outputs are same as
before.
I attached the ovirt-engine.xml.in
Regards,
>
>
>> Thanks,
>> Fumihide Tani
>>
>>
>>>> Please advice me, it's so thanksfull.
>>>>
>>>> Fumihide Tani
>>>>
>>>>
>>>> (2014/09/21 17:13), Alon Bar-Lev wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>> Cc: users(a)ovirt.org
>>>>>> Sent: Sunday, September 21, 2014 11:11:11 AM
>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>
>>>>>> Hi, Alon
>>>>>>
>>>>>> Very thanks for your help.
>>>>>> My problem was solved and the AAA is working now.
>>>>>> I could add LDAP user. :)
>>>>> Great.
>>>>> Can you please send me a patch or modified README to make it
better?
>>>>>
>>>>> Alon
>>>>>
>>>>>> Fumihide Tani
>>>>>>
>>>>>> (2014/09/21 16:19), Alon Bar-Lev wrote:
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>> To: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>> Cc: users(a)ovirt.org
>>>>>>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
LDAP.
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> You need to create authz extension as well
(authz-company).
>>>>>>>> The configuration you provided is establishing
authentication only
>>>>>>>> (authn)
>>>>>>>> which refer to authz-company but you did not add it.
>>>>>>>>
>>>>>>>> The terms are:
>>>>>>>> 1. authn - who the user is.
>>>>>>>> 2. authz - what user is permitted.
>>>>>>>> 3. profile - combination of the two.
>>>>>>>>
>>>>>>>> -----------------------------
>>>>>>>> # vi
/etc/ovirt-engine/extensions.d/authz-company.properties
>>>>>>>> ovirt.engine.extension.name = authz-company
>>>>>>>> ovirt.engine.extension.bindings.method = jbossmodule
>>>>>>>> ovirt.engine.extension.binding.jbossmodule.module =
>>>>>>>> org.ovirt.engine-extensions.aaa.ldap
>>>>>>>> ovirt.engine.extension.binding.jbossmodule.class =
>>>>>>>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>>>>>> Sorry:
>>>>>>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>>>>>>> ovirt.engine.extension.provides =
>>>>>>>> org.ovirt.engine.api.extensions.aaa.Authz
>>>>>>>> config.profile.file.1 =
/etc/ovirt-engine/aaa/rxc05271.properties
>>>>>>>> --------------------------------------------------
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Alon
>>>>
>>
>>
2:36 p.m.
Hi, Alon,
I modified ovirt-engine.xml.in and restarted ovirt-engine.
Attached is the modified ovirt-engine.xml.in.
The engine.log outputs are fllowing: (Unfortunately it became the same result.)
-----
2014-09-22 19:48:11,245 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with authentication profile
"rxc05271.com" because the authentication failed.
2014-09-22 19:48:11,257 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event ID: -1,
Message: User Fumihide cannot login, please verify the username and password.
2014-09-22 19:48:11,265 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event ID: -1,
Message: User Fumihide failed to log in.
2014-09-22 19:48:11,266 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
(ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
-----
As a cause of fail to OpenLDAP user login,
I suspect that the my openldap password encryption method setting not meet with the
ovirt.
Is there any method to verify?
Thanks,
(2014/09/22 19:15), Alon Bar-Lev wrote:
You need to add the following:
+ <logger category="org.ovirt.engineextensions.aaa.ldap">
+ <level name="FINEST"/>
+ </logger>
<logger category="org.ovirt.engine.core.bll">
Look at the + lines, please add these (without the +) just before: <logger
category="org.ovirt.engine.core.bll">
Thanks!
----- Original Message -----
> From: "Fumihide Tani" <RXC05271(a)nifty.com>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Monday, September 22, 2014 1:10:57 PM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>
> (2014/09/22 15:00), Alon Bar-Lev wrote:
>> ----- Original Message -----
>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>> Cc: users(a)ovirt.org
>>> Sent: Monday, September 22, 2014 4:16:17 AM
>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>
>>> (2014/09/22 0:16), Alon Bar-Lev wrote:
>>>> ----- Original Message -----
>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>> Cc: users(a)ovirt.org
>>>>> Sent: Sunday, September 21, 2014 6:00:48 PM
>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>
>>>>> Hi, Alon,
>>>>>
>>>>> Following Alon's advice, I added authz-company.properties file to
the
>>>>> configuration directory.
>>>>> Then OpenLDAP users can searched from oVirt Web admin. and I could
add
>>>>> it's
>>>>> users
>>>>> to the portal successfully.
>>>>>
>>>>> But I have another problem.
>>>>> These OpenLDAP users that I added can not login to ovirt web user
>>>>> portal.
>>>>>
>>>>> User Name: Fumihide (This is shown on Web Admin Portal
"Users" tab as
>>>>> "First
>>>>> Name")
>>>>> Password: (I specified it as OpenLDAP's userPassword for
"Fumihide")
>>>>> Domain: rxc05271.com (I selected instead of "internal")
>>>>>
>>>>> ?
>>>> 1. What error do you get at ui?
>>> "The user name or password is incorrect."
>>>
>>>> 2. Please look at engine.log while attempting to login, if you see
>>>> something helpful.
>>> 2014-09-22 09:53:27,669 INFO
>>> [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
>>> (ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with
authentication
>>> profile "rxc05271.com" because the authentication failed.
>>> 2014-09-22 09:53:27,685 ERROR
>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom
>>> Event
>>> ID: -1, Message: User Fumihide cannot login, please verify the username
>>> and
>>> password.
>>> 2014-09-22 09:53:27,693 ERROR
>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom
>>> Event
>>> ID: -1, Message: User Fumihide failed to log in.
>>> 2014-09-22 09:53:27,693 WARN
>>> [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
>>> (ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
>>> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>>>
>>>> 3. Please make sure that the following is a success:
>>>> $ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b
<BASE_DN>
>>>> uid=<LOGIN_NAME>
>>> [root@ovirt ~]# ldapsearch -H ldapi:/// -x -W -D
>>> "uid=tani,ou=Users,dc=rxc05271,dc=com" -b
'dc=rxc05271,dc=com' -x
>>> '(uid=tani)'
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <dc=rxc05271,dc=com> with scope subtree
>>> # filter: (uid=tani)
>>> # requesting: ALL
>>> #
>>>
>>> # tani, Users, rxc05271.com
>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
>>> objectClass: inetOrgPerson
>>> objectClass: uidObject
>>> uid: tani
>>> cn: Fumihide Tani
>>> givenName: Fumihide
>>> mail: tani(a)rxc05271.com
>>> sn: Tani
>>> userPassword:: a3VtaXRhbg==
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>> [root@ovirt ~]#
>>>
>>>> 4. If working please modify
>>>> /usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
>>>> ---
>>>> <file-handler name="ENGINE"
autoflush="true">
>>>> - <level name="INFO"/>
>>>> - <level name="FINEST"/>
>>>> <snip>
>>>> + <logger
category="org.ovirt.engineextensions.aaa.ldap">
>>>> + <level name="FINEST"/>
>>>> + </logger>
>>>> <logger category="org.ovirt.engine.core.bll">
>>>> ---
>>>> Restart engine, attempt login, send me the output.
>>> 2014-09-22 10:03:57,517 INFO
>>> [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
>>> (ajp--127.0.0.1-8702-7) Cant login user "Fumihide" with
authentication
>>> profile "rxc05271.com" because the authentication failed.
>>> 2014-09-22 10:03:57,534 ERROR
>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom
>>> Event
>>> ID: -1, Message: User Fumihide cannot login, please verify the username
>>> and
>>> password.
>>> 2014-09-22 10:03:57,545 ERROR
>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom
>>> Event
>>> ID: -1, Message: User Fumihide failed to log in.
>>> 2014-09-22 10:03:57,545 WARN
>>> [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
>>> (ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed.
>>> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>>>
>>> (logger level is not changed to FINEST? outputs is same as above.)
>>>
>> I had a mistake above... the file-handler level should be set to finest.
>>
>> <file-handler name="ENGINE" autoflush="true">
>> <level name="FINEST"/>
>>
>> can you confirm?
>> or best send me the engine.xml.in file and I can see what's wrong.
>>
>> thanks!
> I set file-handler's level name to "FINEST". but outputs are same as
before.
> I attached the ovirt-engine.xml.in
>
> Regards,
>
>>
>>> Thanks,
>>> Fumihide Tani
>>>
>>>
>>>>> Please advice me, it's so thanksfull.
>>>>>
>>>>> Fumihide Tani
>>>>>
>>>>>
>>>>> (2014/09/21 17:13), Alon Bar-Lev wrote:
>>>>>> ----- Original Message -----
>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>>> Cc: users(a)ovirt.org
>>>>>>> Sent: Sunday, September 21, 2014 11:11:11 AM
>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
LDAP.
>>>>>>>
>>>>>>> Hi, Alon
>>>>>>>
>>>>>>> Very thanks for your help.
>>>>>>> My problem was solved and the AAA is working now.
>>>>>>> I could add LDAP user. :)
>>>>>> Great.
>>>>>> Can you please send me a patch or modified README to make it
better?
>>>>>>
>>>>>> Alon
>>>>>>
>>>>>>> Fumihide Tani
>>>>>>>
>>>>>>> (2014/09/21 16:19), Alon Bar-Lev wrote:
>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>>> To: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>>> Cc: users(a)ovirt.org
>>>>>>>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with
simple LDAP.
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> You need to create authz extension as well
(authz-company).
>>>>>>>>> The configuration you provided is establishing
authentication only
>>>>>>>>> (authn)
>>>>>>>>> which refer to authz-company but you did not add it.
>>>>>>>>>
>>>>>>>>> The terms are:
>>>>>>>>> 1. authn - who the user is.
>>>>>>>>> 2. authz - what user is permitted.
>>>>>>>>> 3. profile - combination of the two.
>>>>>>>>>
>>>>>>>>> -----------------------------
>>>>>>>>> # vi
/etc/ovirt-engine/extensions.d/authz-company.properties
>>>>>>>>> ovirt.engine.extension.name = authz-company
>>>>>>>>> ovirt.engine.extension.bindings.method = jbossmodule
>>>>>>>>> ovirt.engine.extension.binding.jbossmodule.module =
>>>>>>>>> org.ovirt.engine-extensions.aaa.ldap
>>>>>>>>> ovirt.engine.extension.binding.jbossmodule.class =
>>>>>>>>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>>>>>>> Sorry:
>>>>>>>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>>>>>>>> ovirt.engine.extension.provides =
>>>>>>>>> org.ovirt.engine.api.extensions.aaa.Authz
>>>>>>>>> config.profile.file.1 =
/etc/ovirt-engine/aaa/rxc05271.properties
>>>>>>>>> --------------------------------------------------
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Alon
>>>
>
2:41 p.m.
Not sure what adds crlf to your file... please use *NIX editor, please use dos2unix to
remove these,
Per our previous discussion, you should modify:
<file-handler name="ENGINE" autoflush="true">
<level name="INFO"/>
Into:
<file-handler name="ENGINE" autoflush="true">
<level name="FINEST"/>
You should see a difference.
Thanks!
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Monday, September 22, 2014 2:36:05 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
Hi, Alon,
I modified ovirt-engine.xml.in and restarted ovirt-engine.
Attached is the modified ovirt-engine.xml.in.
The engine.log outputs are fllowing: (Unfortunately it became the same
result.)
-----
2014-09-22 19:48:11,245 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with authentication
profile "rxc05271.com" because the authentication failed.
2014-09-22 19:48:11,257 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User Fumihide cannot login, please verify the username and
password.
2014-09-22 19:48:11,265 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User Fumihide failed to log in.
2014-09-22 19:48:11,266 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
(ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
-----
As a cause of fail to OpenLDAP user login,
I suspect that the my openldap password encryption method setting not meet
with the ovirt.
Is there any method to verify?
Thanks,
(2014/09/22 19:15), Alon Bar-Lev wrote:
> You need to add the following:
>
> + <logger category="org.ovirt.engineextensions.aaa.ldap">
> + <level name="FINEST"/>
> + </logger>
> <logger category="org.ovirt.engine.core.bll">
>
> Look at the + lines, please add these (without the +) just before: <logger
> category="org.ovirt.engine.core.bll">
>
> Thanks!
>
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Monday, September 22, 2014 1:10:57 PM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> (2014/09/22 15:00), Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>> Cc: users(a)ovirt.org
>>>> Sent: Monday, September 22, 2014 4:16:17 AM
>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>
>>>> (2014/09/22 0:16), Alon Bar-Lev wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>> Cc: users(a)ovirt.org
>>>>>> Sent: Sunday, September 21, 2014 6:00:48 PM
>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>
>>>>>> Hi, Alon,
>>>>>>
>>>>>> Following Alon's advice, I added authz-company.properties
file to the
>>>>>> configuration directory.
>>>>>> Then OpenLDAP users can searched from oVirt Web admin. and I
could add
>>>>>> it's
>>>>>> users
>>>>>> to the portal successfully.
>>>>>>
>>>>>> But I have another problem.
>>>>>> These OpenLDAP users that I added can not login to ovirt web
user
>>>>>> portal.
>>>>>>
>>>>>> User Name: Fumihide (This is shown on Web Admin Portal
"Users" tab as
>>>>>> "First
>>>>>> Name")
>>>>>> Password: (I specified it as OpenLDAP's userPassword for
"Fumihide")
>>>>>> Domain: rxc05271.com (I selected instead of
"internal")
>>>>>>
>>>>>> ?
>>>>> 1. What error do you get at ui?
>>>> "The user name or password is incorrect."
>>>>
>>>>> 2. Please look at engine.log while attempting to login, if you see
>>>>> something helpful.
>>>> 2014-09-22 09:53:27,669 INFO
>>>> [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
>>>> (ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with
authentication
>>>> profile "rxc05271.com" because the authentication failed.
>>>> 2014-09-22 09:53:27,685 ERROR
>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>>> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom
>>>> Event
>>>> ID: -1, Message: User Fumihide cannot login, please verify the username
>>>> and
>>>> password.
>>>> 2014-09-22 09:53:27,693 ERROR
>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>>> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom
>>>> Event
>>>> ID: -1, Message: User Fumihide failed to log in.
>>>> 2014-09-22 09:53:27,693 WARN
>>>> [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
>>>> (ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
>>>> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>>>>
>>>>> 3. Please make sure that the following is a success:
>>>>> $ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b
<BASE_DN>
>>>>> uid=<LOGIN_NAME>
>>>> [root@ovirt ~]# ldapsearch -H ldapi:/// -x -W -D
>>>> "uid=tani,ou=Users,dc=rxc05271,dc=com" -b
'dc=rxc05271,dc=com' -x
>>>> '(uid=tani)'
>>>> Enter LDAP Password:
>>>> # extended LDIF
>>>> #
>>>> # LDAPv3
>>>> # base <dc=rxc05271,dc=com> with scope subtree
>>>> # filter: (uid=tani)
>>>> # requesting: ALL
>>>> #
>>>>
>>>> # tani, Users, rxc05271.com
>>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
>>>> objectClass: inetOrgPerson
>>>> objectClass: uidObject
>>>> uid: tani
>>>> cn: Fumihide Tani
>>>> givenName: Fumihide
>>>> mail: tani(a)rxc05271.com
>>>> sn: Tani
>>>> userPassword:: a3VtaXRhbg==
>>>>
>>>> # search result
>>>> search: 2
>>>> result: 0 Success
>>>>
>>>> # numResponses: 2
>>>> # numEntries: 1
>>>> [root@ovirt ~]#
>>>>
>>>>> 4. If working please modify
>>>>> /usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
>>>>> ---
>>>>> <file-handler name="ENGINE"
autoflush="true">
>>>>> - <level name="INFO"/>
>>>>> - <level name="FINEST"/>
>>>>> <snip>
>>>>> + <logger
category="org.ovirt.engineextensions.aaa.ldap">
>>>>> + <level name="FINEST"/>
>>>>> + </logger>
>>>>> <logger
category="org.ovirt.engine.core.bll">
>>>>> ---
>>>>> Restart engine, attempt login, send me the output.
>>>> 2014-09-22 10:03:57,517 INFO
>>>> [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
>>>> (ajp--127.0.0.1-8702-7) Cant login user "Fumihide" with
authentication
>>>> profile "rxc05271.com" because the authentication failed.
>>>> 2014-09-22 10:03:57,534 ERROR
>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>>> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom
>>>> Event
>>>> ID: -1, Message: User Fumihide cannot login, please verify the username
>>>> and
>>>> password.
>>>> 2014-09-22 10:03:57,545 ERROR
>>>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>>> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom
>>>> Event
>>>> ID: -1, Message: User Fumihide failed to log in.
>>>> 2014-09-22 10:03:57,545 WARN
>>>> [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
>>>> (ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed.
>>>> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>>>>
>>>> (logger level is not changed to FINEST? outputs is same as above.)
>>>>
>>> I had a mistake above... the file-handler level should be set to finest.
>>>
>>> <file-handler name="ENGINE" autoflush="true">
>>> <level name="FINEST"/>
>>>
>>> can you confirm?
>>> or best send me the engine.xml.in file and I can see what's wrong.
>>>
>>> thanks!
>> I set file-handler's level name to "FINEST". but outputs are same
as
>> before.
>> I attached the ovirt-engine.xml.in
>>
>> Regards,
>>
>>>
>>>> Thanks,
>>>> Fumihide Tani
>>>>
>>>>
>>>>>> Please advice me, it's so thanksfull.
>>>>>>
>>>>>> Fumihide Tani
>>>>>>
>>>>>>
>>>>>> (2014/09/21 17:13), Alon Bar-Lev wrote:
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>>>> Cc: users(a)ovirt.org
>>>>>>>> Sent: Sunday, September 21, 2014 11:11:11 AM
>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
LDAP.
>>>>>>>>
>>>>>>>> Hi, Alon
>>>>>>>>
>>>>>>>> Very thanks for your help.
>>>>>>>> My problem was solved and the AAA is working now.
>>>>>>>> I could add LDAP user. :)
>>>>>>> Great.
>>>>>>> Can you please send me a patch or modified README to make it
better?
>>>>>>>
>>>>>>> Alon
>>>>>>>
>>>>>>>> Fumihide Tani
>>>>>>>>
>>>>>>>> (2014/09/21 16:19), Alon Bar-Lev wrote:
>>>>>>>>> ----- Original Message -----
>>>>>>>>>> From: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>>>> To: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>>>> Cc: users(a)ovirt.org
>>>>>>>>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure
with simple LDAP.
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> You need to create authz extension as well
(authz-company).
>>>>>>>>>> The configuration you provided is establishing
authentication only
>>>>>>>>>> (authn)
>>>>>>>>>> which refer to authz-company but you did not add
it.
>>>>>>>>>>
>>>>>>>>>> The terms are:
>>>>>>>>>> 1. authn - who the user is.
>>>>>>>>>> 2. authz - what user is permitted.
>>>>>>>>>> 3. profile - combination of the two.
>>>>>>>>>>
>>>>>>>>>> -----------------------------
>>>>>>>>>> # vi
/etc/ovirt-engine/extensions.d/authz-company.properties
>>>>>>>>>> ovirt.engine.extension.name = authz-company
>>>>>>>>>> ovirt.engine.extension.bindings.method =
jbossmodule
>>>>>>>>>>
ovirt.engine.extension.binding.jbossmodule.module =
>>>>>>>>>> org.ovirt.engine-extensions.aaa.ldap
>>>>>>>>>> ovirt.engine.extension.binding.jbossmodule.class
=
>>>>>>>>>>
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>>>>>>>> Sorry:
>>>>>>>>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>>>>>>>>> ovirt.engine.extension.provides =
>>>>>>>>>> org.ovirt.engine.api.extensions.aaa.Authz
>>>>>>>>>> config.profile.file.1 =
/etc/ovirt-engine/aaa/rxc05271.properties
>>>>>>>>>>
--------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Alon
>>>>
>>
>
3:06 p.m.
Sorry, I misunderstood.
This is outputs after LDAP user logged in.
2014-09-22 21:01:32,619 DEBUG [org.ovirt.engineextensions.aaa.ldap.AuthnExtension]
(ajp--127.0.0.1-8702-4) doAuthenticateCredentials Entry user='Fumihide'
2014-09-22 21:01:32,620 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) runSequence entry name='authn'
2014-09-22 21:01:32,621 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Running sequence authn/010/call resolve user
2014-09-22 21:01:32,621 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,621 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,622 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,622 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,622 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,623 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,623 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,623 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) search_attr__dn =
2014-09-22 21:01:32,623 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,624 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,624 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,624 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,625 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,625 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,626 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,626 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,626 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,627 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,627 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,627 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) runSequence entry name='simple-resolve-user'
2014-09-22 21:01:32,627 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Running sequence simple-resolve-user/010/fetch-record resolve
user
2014-09-22 21:01:32,628 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,628 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,628 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,628 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,629 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,629 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,629 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,629 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) search_attr__dn =
2014-09-22 21:01:32,630 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,630 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,630 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,631 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,631 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,631 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,631 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,632 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,632 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,632 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,632 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,633 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) searchOpen Entry name='simple-user-mapping', pageSize=0,
limit=5
2014-09-22 21:01:32,633 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Creating SearchRequest
2014-09-22 21:01:32,634 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com',
scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0,
filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', attrs={entryUUID, uid,
displayName, memberOf, department, givenName, sn, title, mail})
2014-09-22 21:01:32,635 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Entry name='authz'
2014-09-22 21:01:32,635 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Entry name='map-principal-record'
2014-09-22 21:01:32,635 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) AttrMapInfo Return [AttrMapInfo(PrincipalRecord_DEPARTMENT,
STRING, '%s', department), AttrMapInfo(PrincipalRecord_DISPLAY_NAME, STRING,
'%s', displayName), AttrMapInfo(PrincipalRecord_DN, STRING, '%s', _dn),
AttrMapInfo(PrincipalRecord_EMAIL, STRING, '%s', mail),
AttrMapInfo(PrincipalRecord_FIRST_NAME, STRING, '%s', givenName),
AttrMapInfo(PrincipalRecord_GROUPS_RAW, STRING, '%s', memberOf),
AttrMapInfo(PrincipalRecord_ID, STRING, '%s', entryUUID),
AttrMapInfo(PrincipalRecord_LAST_NAME, STRING, '%s', sn),
AttrMapInfo(PrincipalRecord_NAME, STRING, '%s', uid),
AttrMapInfo(PrincipalRecord_PRINCIPAL, STRING, '%s', uid),
AttrMapInfo(PrincipalRecord_TITLE, STRING, '%s', title)]
2014-09-22 21:01:32,637 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) SearchOpen Return
SearchInstance(searchRequest='SearchRequest(baseDN='dc=rxc05271,dc=com',
scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0,
filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', attrs={entryUUID, uid,
displayName, memberOf, department, givenName, sn, title, mail})', doPaging=true,
resumeCookie='null', pageSize=100, limitLeft=5, done=false)
2014-09-22 21:01:32,638 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Enter
2014-09-22 21:01:32,638 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com',
scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0,
filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', attrs={entryUUID, uid,
displayName, memberOf, department, givenName, sn, title, mail},
controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})
2014-09-22 21:01:32,640 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) SearchResult: SearchResult(resultCode=0 (success), messageID=3,
entriesReturned=0, referencesReturned=0,
responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
2014-09-22 21:01:32,641 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) SearchReferences: []
2014-09-22 21:01:32,641 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) SearchReferences: []
2014-09-22 21:01:32,641 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Return: null
2014-09-22 21:01:32,642 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) End sequence simple-resolve-user resolve user
2014-09-22 21:01:32,642 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,642 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,643 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,643 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,643 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,643 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,644 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,644 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,644 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,644 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,645 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,645 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,645 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,646 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,646 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,646 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,646 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,647 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,647 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Running sequence simple-resolve-user/020/call no user?
2014-09-22 21:01:32,647 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,648 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,648 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,648 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,648 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,649 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,649 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,649 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,649 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,650 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,650 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,650 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,651 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,651 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,651 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,652 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,652 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,652 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,652 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) runSequence entry name='simple-resolve-user-error'
2014-09-22 21:01:32,653 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Running sequence simple-resolve-user-error/010/var-set error
2014-09-22 21:01:32,653 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,653 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,653 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,654 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,654 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,654 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,654 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,655 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,655 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,655 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,656 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,656 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,656 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,656 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,657 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,657 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,657 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,658 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,658 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) End sequence simple-resolve-user-error error
2014-09-22 21:01:32,658 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,658 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,659 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,659 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,659 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,659 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,660 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,660 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,660 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,660 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,661 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,661 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,661 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,662 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,662 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,662 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,663 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,663 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,663 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,663 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Running sequence simple-resolve-user-error/020/var-set error
2014-09-22 21:01:32,664 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,664 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,664 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,664 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,665 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,665 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,665 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,665 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,666 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,666 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,666 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,667 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,667 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,667 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,668 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,668 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,668 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,668 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,669 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,669 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) End sequence simple-resolve-user-error error
2014-09-22 21:01:32,669 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,670 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,670 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authTranslatedMessage = CREDENTIALS_INVALID
2014-09-22 21:01:32,670 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,671 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,671 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,672 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,672 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,673 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,673 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,674 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,674 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,675 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,675 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,676 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,676 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,677 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,677 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,677 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,677 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,678 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) Running sequence simple-resolve-user-error/030/stop stop
2014-09-22 21:01:32,678 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,678 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,679 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authTranslatedMessage = CREDENTIALS_INVALID
2014-09-22 21:01:32,679 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,679 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,679 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,680 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,680 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,680 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,680 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,681 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,681 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,681 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,682 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,682 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,682 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,683 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,683 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,683 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,683 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,684 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) End sequence simple-resolve-user-error stop
2014-09-22 21:01:32,684 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,684 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,684 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authTranslatedMessage = CREDENTIALS_INVALID
2014-09-22 21:01:32,685 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,685 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,685 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,685 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,686 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,686 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,686 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,686 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,687 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,687 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,687 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,688 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,688 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,688 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,689 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = true
2014-09-22 21:01:32,689 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,689 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,689 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) runSequence Return name='simple-resolve-user-error'
2014-09-22 21:01:32,690 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) End sequence simple-resolve-user no user?
2014-09-22 21:01:32,690 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,690 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,690 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authTranslatedMessage = CREDENTIALS_INVALID
2014-09-22 21:01:32,691 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,691 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,691 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,691 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,692 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,692 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,692 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,692 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,693 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,693 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,693 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,694 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,694 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,694 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,694 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = true
2014-09-22 21:01:32,695 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,695 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,695 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) runSequence Return name='simple-resolve-user'
2014-09-22 21:01:32,695 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) End sequence authn resolve user
2014-09-22 21:01:32,696 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,696 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,696 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authTranslatedMessage = CREDENTIALS_INVALID
2014-09-22 21:01:32,696 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,697 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,697 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,697 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,697 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,698 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,698 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,698 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,699 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,699 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName,
memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,699 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,699 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,700 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,700 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,700 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) stop = true
2014-09-22 21:01:32,701 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,701 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,701 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) runSequence Return name='authn'
2014-09-22 21:01:32,702 DEBUG [org.ovirt.engineextensions.aaa.ldap.AuthnExtension]
(ajp--127.0.0.1-8702-4) doAuthenticateCredentials Return
{Extkey[name=AAA_AUTHN_RESULT;type=class
java.lang.Integer;uuid=AAA_AUTHN_RESULT[af9771dc-a0bb-417d-a700-277616aedd85];]=12}
2014-09-22 21:01:32,702 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-4) Cant login user "Fumihide" with authentication profile
"rxc05271.com" because the authentication failed.
2014-09-22 21:01:32,713 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-4) Correlation ID: null, Call Stack: null, Custom Event ID: -1,
Message: User Fumihide cannot login, please verify the username and password.
2014-09-22 21:01:32,724 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-4) Correlation ID: null, Call Stack: null, Custom Event ID: -1,
Message: User Fumihide failed to log in.
2014-09-22 21:01:32,724 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
(ajp--127.0.0.1-8702-4) CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
(2014/09/22 20:41), Alon Bar-Lev wrote:
Not sure what adds crlf to your file... please use *NIX editor,
please use dos2unix to remove these,
Per our previous discussion, you should modify:
<file-handler name="ENGINE" autoflush="true">
<level name="INFO"/>
Into:
<file-handler name="ENGINE" autoflush="true">
<level name="FINEST"/>
You should see a difference.
Thanks!
----- Original Message -----
> From: "Fumihide Tani" <RXC05271(a)nifty.com>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Monday, September 22, 2014 2:36:05 PM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>
> Hi, Alon,
>
> I modified ovirt-engine.xml.in and restarted ovirt-engine.
> Attached is the modified ovirt-engine.xml.in.
> The engine.log outputs are fllowing: (Unfortunately it became the same
> result.)
>
> -----
> 2014-09-22 19:48:11,245 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
> (ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with authentication
> profile "rxc05271.com" because the authentication failed.
> 2014-09-22 19:48:11,257 ERROR
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event
> ID: -1, Message: User Fumihide cannot login, please verify the username and
> password.
> 2014-09-22 19:48:11,265 ERROR
> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event
> ID: -1, Message: User Fumihide failed to log in.
> 2014-09-22 19:48:11,266 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
> (ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
> -----
>
> As a cause of fail to OpenLDAP user login,
> I suspect that the my openldap password encryption method setting not meet
> with the ovirt.
> Is there any method to verify?
>
> Thanks,
>
> (2014/09/22 19:15), Alon Bar-Lev wrote:
>> You need to add the following:
>>
>> + <logger category="org.ovirt.engineextensions.aaa.ldap">
>> + <level name="FINEST"/>
>> + </logger>
>> <logger category="org.ovirt.engine.core.bll">
>>
>> Look at the + lines, please add these (without the +) just before: <logger
>> category="org.ovirt.engine.core.bll">
>>
>> Thanks!
>>
>> ----- Original Message -----
>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>> Cc: users(a)ovirt.org
>>> Sent: Monday, September 22, 2014 1:10:57 PM
>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>
>>> (2014/09/22 15:00), Alon Bar-Lev wrote:
>>>> ----- Original Message -----
>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>> Cc: users(a)ovirt.org
>>>>> Sent: Monday, September 22, 2014 4:16:17 AM
>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>
>>>>> (2014/09/22 0:16), Alon Bar-Lev wrote:
>>>>>> ----- Original Message -----
>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>>> Cc: users(a)ovirt.org
>>>>>>> Sent: Sunday, September 21, 2014 6:00:48 PM
>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
LDAP.
>>>>>>>
>>>>>>> Hi, Alon,
>>>>>>>
>>>>>>> Following Alon's advice, I added authz-company.properties
file to the
>>>>>>> configuration directory.
>>>>>>> Then OpenLDAP users can searched from oVirt Web admin. and I
could add
>>>>>>> it's
>>>>>>> users
>>>>>>> to the portal successfully.
>>>>>>>
>>>>>>> But I have another problem.
>>>>>>> These OpenLDAP users that I added can not login to ovirt web
user
>>>>>>> portal.
>>>>>>>
>>>>>>> User Name: Fumihide (This is shown on Web Admin Portal
"Users" tab as
>>>>>>> "First
>>>>>>> Name")
>>>>>>> Password: (I specified it as OpenLDAP's userPassword for
"Fumihide")
>>>>>>> Domain: rxc05271.com (I selected instead of
"internal")
>>>>>>>
>>>>>>> ?
>>>>>> 1. What error do you get at ui?
>>>>> "The user name or password is incorrect."
>>>>>
>>>>>> 2. Please look at engine.log while attempting to login, if you
see
>>>>>> something helpful.
>>>>> 2014-09-22 09:53:27,669 INFO
>>>>> [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
>>>>> (ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with
authentication
>>>>> profile "rxc05271.com" because the authentication failed.
>>>>> 2014-09-22 09:53:27,685 ERROR
>>>>>
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>>>> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null,
Custom
>>>>> Event
>>>>> ID: -1, Message: User Fumihide cannot login, please verify the
username
>>>>> and
>>>>> password.
>>>>> 2014-09-22 09:53:27,693 ERROR
>>>>>
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>>>> (ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null,
Custom
>>>>> Event
>>>>> ID: -1, Message: User Fumihide failed to log in.
>>>>> 2014-09-22 09:53:27,693 WARN
>>>>> [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
>>>>> (ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
>>>>> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>>>>>
>>>>>> 3. Please make sure that the following is a success:
>>>>>> $ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b
<BASE_DN>
>>>>>> uid=<LOGIN_NAME>
>>>>> [root@ovirt ~]# ldapsearch -H ldapi:/// -x -W -D
>>>>> "uid=tani,ou=Users,dc=rxc05271,dc=com" -b
'dc=rxc05271,dc=com' -x
>>>>> '(uid=tani)'
>>>>> Enter LDAP Password:
>>>>> # extended LDIF
>>>>> #
>>>>> # LDAPv3
>>>>> # base <dc=rxc05271,dc=com> with scope subtree
>>>>> # filter: (uid=tani)
>>>>> # requesting: ALL
>>>>> #
>>>>>
>>>>> # tani, Users, rxc05271.com
>>>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
>>>>> objectClass: inetOrgPerson
>>>>> objectClass: uidObject
>>>>> uid: tani
>>>>> cn: Fumihide Tani
>>>>> givenName: Fumihide
>>>>> mail: tani(a)rxc05271.com
>>>>> sn: Tani
>>>>> userPassword:: a3VtaXRhbg==
>>>>>
>>>>> # search result
>>>>> search: 2
>>>>> result: 0 Success
>>>>>
>>>>> # numResponses: 2
>>>>> # numEntries: 1
>>>>> [root@ovirt ~]#
>>>>>
>>>>>> 4. If working please modify
>>>>>>
/usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
>>>>>> ---
>>>>>> <file-handler name="ENGINE"
autoflush="true">
>>>>>> - <level name="INFO"/>
>>>>>> - <level name="FINEST"/>
>>>>>> <snip>
>>>>>> + <logger
category="org.ovirt.engineextensions.aaa.ldap">
>>>>>> + <level name="FINEST"/>
>>>>>> + </logger>
>>>>>> <logger
category="org.ovirt.engine.core.bll">
>>>>>> ---
>>>>>> Restart engine, attempt login, send me the output.
>>>>> 2014-09-22 10:03:57,517 INFO
>>>>> [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
>>>>> (ajp--127.0.0.1-8702-7) Cant login user "Fumihide" with
authentication
>>>>> profile "rxc05271.com" because the authentication failed.
>>>>> 2014-09-22 10:03:57,534 ERROR
>>>>>
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>>>> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null,
Custom
>>>>> Event
>>>>> ID: -1, Message: User Fumihide cannot login, please verify the
username
>>>>> and
>>>>> password.
>>>>> 2014-09-22 10:03:57,545 ERROR
>>>>>
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>>>>> (ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null,
Custom
>>>>> Event
>>>>> ID: -1, Message: User Fumihide failed to log in.
>>>>> 2014-09-22 10:03:57,545 WARN
>>>>> [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
>>>>> (ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed.
>>>>> Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
>>>>>
>>>>> (logger level is not changed to FINEST? outputs is same as above.)
>>>>>
>>>> I had a mistake above... the file-handler level should be set to finest.
>>>>
>>>> <file-handler name="ENGINE" autoflush="true">
>>>> <level name="FINEST"/>
>>>>
>>>> can you confirm?
>>>> or best send me the engine.xml.in file and I can see what's wrong.
>>>>
>>>> thanks!
>>> I set file-handler's level name to "FINEST". but outputs are
same as
>>> before.
>>> I attached the ovirt-engine.xml.in
>>>
>>> Regards,
>>>
>>>>> Thanks,
>>>>> Fumihide Tani
>>>>>
>>>>>
>>>>>>> Please advice me, it's so thanksfull.
>>>>>>>
>>>>>>> Fumihide Tani
>>>>>>>
>>>>>>>
>>>>>>> (2014/09/21 17:13), Alon Bar-Lev wrote:
>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>>> To: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>>> Cc: users(a)ovirt.org
>>>>>>>>> Sent: Sunday, September 21, 2014 11:11:11 AM
>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with
simple LDAP.
>>>>>>>>>
>>>>>>>>> Hi, Alon
>>>>>>>>>
>>>>>>>>> Very thanks for your help.
>>>>>>>>> My problem was solved and the AAA is working now.
>>>>>>>>> I could add LDAP user. :)
>>>>>>>> Great.
>>>>>>>> Can you please send me a patch or modified README to make
it better?
>>>>>>>>
>>>>>>>> Alon
>>>>>>>>
>>>>>>>>> Fumihide Tani
>>>>>>>>>
>>>>>>>>> (2014/09/21 16:19), Alon Bar-Lev wrote:
>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>> From: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>>>>> To: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>>>>> Cc: users(a)ovirt.org
>>>>>>>>>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure
with simple LDAP.
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> You need to create authz extension as well
(authz-company).
>>>>>>>>>>> The configuration you provided is
establishing authentication only
>>>>>>>>>>> (authn)
>>>>>>>>>>> which refer to authz-company but you did not
add it.
>>>>>>>>>>>
>>>>>>>>>>> The terms are:
>>>>>>>>>>> 1. authn - who the user is.
>>>>>>>>>>> 2. authz - what user is permitted.
>>>>>>>>>>> 3. profile - combination of the two.
>>>>>>>>>>>
>>>>>>>>>>> -----------------------------
>>>>>>>>>>> # vi
/etc/ovirt-engine/extensions.d/authz-company.properties
>>>>>>>>>>> ovirt.engine.extension.name = authz-company
>>>>>>>>>>> ovirt.engine.extension.bindings.method =
jbossmodule
>>>>>>>>>>>
ovirt.engine.extension.binding.jbossmodule.module =
>>>>>>>>>>> org.ovirt.engine-extensions.aaa.ldap
>>>>>>>>>>>
ovirt.engine.extension.binding.jbossmodule.class =
>>>>>>>>>>>
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>>>>>>>>> Sorry:
>>>>>>>>>>
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>>>>>>>>>> ovirt.engine.extension.provides =
>>>>>>>>>>> org.ovirt.engine.api.extensions.aaa.Authz
>>>>>>>>>>> config.profile.file.1 =
/etc/ovirt-engine/aaa/rxc05271.properties
>>>>>>>>>>>
--------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>> Regards,
>>>>>>>>>>> Alon
>
3:24 p.m.
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Monday, September 22, 2014 3:06:39 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
Sorry, I misunderstood.
This is outputs after LDAP user logged in.
Please attach log as files, not inline, easier to handle.
2014-09-22 21:01:32,638 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com',
scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0,
filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', attrs={entryUUID, uid,
displayName, memberOf, department, givenName, sn, title, mail},
controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})
2014-09-22 21:01:32,640 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) SearchResult: SearchResult(resultCode=0 (success), messageID=3,
entriesReturned=0, referencesReturned=0,
responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
From the above I see that a search was issued:
&(objectClass=uidObject)(uid=*)(uid=Fumihide)
And no result returned.
Per previous output:
---
# tani, Users, rxc05271.com
dn: uid=tani,ou=Users,dc=rxc05271,dc=com
objectClass: inetOrgPerson
objectClass: uidObject
uid: tani
cn: Fumihide Tani
givenName: Fumihide
mail: tani(a)rxc05271.com
sn: Tani
userPassword:: a3VtaXRhbg==
---
Your user name is tani and not Fumihide.
Alon
3:42 p.m.
Hi, Alon,
Your requested engine.log attached.
Also, I tried to login to web user portal by "tani"
User Name: tani
Password: (OpenLDAP userPassword)
Domain: rxc05271.com
cause: "General command validation failure."
Attated log includes login by "Fumihide" first, "tani" second.
Very thanks,
(2014/09/22 21:24), Alon Bar-Lev wrote:
----- Original Message -----
> From: "Fumihide Tani" <RXC05271(a)nifty.com>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Monday, September 22, 2014 3:06:39 PM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>
> Sorry, I misunderstood.
>
> This is outputs after LDAP user logged in.
Please attach log as files, not inline, easier to handle.
2014-09-22 21:01:32,638 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com',
scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0,
filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', attrs={entryUUID, uid,
displayName, memberOf, department, givenName, sn, title, mail},
controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})
2014-09-22 21:01:32,640 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework]
(ajp--127.0.0.1-8702-4) SearchResult: SearchResult(resultCode=0 (success), messageID=3,
entriesReturned=0, referencesReturned=0,
responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
>From the above I see that a search was issued:
&(objectClass=uidObject)(uid=*)(uid=Fumihide)
And no result returned.
Per previous output:
---
# tani, Users, rxc05271.com
dn: uid=tani,ou=Users,dc=rxc05271,dc=com
objectClass: inetOrgPerson
objectClass: uidObject
uid: tani
cn: Fumihide Tani
givenName: Fumihide
mail: tani(a)rxc05271.com
sn: Tani
userPassword:: a3VtaXRhbg==
---
Your user name is tani and not Fumihide.
Alon
4:20 p.m.
The version of engine you are using is probably out of date and unsynced with latest ldap
package (20140821064931).
Please make sure you take latest from[1]
Thanks!
[1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Monday, September 22, 2014 3:42:52 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
Hi, Alon,
Your requested engine.log attached.
Also, I tried to login to web user portal by "tani"
User Name: tani
Password: (OpenLDAP userPassword)
Domain: rxc05271.com
cause: "General command validation failure."
Attated log includes login by "Fumihide" first, "tani" second.
Very thanks,
(2014/09/22 21:24), Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Monday, September 22, 2014 3:06:39 PM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> Sorry, I misunderstood.
>>
>> This is outputs after LDAP user logged in.
> Please attach log as files, not inline, easier to handle.
>
> 2014-09-22 21:01:32,638 DEBUG
> [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4)
> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', scope=SUB,
> deref=NEVER, sizeLimit=0, timeLimit=0,
> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)',
attrs={entryUUID,
> uid, displayName, memberOf, department, givenName, sn, title, mail},
> controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})
> 2014-09-22 21:01:32,640 DEBUG
> [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4)
> SearchResult: SearchResult(resultCode=0 (success), messageID=3,
> entriesReturned=0, referencesReturned=0,
> responseControls={SimplePagedResultsControl(pageSize=0,
> isCritical=false)})
>
> >From the above I see that a search was issued:
> >&(objectClass=uidObject)(uid=*)(uid=Fumihide)
> And no result returned.
>
> Per previous output:
> ---
> # tani, Users, rxc05271.com
> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
> objectClass: inetOrgPerson
> objectClass: uidObject
> uid: tani
> cn: Fumihide Tani
> givenName: Fumihide
> mail: tani(a)rxc05271.com
> sn: Tani
> userPassword:: a3VtaXRhbg==
> ---
>
> Your user name is tani and not Fumihide.
>
> Alon
>
>
4:36 p.m.
Hi, Alon,
Thanks a lot.
I'll try the newest ovirt 3.5 release.
(2014/09/22 22:20), Alon Bar-Lev wrote:
The version of engine you are using is probably out of date and
unsynced with latest ldap package (20140821064931).
Please make sure you take latest from[1]
Thanks!
[1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/
----- Original Message -----
> From: "Fumihide Tani" <RXC05271(a)nifty.com>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Monday, September 22, 2014 3:42:52 PM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>
> Hi, Alon,
>
> Your requested engine.log attached.
>
> Also, I tried to login to web user portal by "tani"
>
> User Name: tani
> Password: (OpenLDAP userPassword)
> Domain: rxc05271.com
>
> cause: "General command validation failure."
>
> Attated log includes login by "Fumihide" first, "tani" second.
>
> Very thanks,
>
>
> (2014/09/22 21:24), Alon Bar-Lev wrote:
>> ----- Original Message -----
>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>> Cc: users(a)ovirt.org
>>> Sent: Monday, September 22, 2014 3:06:39 PM
>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>
>>> Sorry, I misunderstood.
>>>
>>> This is outputs after LDAP user logged in.
>> Please attach log as files, not inline, easier to handle.
>>
>> 2014-09-22 21:01:32,638 DEBUG
>> [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4)
>> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', scope=SUB,
>> deref=NEVER, sizeLimit=0, timeLimit=0,
>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)',
attrs={entryUUID,
>> uid, displayName, memberOf, department, givenName, sn, title, mail},
>> controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})
>> 2014-09-22 21:01:32,640 DEBUG
>> [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4)
>> SearchResult: SearchResult(resultCode=0 (success), messageID=3,
>> entriesReturned=0, referencesReturned=0,
>> responseControls={SimplePagedResultsControl(pageSize=0,
>> isCritical=false)})
>>
>> >From the above I see that a search was issued:
>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide)
>> And no result returned.
>>
>> Per previous output:
>> ---
>> # tani, Users, rxc05271.com
>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
>> objectClass: inetOrgPerson
>> objectClass: uidObject
>> uid: tani
>> cn: Fumihide Tani
>> givenName: Fumihide
>> mail: tani(a)rxc05271.com
>> sn: Tani
>> userPassword:: a3VtaXRhbg==
>> ---
>>
>> Your user name is tani and not Fumihide.
>>
>> Alon
>>
>>
>
3:24 p.m.
Hi, Alon,
I have updated the oVirt 3.5 RC2 to the newest RC3 today.
From my CentOS6.5 based oVirt Engine server and the oVirt Host server,
# yum clean all
# yum update
Then rebooted these servers.
But my LDAP problem is continued and same result as before.
When I login to the oVirt User Portal,
User Name: tani
Password: (OpenLDAP's userPassword)
Domain: rxc05271.com
UI displays "General command validation failure."
Please advice.
Thanks,
Fumihide Tani
(2014/09/22 22:20), Alon Bar-Lev wrote:
The version of engine you are using is probably out of date and
unsynced with latest ldap package (20140821064931).
Please make sure you take latest from[1]
Thanks!
[1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/
----- Original Message -----
> From: "Fumihide Tani" <RXC05271(a)nifty.com>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Monday, September 22, 2014 3:42:52 PM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>
> Hi, Alon,
>
> Your requested engine.log attached.
>
> Also, I tried to login to web user portal by "tani"
>
> User Name: tani
> Password: (OpenLDAP userPassword)
> Domain: rxc05271.com
>
> cause: "General command validation failure."
>
> Attated log includes login by "Fumihide" first, "tani" second.
>
> Very thanks,
>
>
> (2014/09/22 21:24), Alon Bar-Lev wrote:
>> ----- Original Message -----
>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>> Cc: users(a)ovirt.org
>>> Sent: Monday, September 22, 2014 3:06:39 PM
>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>
>>> Sorry, I misunderstood.
>>>
>>> This is outputs after LDAP user logged in.
>> Please attach log as files, not inline, easier to handle.
>>
>> 2014-09-22 21:01:32,638 DEBUG
>> [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4)
>> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', scope=SUB,
>> deref=NEVER, sizeLimit=0, timeLimit=0,
>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)',
attrs={entryUUID,
>> uid, displayName, memberOf, department, givenName, sn, title, mail},
>> controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})
>> 2014-09-22 21:01:32,640 DEBUG
>> [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4)
>> SearchResult: SearchResult(resultCode=0 (success), messageID=3,
>> entriesReturned=0, referencesReturned=0,
>> responseControls={SimplePagedResultsControl(pageSize=0,
>> isCritical=false)})
>>
>> >From the above I see that a search was issued:
>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide)
>> And no result returned.
>>
>> Per previous output:
>> ---
>> # tani, Users, rxc05271.com
>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
>> objectClass: inetOrgPerson
>> objectClass: uidObject
>> uid: tani
>> cn: Fumihide Tani
>> givenName: Fumihide
>> mail: tani(a)rxc05271.com
>> sn: Tani
>> userPassword:: a3VtaXRhbg==
>> ---
>>
>> Your user name is tani and not Fumihide.
>>
>> Alon
>>
>>
>
3:32 p.m.
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Wednesday, September 24, 2014 3:24:23 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
Hi, Alon,
I have updated the oVirt 3.5 RC2 to the newest RC3 today.
From my CentOS6.5 based oVirt Engine server and the oVirt Host server,
# yum clean all
# yum update
Then rebooted these servers.
But my LDAP problem is continued and same result as before.
When I login to the oVirt User Portal,
User Name: tani
Password: (OpenLDAP's userPassword)
Domain: rxc05271.com
UI displays "General command validation failure."
Please advice.
Hopefully I can if you provide log... :)
Thanks,
Fumihide Tani
(2014/09/22 22:20), Alon Bar-Lev wrote:
> The version of engine you are using is probably out of date and unsynced
> with latest ldap package (20140821064931).
> Please make sure you take latest from[1]
> Thanks!
>
> [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/
>
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Monday, September 22, 2014 3:42:52 PM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> Hi, Alon,
>>
>> Your requested engine.log attached.
>>
>> Also, I tried to login to web user portal by "tani"
>>
>> User Name: tani
>> Password: (OpenLDAP userPassword)
>> Domain: rxc05271.com
>>
>> cause: "General command validation failure."
>>
>> Attated log includes login by "Fumihide" first, "tani"
second.
>>
>> Very thanks,
>>
>>
>> (2014/09/22 21:24), Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>> Cc: users(a)ovirt.org
>>>> Sent: Monday, September 22, 2014 3:06:39 PM
>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>
>>>> Sorry, I misunderstood.
>>>>
>>>> This is outputs after LDAP user logged in.
>>> Please attach log as files, not inline, easier to handle.
>>>
>>> 2014-09-22 21:01:32,638 DEBUG
>>> [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4)
>>> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com',
scope=SUB,
>>> deref=NEVER, sizeLimit=0, timeLimit=0,
>>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)',
attrs={entryUUID,
>>> uid, displayName, memberOf, department, givenName, sn, title, mail},
>>> controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})
>>> 2014-09-22 21:01:32,640 DEBUG
>>> [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4)
>>> SearchResult: SearchResult(resultCode=0 (success), messageID=3,
>>> entriesReturned=0, referencesReturned=0,
>>> responseControls={SimplePagedResultsControl(pageSize=0,
>>> isCritical=false)})
>>>
>>> >From the above I see that a search was issued:
>>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide)
>>> And no result returned.
>>>
>>> Per previous output:
>>> ---
>>> # tani, Users, rxc05271.com
>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
>>> objectClass: inetOrgPerson
>>> objectClass: uidObject
>>> uid: tani
>>> cn: Fumihide Tani
>>> givenName: Fumihide
>>> mail: tani(a)rxc05271.com
>>> sn: Tani
>>> userPassword:: a3VtaXRhbg==
>>> ---
>>>
>>> Your user name is tani and not Fumihide.
>>>
>>> Alon
>>>
>>>
>>
>
3712
days inactive
3715
days old
19 comments
2 participants
participants (2)
-
Alon Bar-Lev -
Fumihide Tani