From Roberto.Nunin at comifar.it Mon Aug  7 07:01:08 2017
Content-Type: multipart/mixed; boundary="===============7246983854607919332=="
MIME-Version: 1.0
From: NUNIN Roberto <Roberto.Nunin at comifar.it>
To: users at ovirt.org
Subject: [ovirt-users] oVirt LDAP user authentication troubleshooting
Date: Mon, 07 Aug 2017 07:01:05 +0000
Message-ID: <de4cb7680af64919af7be187e7761b68@DENU01MS0077.phoenix.loc>

--===============7246983854607919332==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

--_000_de4cb7680af64919af7be187e7761b68DENU01MS0077phoenixloc_
Content-Type: text/plain; charset=3D"us-ascii"
Content-Transfer-Encoding: quoted-printable

I've two oVirt 4.1.4.2-1 pods used for labs.

These two pods are configured in the same way (three node with gluster)

Trying to setup LDAP auth, towards the same OpenLDAP server, setup ends cor=
=3D
rectly in both engine VM.
When I try to perform system permission modification, only one of these is =
=3D
recognizing the LDAP groups and allow setup and next users belonging to def=
=3D
ined groups to log-in and perform assigned level tasks.

On the second engine, system permissions, even if it recognize the LDAP dom=
=3D
ain (it appear in the selection box for search base) do not find nothing, g=
=3D
roups or individuals.
How to analyze this ? I wasn't able to find logs useful for troubleshooting=
=3D
.

Setup ended correctly with both Login and Search tasks complete successful.
Thanks

Roberto





________________________________

Questo messaggio e' indirizzato esclusivamente al destinatario indicato e p=
=3D
otrebbe contenere informazioni confidenziali, riservate o proprietarie. Qua=
=3D
lora la presente venisse ricevuta per errore, si prega di segnalarlo immedi=
=3D
atamente al mittente, cancellando l'originale e ogni sua copia e distruggen=
=3D
do eventuali copie cartacee. Ogni altro uso e' strettamente proibito e potr=
=3D
ebbe essere fonte di violazione di legge.

This message is for the designated recipient only and may contain privilege=
=3D
d, proprietary, or otherwise private information. If you have received it i=
=3D
n error, please notify the sender immediately, deleting the original and al=
=3D
l copies and destroying any hard copies. Any other use is strictly prohibit=
=3D
ed and may be unlawful.

--_000_de4cb7680af64919af7be187e7761b68DENU01MS0077phoenixloc_
Content-Type: text/html; charset=3D"us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D3D"urn:schemas-microsoft-com:vml" xmlns:o=3D3D"urn:schemas-=
micr=3D
osoft-com:office:office" xmlns:w=3D3D"urn:schemas-microsoft-com:office:word=
" =3D
xmlns:m=3D3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D3D"h=
ttp:=3D
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D3D"Content-Type" content=3D3D"text/html; charset=3D3Dus-=
ascii"=3D
>
<meta name=3D3D"Generator" content=3D3D"Microsoft Word 15 (filtered medium)=
">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
span.StileMessaggioDiPostaElettronica17
	{mso-style-type:personal-compose;
	font-family:"Arial",sans-serif;
	color:windowtext;
	font-weight:normal;
	font-style:normal;
	text-decoration:none none;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:70.85pt 2.0cm 2.0cm 2.0cm;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D3D"edit" spidmax=3D3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D3D"edit">
<o:idmap v:ext=3D3D"edit" data=3D3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D3D"IT" link=3D3D"#0563C1" vlink=3D3D"#954F72">
<div class=3D3D"WordSection1">
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif">I&#8217;ve two oVirt 4.1.4.2-1 pods us=
=3D
ed for labs.<o:p></o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif"><o:p>&nbsp;</o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif">These two pods are configured in the s=
=3D
ame way (three node with gluster)<o:p></o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif"><o:p>&nbsp;</o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif">Trying to setup LDAP auth, towards the=
=3D
 same OpenLDAP server, setup ends correctly in both engine VM.<o:p></o:p></=
=3D
span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif">When I try to perform system permissio=
=3D
n modification, only one of these is recognizing the LDAP groups and allow =
=3D
setup and next users belonging to defined groups
 to log-in and perform assigned level tasks.<o:p></o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif"><o:p>&nbsp;</o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif">On the second engine, system permissio=
=3D
ns, even if it recognize the LDAP domain (it appear in the selection box fo=
=3D
r search base) do not find nothing, groups or individuals.<o:p></o:p></span=
=3D
></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif">How to analyze this ? I wasn&#8217;t a=
=3D
ble to find logs useful for troubleshooting.<o:p></o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif"><o:p>&nbsp;</o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif">Setup ended correctly with both Login =
=3D
and Search tasks complete successful.<o:p></o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif">Thanks<o:p></o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif"><o:p>&nbsp;</o:p></span></p>
<p class=3D3D"MsoNormal"><span lang=3D3D"EN-US" style=3D3D"font-size:10.0pt=
;font-=3D
family:&quot;Arial&quot;,sans-serif">Roberto<o:p></o:p></span></p>
<p class=3D3D"MsoNormal"><span style=3D3D"font-size:10.0pt;font-family:&quo=
t;Ar=3D
ial&quot;,sans-serif"><o:p>&nbsp;</o:p></span></p>
<p class=3D3D"MsoNormal"><span style=3D3D"font-size:10.0pt;font-family:&quo=
t;Ar=3D
ial&quot;,sans-serif"><o:p>&nbsp;</o:p></span></p>
<p class=3D3D"MsoNormal" style=3D3D"line-height:12.05pt;text-autospace:none=
"><s=3D
pan style=3D3D"font-family:&quot;Arial&quot;,sans-serif;mso-fareast-languag=
e:=3D
IT"><o:p>&nbsp;</o:p></span></p>
<p class=3D3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<br>
<hr>
<font face=3D3D"Courier New" color=3D3D"Black" size=3D3D"2"><br>
Questo messaggio e' indirizzato esclusivamente al destinatario indicato e p=
=3D
otrebbe contenere informazioni confidenziali, riservate o proprietarie. Qua=
=3D
lora la presente venisse ricevuta per errore, si prega di segnalarlo immedi=
=3D
atamente al mittente, cancellando
 l'originale e ogni sua copia e distruggendo eventuali copie cartacee. Ogni=
=3D
 altro uso e' strettamente proibito e potrebbe essere fonte di violazione d=
=3D
i legge.<br>
<br>
This message is for the designated recipient only and may contain privilege=
=3D
d, proprietary, or otherwise private information. If you have received it i=
=3D
n error, please notify the sender immediately, deleting the original and al=
=3D
l copies and destroying any hard
 copies. Any other use is strictly prohibited and may be unlawful.<br>
</font>
</body>
</html>

--_000_de4cb7680af64919af7be187e7761b68DENU01MS0077phoenixloc_--

--===============7246983854607919332==
Content-Type: multipart/alternative
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.bin"

LS1fMDAwX2RlNGNiNzY4MGFmNjQ5MTlhZjdiZTE4N2U3NzYxYjY4REVOVTAxTVMwMDc3cGhvZW5p
eGxvY18KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1cy1hc2NpaSIKQ29udGVu
dC1UcmFuc2Zlci1FbmNvZGluZzogcXVvdGVkLXByaW50YWJsZQoKSSd2ZSB0d28gb1ZpcnQgNC4x
LjQuMi0xIHBvZHMgdXNlZCBmb3IgbGFicy4KClRoZXNlIHR3byBwb2RzIGFyZSBjb25maWd1cmVk
IGluIHRoZSBzYW1lIHdheSAodGhyZWUgbm9kZSB3aXRoIGdsdXN0ZXIpCgpUcnlpbmcgdG8gc2V0
dXAgTERBUCBhdXRoLCB0b3dhcmRzIHRoZSBzYW1lIE9wZW5MREFQIHNlcnZlciwgc2V0dXAgZW5k
cyBjb3I9CnJlY3RseSBpbiBib3RoIGVuZ2luZSBWTS4KV2hlbiBJIHRyeSB0byBwZXJmb3JtIHN5
c3RlbSBwZXJtaXNzaW9uIG1vZGlmaWNhdGlvbiwgb25seSBvbmUgb2YgdGhlc2UgaXMgPQpyZWNv
Z25pemluZyB0aGUgTERBUCBncm91cHMgYW5kIGFsbG93IHNldHVwIGFuZCBuZXh0IHVzZXJzIGJl
bG9uZ2luZyB0byBkZWY9CmluZWQgZ3JvdXBzIHRvIGxvZy1pbiBhbmQgcGVyZm9ybSBhc3NpZ25l
ZCBsZXZlbCB0YXNrcy4KCk9uIHRoZSBzZWNvbmQgZW5naW5lLCBzeXN0ZW0gcGVybWlzc2lvbnMs
IGV2ZW4gaWYgaXQgcmVjb2duaXplIHRoZSBMREFQIGRvbT0KYWluIChpdCBhcHBlYXIgaW4gdGhl
IHNlbGVjdGlvbiBib3ggZm9yIHNlYXJjaCBiYXNlKSBkbyBub3QgZmluZCBub3RoaW5nLCBnPQpy
b3VwcyBvciBpbmRpdmlkdWFscy4KSG93IHRvIGFuYWx5emUgdGhpcyA/IEkgd2Fzbid0IGFibGUg
dG8gZmluZCBsb2dzIHVzZWZ1bCBmb3IgdHJvdWJsZXNob290aW5nPQouCgpTZXR1cCBlbmRlZCBj
b3JyZWN0bHkgd2l0aCBib3RoIExvZ2luIGFuZCBTZWFyY2ggdGFza3MgY29tcGxldGUgc3VjY2Vz
c2Z1bC4KVGhhbmtzCgpSb2JlcnRvCgoKCgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X18KClF1ZXN0byBtZXNzYWdnaW8gZScgaW5kaXJpenphdG8gZXNjbHVzaXZhbWVudGUgYWwgZGVz
dGluYXRhcmlvIGluZGljYXRvIGUgcD0Kb3RyZWJiZSBjb250ZW5lcmUgaW5mb3JtYXppb25pIGNv
bmZpZGVuemlhbGksIHJpc2VydmF0ZSBvIHByb3ByaWV0YXJpZS4gUXVhPQpsb3JhIGxhIHByZXNl
bnRlIHZlbmlzc2UgcmljZXZ1dGEgcGVyIGVycm9yZSwgc2kgcHJlZ2EgZGkgc2VnbmFsYXJsbyBp
bW1lZGk9CmF0YW1lbnRlIGFsIG1pdHRlbnRlLCBjYW5jZWxsYW5kbyBsJ29yaWdpbmFsZSBlIG9n
bmkgc3VhIGNvcGlhIGUgZGlzdHJ1Z2dlbj0KZG8gZXZlbnR1YWxpIGNvcGllIGNhcnRhY2VlLiBP
Z25pIGFsdHJvIHVzbyBlJyBzdHJldHRhbWVudGUgcHJvaWJpdG8gZSBwb3RyPQplYmJlIGVzc2Vy
ZSBmb250ZSBkaSB2aW9sYXppb25lIGRpIGxlZ2dlLgoKVGhpcyBtZXNzYWdlIGlzIGZvciB0aGUg
ZGVzaWduYXRlZCByZWNpcGllbnQgb25seSBhbmQgbWF5IGNvbnRhaW4gcHJpdmlsZWdlPQpkLCBw
cm9wcmlldGFyeSwgb3Igb3RoZXJ3aXNlIHByaXZhdGUgaW5mb3JtYXRpb24uIElmIHlvdSBoYXZl
IHJlY2VpdmVkIGl0IGk9Cm4gZXJyb3IsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlh
dGVseSwgZGVsZXRpbmcgdGhlIG9yaWdpbmFsIGFuZCBhbD0KbCBjb3BpZXMgYW5kIGRlc3Ryb3lp
bmcgYW55IGhhcmQgY29waWVzLiBBbnkgb3RoZXIgdXNlIGlzIHN0cmljdGx5IHByb2hpYml0PQpl
ZCBhbmQgbWF5IGJlIHVubGF3ZnVsLgoKLS1fMDAwX2RlNGNiNzY4MGFmNjQ5MTlhZjdiZTE4N2U3
NzYxYjY4REVOVTAxTVMwMDc3cGhvZW5peGxvY18KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNo
YXJzZXQ9InVzLWFzY2lpIgpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBxdW90ZWQtcHJpbnRh
YmxlCgo8aHRtbCB4bWxuczp2PTNEInVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206dm1sIiB4bWxu
czpvPTNEInVybjpzY2hlbWFzLW1pY3I9Cm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4bWxuczp3
PTNEInVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOndvcmQiID0KeG1sbnM6bT0zRCJo
dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPTNE
Imh0dHA6PQovL3d3dy53My5vcmcvVFIvUkVDLWh0bWw0MCI+CjxoZWFkPgo8bWV0YSBodHRwLWVx
dWl2PTNEIkNvbnRlbnQtVHlwZSIgY29udGVudD0zRCJ0ZXh0L2h0bWw7IGNoYXJzZXQ9M0R1cy1h
c2NpaSI9Cj4KPG1ldGEgbmFtZT0zRCJHZW5lcmF0b3IiIGNvbnRlbnQ9M0QiTWljcm9zb2Z0IFdv
cmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPgo8c3R5bGU+PCEtLQovKiBGb250IERlZmluaXRpb25z
ICovCkBmb250LWZhY2UKCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsKCXBhbm9zZS0xOjIg
NCA1IDMgNSA0IDYgMyAyIDQ7fQpAZm9udC1mYWNlCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsKCXBh
bm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8KcC5N
c29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbAoJe21hcmdpbjowY207CgltYXJn
aW4tYm90dG9tOi4wMDAxcHQ7Cglmb250LXNpemU6MTEuMHB0OwoJZm9udC1mYW1pbHk6IkNhbGli
cmkiLHNhbnMtc2VyaWY7Cgltc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUzt9CmE6bGluaywgc3Bh
bi5Nc29IeXBlcmxpbmsKCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7Cgljb2xvcjojMDU2M0MxOwoJ
dGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9CmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtG
b2xsb3dlZAoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsKCWNvbG9yOiM5NTRGNzI7Cgl0ZXh0LWRl
Y29yYXRpb246dW5kZXJsaW5lO30Kc3Bhbi5TdGlsZU1lc3NhZ2dpb0RpUG9zdGFFbGV0dHJvbmlj
YTE3Cgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtY29tcG9zZTsKCWZvbnQtZmFtaWx5OiJBcmlh
bCIsc2Fucy1zZXJpZjsKCWNvbG9yOndpbmRvd3RleHQ7Cglmb250LXdlaWdodDpub3JtYWw7Cglm
b250LXN0eWxlOm5vcm1hbDsKCXRleHQtZGVjb3JhdGlvbjpub25lIG5vbmU7fQouTXNvQ2hwRGVm
YXVsdAoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5OwoJZm9udC1mYW1pbHk6IkNhbGlicmki
LHNhbnMtc2VyaWY7Cgltc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUzt9CkBwYWdlIFdvcmRTZWN0
aW9uMQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0OwoJbWFyZ2luOjcwLjg1cHQgMi4wY20gMi4wY20g
Mi4wY207fQpkaXYuV29yZFNlY3Rpb24xCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQotLT48L3N0eWxl
PjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPgo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PTNEImVkaXQi
IHNwaWRtYXg9M0QiMTAyNiIgLz4KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDld
Pjx4bWw+CjxvOnNoYXBlbGF5b3V0IHY6ZXh0PTNEImVkaXQiPgo8bzppZG1hcCB2OmV4dD0zRCJl
ZGl0IiBkYXRhPTNEIjEiIC8+CjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4KPC9o
ZWFkPgo8Ym9keSBsYW5nPTNEIklUIiBsaW5rPTNEIiMwNTYzQzEiIHZsaW5rPTNEIiM5NTRGNzIi
Pgo8ZGl2IGNsYXNzPTNEIldvcmRTZWN0aW9uMSI+CjxwIGNsYXNzPTNEIk1zb05vcm1hbCI+PHNw
YW4gbGFuZz0zRCJFTi1VUyIgc3R5bGU9M0QiZm9udC1zaXplOjEwLjBwdDtmb250LT0KZmFtaWx5
OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWYiPkkmIzgyMTc7dmUgdHdvIG9WaXJ0IDQuMS40
LjItMSBwb2RzIHVzPQplZCBmb3IgbGFicy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+CjxwIGNsYXNz
PTNEIk1zb05vcm1hbCI+PHNwYW4gbGFuZz0zRCJFTi1VUyIgc3R5bGU9M0QiZm9udC1zaXplOjEw
LjBwdDtmb250LT0KZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWYiPjxvOnA+Jm5i
c3A7PC9vOnA+PC9zcGFuPjwvcD4KPHAgY2xhc3M9M0QiTXNvTm9ybWFsIj48c3BhbiBsYW5nPTNE
IkVOLVVTIiBzdHlsZT0zRCJmb250LXNpemU6MTAuMHB0O2ZvbnQtPQpmYW1pbHk6JnF1b3Q7QXJp
YWwmcXVvdDssc2Fucy1zZXJpZiI+VGhlc2UgdHdvIHBvZHMgYXJlIGNvbmZpZ3VyZWQgaW4gdGhl
IHM9CmFtZSB3YXkgKHRocmVlIG5vZGUgd2l0aCBnbHVzdGVyKTxvOnA+PC9vOnA+PC9zcGFuPjwv
cD4KPHAgY2xhc3M9M0QiTXNvTm9ybWFsIj48c3BhbiBsYW5nPTNEIkVOLVVTIiBzdHlsZT0zRCJm
b250LXNpemU6MTAuMHB0O2ZvbnQtPQpmYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJp
ZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPgo8cCBjbGFzcz0zRCJNc29Ob3JtYWwiPjxz
cGFuIGxhbmc9M0QiRU4tVVMiIHN0eWxlPTNEImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC09CmZhbWls
eTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmIj5UcnlpbmcgdG8gc2V0dXAgTERBUCBhdXRo
LCB0b3dhcmRzIHRoZT0KIHNhbWUgT3BlbkxEQVAgc2VydmVyLCBzZXR1cCBlbmRzIGNvcnJlY3Rs
eSBpbiBib3RoIGVuZ2luZSBWTS48bzpwPjwvbzpwPjwvPQpzcGFuPjwvcD4KPHAgY2xhc3M9M0Qi
TXNvTm9ybWFsIj48c3BhbiBsYW5nPTNEIkVOLVVTIiBzdHlsZT0zRCJmb250LXNpemU6MTAuMHB0
O2ZvbnQtPQpmYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZiI+V2hlbiBJIHRyeSB0
byBwZXJmb3JtIHN5c3RlbSBwZXJtaXNzaW89Cm4gbW9kaWZpY2F0aW9uLCBvbmx5IG9uZSBvZiB0
aGVzZSBpcyByZWNvZ25pemluZyB0aGUgTERBUCBncm91cHMgYW5kIGFsbG93ID0Kc2V0dXAgYW5k
IG5leHQgdXNlcnMgYmVsb25naW5nIHRvIGRlZmluZWQgZ3JvdXBzCiB0byBsb2ctaW4gYW5kIHBl
cmZvcm0gYXNzaWduZWQgbGV2ZWwgdGFza3MuPG86cD48L286cD48L3NwYW4+PC9wPgo8cCBjbGFz
cz0zRCJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9M0QiRU4tVVMiIHN0eWxlPTNEImZvbnQtc2l6ZTox
MC4wcHQ7Zm9udC09CmZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmIj48bzpwPiZu
YnNwOzwvbzpwPjwvc3Bhbj48L3A+CjxwIGNsYXNzPTNEIk1zb05vcm1hbCI+PHNwYW4gbGFuZz0z
RCJFTi1VUyIgc3R5bGU9M0QiZm9udC1zaXplOjEwLjBwdDtmb250LT0KZmFtaWx5OiZxdW90O0Fy
aWFsJnF1b3Q7LHNhbnMtc2VyaWYiPk9uIHRoZSBzZWNvbmQgZW5naW5lLCBzeXN0ZW0gcGVybWlz
c2lvPQpucywgZXZlbiBpZiBpdCByZWNvZ25pemUgdGhlIExEQVAgZG9tYWluIChpdCBhcHBlYXIg
aW4gdGhlIHNlbGVjdGlvbiBib3ggZm89CnIgc2VhcmNoIGJhc2UpIGRvIG5vdCBmaW5kIG5vdGhp
bmcsIGdyb3VwcyBvciBpbmRpdmlkdWFscy48bzpwPjwvbzpwPjwvc3Bhbj0KPjwvcD4KPHAgY2xh
c3M9M0QiTXNvTm9ybWFsIj48c3BhbiBsYW5nPTNEIkVOLVVTIiBzdHlsZT0zRCJmb250LXNpemU6
MTAuMHB0O2ZvbnQtPQpmYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZiI+SG93IHRv
IGFuYWx5emUgdGhpcyA/IEkgd2FzbiYjODIxNzt0IGE9CmJsZSB0byBmaW5kIGxvZ3MgdXNlZnVs
IGZvciB0cm91Ymxlc2hvb3RpbmcuPG86cD48L286cD48L3NwYW4+PC9wPgo8cCBjbGFzcz0zRCJN
c29Ob3JtYWwiPjxzcGFuIGxhbmc9M0QiRU4tVVMiIHN0eWxlPTNEImZvbnQtc2l6ZToxMC4wcHQ7
Zm9udC09CmZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmIj48bzpwPiZuYnNwOzwv
bzpwPjwvc3Bhbj48L3A+CjxwIGNsYXNzPTNEIk1zb05vcm1hbCI+PHNwYW4gbGFuZz0zRCJFTi1V
UyIgc3R5bGU9M0QiZm9udC1zaXplOjEwLjBwdDtmb250LT0KZmFtaWx5OiZxdW90O0FyaWFsJnF1
b3Q7LHNhbnMtc2VyaWYiPlNldHVwIGVuZGVkIGNvcnJlY3RseSB3aXRoIGJvdGggTG9naW4gPQph
bmQgU2VhcmNoIHRhc2tzIGNvbXBsZXRlIHN1Y2Nlc3NmdWwuPG86cD48L286cD48L3NwYW4+PC9w
Pgo8cCBjbGFzcz0zRCJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9M0QiRU4tVVMiIHN0eWxlPTNEImZv
bnQtc2l6ZToxMC4wcHQ7Zm9udC09CmZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlm
Ij5UaGFua3M8bzpwPjwvbzpwPjwvc3Bhbj48L3A+CjxwIGNsYXNzPTNEIk1zb05vcm1hbCI+PHNw
YW4gbGFuZz0zRCJFTi1VUyIgc3R5bGU9M0QiZm9udC1zaXplOjEwLjBwdDtmb250LT0KZmFtaWx5
OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWYiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv
cD4KPHAgY2xhc3M9M0QiTXNvTm9ybWFsIj48c3BhbiBsYW5nPTNEIkVOLVVTIiBzdHlsZT0zRCJm
b250LXNpemU6MTAuMHB0O2ZvbnQtPQpmYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJp
ZiI+Um9iZXJ0bzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4KPHAgY2xhc3M9M0QiTXNvTm9ybWFsIj48
c3BhbiBzdHlsZT0zRCJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyPQppYWwm
cXVvdDssc2Fucy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPgo8cCBjbGFzcz0z
RCJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPTNEImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6
JnF1b3Q7QXI9CmlhbCZxdW90OyxzYW5zLXNlcmlmIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48
L3A+CjxwIGNsYXNzPTNEIk1zb05vcm1hbCIgc3R5bGU9M0QibGluZS1oZWlnaHQ6MTIuMDVwdDt0
ZXh0LWF1dG9zcGFjZTpub25lIj48cz0KcGFuIHN0eWxlPTNEImZvbnQtZmFtaWx5OiZxdW90O0Fy
aWFsJnF1b3Q7LHNhbnMtc2VyaWY7bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6PQpJVCI+PG86cD4mbmJz
cDs8L286cD48L3NwYW4+PC9wPgo8cCBjbGFzcz0zRCJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v
OnA+PC9wPgo8L2Rpdj4KPGJyPgo8aHI+Cjxmb250IGZhY2U9M0QiQ291cmllciBOZXciIGNvbG9y
PTNEIkJsYWNrIiBzaXplPTNEIjIiPjxicj4KUXVlc3RvIG1lc3NhZ2dpbyBlJyBpbmRpcml6emF0
byBlc2NsdXNpdmFtZW50ZSBhbCBkZXN0aW5hdGFyaW8gaW5kaWNhdG8gZSBwPQpvdHJlYmJlIGNv
bnRlbmVyZSBpbmZvcm1hemlvbmkgY29uZmlkZW56aWFsaSwgcmlzZXJ2YXRlIG8gcHJvcHJpZXRh
cmllLiBRdWE9CmxvcmEgbGEgcHJlc2VudGUgdmVuaXNzZSByaWNldnV0YSBwZXIgZXJyb3JlLCBz
aSBwcmVnYSBkaSBzZWduYWxhcmxvIGltbWVkaT0KYXRhbWVudGUgYWwgbWl0dGVudGUsIGNhbmNl
bGxhbmRvCiBsJ29yaWdpbmFsZSBlIG9nbmkgc3VhIGNvcGlhIGUgZGlzdHJ1Z2dlbmRvIGV2ZW50
dWFsaSBjb3BpZSBjYXJ0YWNlZS4gT2duaT0KIGFsdHJvIHVzbyBlJyBzdHJldHRhbWVudGUgcHJv
aWJpdG8gZSBwb3RyZWJiZSBlc3NlcmUgZm9udGUgZGkgdmlvbGF6aW9uZSBkPQppIGxlZ2dlLjxi
cj4KPGJyPgpUaGlzIG1lc3NhZ2UgaXMgZm9yIHRoZSBkZXNpZ25hdGVkIHJlY2lwaWVudCBvbmx5
IGFuZCBtYXkgY29udGFpbiBwcml2aWxlZ2U9CmQsIHByb3ByaWV0YXJ5LCBvciBvdGhlcndpc2Ug
cHJpdmF0ZSBpbmZvcm1hdGlvbi4gSWYgeW91IGhhdmUgcmVjZWl2ZWQgaXQgaT0KbiBlcnJvciwg
cGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5LCBkZWxldGluZyB0aGUgb3JpZ2lu
YWwgYW5kIGFsPQpsIGNvcGllcyBhbmQgZGVzdHJveWluZyBhbnkgaGFyZAogY29waWVzLiBBbnkg
b3RoZXIgdXNlIGlzIHN0cmljdGx5IHByb2hpYml0ZWQgYW5kIG1heSBiZSB1bmxhd2Z1bC48YnI+
CjwvZm9udD4KPC9ib2R5Pgo8L2h0bWw+CgotLV8wMDBfZGU0Y2I3NjgwYWY2NDkxOWFmN2JlMTg3
ZTc3NjFiNjhERU5VMDFNUzAwNzdwaG9lbml4bG9jXy0tCg==

--===============7246983854607919332==--

From omachace at redhat.com Mon Aug  7 10:21:31 2017
Content-Type: multipart/mixed; boundary="===============7401152174045765526=="
MIME-Version: 1.0
From: Ondra Machacek <omachace at redhat.com>
To: users at ovirt.org
Subject: Re: [ovirt-users] oVirt LDAP user authentication troubleshooting
Date: Mon, 07 Aug 2017 12:21:29 +0200
Message-ID: <CAJCqMsX_cRXMp9fi9PYMJWToYT2axrCYc7FO7HQC7uBk9SUjLg@mail.gmail.com>
In-Reply-To: de4cb7680af64919af7be187e7761b68@DENU01MS0077.phoenix.loc

--===============7401152174045765526==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

The best is to use this tool:

$ ovirt-engine-extensions-tool --log-level=3DFINEST aaa search
--extension-name=3Dyour-openldap-authz-name --entity-name=3Dmyuser

It prints pretty verbose output, which you can analyze.

On Mon, Aug 7, 2017 at 9:01 AM, NUNIN Roberto <Roberto.Nunin(a)comifar.it> =
wrote:
> I=E2=80=99ve two oVirt 4.1.4.2-1 pods used for labs.
>
>
>
> These two pods are configured in the same way (three node with gluster)
>
>
>
> Trying to setup LDAP auth, towards the same OpenLDAP server, setup ends
> correctly in both engine VM.
>
> When I try to perform system permission modification, only one of these is
> recognizing the LDAP groups and allow setup and next users belonging to
> defined groups to log-in and perform assigned level tasks.
>
>
>
> On the second engine, system permissions, even if it recognize the LDAP
> domain (it appear in the selection box for search base) do not find nothi=
ng,
> groups or individuals.
>
> How to analyze this ? I wasn=E2=80=99t able to find logs useful for troub=
leshooting.
>
>
>
> Setup ended correctly with both Login and Search tasks complete successfu=
l.
>
> Thanks
>
>
>
> Roberto
>
>
>
>
>
>
>
>
>
>
> ________________________________
>
> Questo messaggio e' indirizzato esclusivamente al destinatario indicato e
> potrebbe contenere informazioni confidenziali, riservate o proprietarie.
> Qualora la presente venisse ricevuta per errore, si prega di segnalarlo
> immediatamente al mittente, cancellando l'originale e ogni sua copia e
> distruggendo eventuali copie cartacee. Ogni altro uso e' strettamente
> proibito e potrebbe essere fonte di violazione di legge.
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you have
> received it in error, please notify the sender immediately, deleting the
> original and all copies and destroying any hard copies. Any other use is
> strictly prohibited and may be unlawful.
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

--===============7401152174045765526==--