9:27 p.m.
On 02/19/2012 09:02 PM, Nathan Stratton wrote:
I am working on getting ovirt working with our LDAP enviornment and
have run into a few issues. Based on my googling my understanding is
that ovirt should query DNS for a ldap SRV record. However based on my
wireshark captures I never see such a request.
I ended up installing phpPgAdmin and found the vdc_options table and
someting called DomainName. I figured that was a good place to start
so I put our domain there and now I see the DNS SRV queries.
I'd try with wireshark to capture ports 88, 53 and 389 (something like
'-s 1500 -w /tmp/file.pcap port 53 or port 88 or port 389' if you are
using tcpdump).
Then check that indeed the responses from DNS correlate well with what
we are trying to connect to.
(BTW, there was a regression in the code not so long ago in that area -
are you using latest code?).
Y.
In the logs I see:
2012-02-19 12:58:26,532 ERROR
[org.ovirt.engine.core.bll.adbroker.GetRootDSETask] (pool-5-thread-47)
Couldnt deduce provider type for domain blinkmind.net
2012-02-19 12:58:26,533 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(http--0.0.0.0-8080-10) Failed ldap search server
LDAP://ldap-master.dal.blinkmind.net:389 due to
org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException:
Failed to get rootDSE record for server
LDAP://ldap-master.dal.blinkmind.net:389. We should try the next
server:
org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException:
Failed to get rootDSE record for server
LDAP://ldap-master.dal.blinkmind.net:389
at
org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:101)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97)
[engine-bll.jar:]
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
[:1.6.0_22]
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
[:1.6.0_22]
at
org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57)
[utils-3.0.0-0001.jar:]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.6.0_22]
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
[:1.6.0_22]
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
[:1.6.0_22]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
[:1.6.0_22]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
[:1.6.0_22]
at java.lang.Thread.run(Thread.java:679) [:1.6.0_22]
2012-02-19 12:58:26,537 ERROR
[org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand]
(http--0.0.0.0-8080-10) Failed authenticating user: nathan to domain
blinkmind.net. Ldap Query Type is getUserByName
2012-02-19 12:58:26,538 ERROR
[org.ovirt.engine.core.bll.LoginAdminUserCommand]
(http--0.0.0.0-8080-10) USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR :
nathan
2012-02-19 12:58:26,539 WARN
[org.ovirt.engine.core.bll.LoginAdminUserCommand]
(http--0.0.0.0-8080-10) CanDoAction of action LoginAdminUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR
All our linux boxes use the same LDAP server without issue, so I know
that part is working.
P.S. What is LDAPSecurityAuthentication (option_id 2) and what should
it be set to?
> <>
Nathan Stratton CTO, BlinkMind, Inc.
nathan at robotics.net nathan at blinkmind.com
http://www.robotics.net http://www.blinkmind.com
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users