On 02/19/2012 09:02 PM, Nathan Stratton wrote:
I am working on getting ovirt working with our LDAP enviornment and have run into a few issues. Based on my googling my understanding is that ovirt should query DNS for a ldap SRV record. However based on my wireshark captures I never see such a request.
I ended up installing phpPgAdmin and found the vdc_options table and someting called DomainName. I figured that was a good place to start so I put our domain there and now I see the DNS SRV queries.
I'd try with wireshark to capture ports 88, 53 and 389 (something like '-s 1500 -w /tmp/file.pcap port 53 or port 88 or port 389' if you are using tcpdump). Then check that indeed the responses from DNS correlate well with what we are trying to connect to. (BTW, there was a regression in the code not so long ago in that area - are you using latest code?). Y.
In the logs I see:
2012-02-19 12:58:26,532 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSETask] (pool-5-thread-47) Couldnt deduce provider type for domain blinkmind.net 2012-02-19 12:58:26,533 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8080-10) Failed ldap search server LDAP://ldap-master.dal.blinkmind.net:389 due to org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: Failed to get rootDSE record for server LDAP://ldap-master.dal.blinkmind.net:389. We should try the next server: org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: Failed to get rootDSE record for server LDAP://ldap-master.dal.blinkmind.net:389 at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:101) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97) [engine-bll.jar:] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22] at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22] at org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57) [utils-3.0.0-0001.jar:] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.6.0_22]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22] at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.6.0_22] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.6.0_22] at java.lang.Thread.run(Thread.java:679) [:1.6.0_22]
2012-02-19 12:58:26,537 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-10) Failed authenticating user: nathan to domain blinkmind.net. Ldap Query Type is getUserByName 2012-02-19 12:58:26,538 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-10) USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR : nathan 2012-02-19 12:58:26,539 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-10) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR
All our linux boxes use the same LDAP server without issue, so I know that part is working.
P.S. What is LDAPSecurityAuthentication (option_id 2) and what should it be set to?
<> Nathan Stratton CTO, BlinkMind, Inc. nathan at robotics.net nathan at blinkmind.com http://www.robotics.net http://www.blinkmind.com
Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users