Re: [ovirt-users] active directory

Thursday, 8 June 2017

If you are using Active Directory you most probably don't use Anonymous bind.
The question:

           Enter search user DN (for example
uid=username,dc=example,dc=com or leave empty for anonymous):

You should not leave empty but rather specify some user, which can
search in active directory,
you can enter it either in DN format(cn=user,dc=domain,dcom) or UPN
format (user(a)domain.com).

On Thu, Jun 8, 2017 at 5:32 AM, qinglong.dong(a)horebdata.cn
<qinglong.dong(a)horebdata.cn&gt; wrote:
...
 Thanks! I excuted "ovirt-engine-extension-aaa-ldap-setup",
but I got an
 error. Is there anything wrong?

 [root@engine ~]# ovirt-engine-extension-aaa-ldap-setup
 [ INFO  ] Stage: Initializing
 [ INFO  ] Stage: Environment setup
           Configuration files:
 ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
           Log file:
 /tmp/ovirt-engine-extension-aaa-ldap-setup-20170608112535-jll8t2.log
           Version: otopi-1.6.2 (otopi-1.6.2-1.el7.centos)
 [ INFO  ] Stage: Environment packages setup
 [ INFO  ] Stage: Programs detection
 [ INFO  ] Stage: Environment customization
           Welcome to LDAP extension configuration program
           Available LDAP implementations:
            1 - 389ds
            2 - 389ds RFC-2307 Schema
            3 - Active Directory
            4 - IBM Security Directory Server
            5 - IBM Security Directory Server RFC-2307 Schema
            6 - IPA
            7 - Novell eDirectory RFC-2307 Schema
            8 - OpenLDAP RFC-2307 Schema
            9 - OpenLDAP Standard Schema
           10 - Oracle Unified Directory RFC-2307 Schema
           11 - RFC-2307 Schema (Generic)
           12 - RHDS
           13 - RHDS RFC-2307 Schema
           14 - iPlanet
           Please select: 3
           Please enter Active Directory Forest name: horebdata.com
 [ INFO  ] Resolving Global Catalog SRV record for horebdata.com
 [ INFO  ] Resolving LDAP SRV record for horebdata.com
           NOTE:
           It is highly recommended to use secure protocol to access the LDAP
 server.
           Protocol startTLS is the standard recommended method to do so.
           Only in cases in which the startTLS is not supported, fallback to
 non standard ldaps protocol.
           Use plain for test environments only.
           Please select protocol to use (startTLS, ldaps, plain) [startTLS]:
 plain
 [ INFO  ] Resolving SRV record 'horebdata.com'
 [ INFO  ] Connecting to LDAP using
 'ldap://win-fvdsocg3abj.horebdata.com:389'
 [ INFO  ] Connection succeeded
           Enter search user DN (for example uid=username,dc=example,dc=com
 or leave empty for anonymous):
 [ INFO  ] Attempting to bind using '[Anonymous]'
           Are you going to use Single Sign-On for Virtual Machines (Yes, No)
 [No]: yes
           NOTE:
           Profile name has to match domain name, otherwise Single Sign-On
 for Virtual Machines will not work.
           Please specify profile name that will be visible to users
 [horebdata.com]:
 [ INFO  ] Stage: Setup validation
           The following files are about to be overwritten:
               /etc/ovirt-engine/extensions.d/horebdata.com-authn.properties
               /etc/ovirt-engine/extensions.d/horebdata.com.properties
               /etc/ovirt-engine/aaa/horebdata.com.properties
           Continue and overwrite? (Yes, No) [No]: yes
           NOTE:
           It is highly recommended to test drive the configuration before
 applying it into engine.
           Perform at least one Login sequence and one Search sequence.
           Select test sequence to execute (Done, Abort, Login, Search)
 [Abort]: login
           Enter user name: horebdata
           Enter user password:
 [ INFO  ] Executing login sequence...
           Login output:
           2017-06-08 11:26:09,446+08 INFO
 ========================================================================
           2017-06-08 11:26:09,463+08 INFO    ============================
 Initialization ============================
           2017-06-08 11:26:09,463+08 INFO
 ========================================================================
           2017-06-08 11:26:09,475+08 INFO    Loading extension
 'horebdata.com-authn'
           2017-06-08 11:26:09,517+08 INFO    Extension 'horebdata.com-authn'
 loaded
           2017-06-08 11:26:09,522+08 INFO    Loading extension
 'horebdata.com'
           2017-06-08 11:26:09,530+08 INFO    Extension 'horebdata.com'
 loaded
           2017-06-08 11:26:09,531+08 INFO    Initializing extension
 'horebdata.com-authn'
           2017-06-08 11:26:09,532+08 INFO
 [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] Creating LDAP
 pool 'authz'
           2017-06-08 11:26:09,620+08 INFO
 [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] LDAP pool
 'authz' information: vendor='null' version='null'
           2017-06-08 11:26:09,621+08 INFO
 [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] Creating LDAP
 pool 'authn'
           2017-06-08 11:26:09,636+08 INFO
 [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] LDAP pool
 'authn' information: vendor='null' version='null'
           2017-06-08 11:26:09,649+08 WARNING
 [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] Cannot
 initialize LDAP framework, deferring initialization. Error: Unexpected comma
 or semicolon found at the end of the DN string.
           2017-06-08 11:26:09,650+08 INFO    Extension 'horebdata.com-authn'
 initialized
           2017-06-08 11:26:09,650+08 INFO    Initializing extension
 'horebdata.com'
           2017-06-08 11:26:09,651+08 INFO
 [ovirt-engine-extension-aaa-ldap.authz::horebdata.com] Creating LDAP pool
 'authz'
           2017-06-08 11:26:09,679+08 INFO
 [ovirt-engine-extension-aaa-ldap.authz::horebdata.com] LDAP pool 'authz'
 information: vendor='null' version='null'
           2017-06-08 11:26:09,679+08 INFO
 [ovirt-engine-extension-aaa-ldap.authz::horebdata.com] Creating LDAP pool
 'gc'
           2017-06-08 11:26:09,694+08 INFO
 [ovirt-engine-extension-aaa-ldap.authz::horebdata.com] LDAP pool 'gc'
 information: vendor='null' version='null'
           2017-06-08 11:26:09,697+08 WARNING
 [ovirt-engine-extension-aaa-ldap.authz::horebdata.com] Cannot initialize
 LDAP framework, deferring initialization. Error: Unexpected comma or
 semicolon found at the end of the DN string.
           2017-06-08 11:26:09,697+08 INFO    Extension 'horebdata.com'
 initialized
           2017-06-08 11:26:09,697+08 INFO    Start of enabled extensions
 list
           2017-06-08 11:26:09,697+08 INFO    Instance name: 'horebdata.com',
 Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version:
'1.3.1',
 Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.1-1.el7.centos',
 License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt
 Project', Build interface Version: '0',  File:
 '/tmp/tmpHfBhQf/extensions.d/horebdata.com.properties', Initialized:
'true'
           2017-06-08 11:26:09,698+08 INFO    Instance name:
 'horebdata.com-authn', Extension name:
 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.1', Notes:
'Display
 name: ovirt-engine-extension-aaa-ldap-1.3.1-1.el7.centos', License: 'ASL
 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project',
Build
 interface Version: '0',  File:
 '/tmp/tmpHfBhQf/extensions.d/horebdata.com-authn.properties', Initialized:
 'true'
           2017-06-08 11:26:09,698+08 INFO    End of enabled extensions list
           2017-06-08 11:26:09,698+08 INFO
 ========================================================================
           2017-06-08 11:26:09,698+08 INFO    ==============================
 Execution ===============================
           2017-06-08 11:26:09,698+08 INFO
 ========================================================================
           2017-06-08 11:26:09,698+08 INFO    Iteration: 0
           2017-06-08 11:26:09,699+08 INFO    Profile='horebdata.com'
 authn='horebdata.com-authn' authz='horebdata.com' mapping='null'
           2017-06-08 11:26:09,699+08 INFO    API:
 -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='horebdata.com'
 user='horebdata'
           2017-06-08 11:26:09,702+08 WARNING
 [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] Cannot
 initialize LDAP framework, deferring initialization. Error: Unexpected comma
 or semicolon found at the end of the DN string.
           2017-06-08 11:26:09,703+08 SEVERE  Unexpected comma or semicolon
 found at the end of the DN string.
 [ ERROR ] Login sequence failed
           Please investigate details of the failure (search for lines
 containing SEVERE log level).
           Select test sequence to execute (Done, Abort, Login, Search)
 [Abort]:

 From: Ondra Machacek
 Date: 2017-06-07 14:47
 To: qinglong.dong(a)horebdata.cn
 CC: users
 Subject: Re: [ovirt-users] active directory
 Or you can try the migration tool:

 https://github.com/oVirt/ovirt-engine-kerbldap-migration

 Check the README, there are instructions how to procceed.

 On Wed, Jun 7, 2017 at 8:33 AM, Latchezar Filtchev <Latcho(a)aubg.bg&gt; wrote:
> This can help you:
>
>
>
> http://lists.ovirt.org/pipermail/users/2016-September/042937.html
>
>
>
> Best,
>
> Latcho
>
>
>
>
>
> From: users-bounces(a)ovirt.org [mailto:users-bounces@ovirt.org] On Behalf
> Of
> qinglong.dong(a)horebdata.cn
> Sent: Wednesday, June 07, 2017 4:57 AM
> To: users
> Subject: [ovirt-users] active directory
>
>
>
> Hi all,
>
>         I used "engine-manage-domains" to add AD to ovirt in earlier
> version. What should I do in ovirt 4.1? Hope someone can help. Thanks!
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Re: [ovirt-users] active directory