[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

--=-7FGTMvtERpsX2N9uBb42 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello, I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA. Starting up ovrit-engine the extension manager fails to properly load the service that handles Kerberos/LDAP. engine.log: ... 2014-11-10 11:29:25,106 INFO [org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (MSC service thread 1-10) Start initializing ExecutionMessageDirector 2014-11-10 11:29:25,108 INFO [org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (MSC service thread 1-10) Finished initializing ExecutionMessageDirector 2014-11-10 11:29:25,145 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Loading extension 'builtin-authn-internal' 2014-11-10 11:29:25,146 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Extension 'builtin-authn-internal' loaded 2014-11-10 11:29:25,148 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Loading extension 'internal' 2014-11-10 11:29:25,150 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Extension 'internal' loaded 2014-11-10 11:29:25,154 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Loading extension 'builtin-authn-EXAMPLE.ORG' 2014-11-10 11:29:25,215 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Extension 'builtin-authn-EXAMPLE.ORG' loaded 2014-11-10 11:29:25,218 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Loading extension 'EXAMPLE.ORG' 2014-11-10 11:29:25,264 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Extension 'EXAMPLE.ORG' loaded 2014-11-10 11:29:25,265 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Initializing extension 'EXAMPLE.ORG' 2014-11-10 11:29:25,265 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Extension 'EXAMPLE.ORG' initialized 2014-11-10 11:29:25,266 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Initializing extension 'builtin-authn-internal' 2014-11-10 11:29:25,266 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Extension 'builtin-authn-internal' initialized 2014-11-10 11:29:25,267 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Initializing extension 'builtin-authn-EXAMPLE.ORG' 2014-11-10 11:29:25,267 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Extension 'builtin-authn-EXAMPLE.ORG' initialized 2014-11-10 11:29:25,268 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Initializing extension 'internal' 2014-11-10 11:29:25,268 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Extension 'internal' initialized 2014-11-10 11:29:25,268 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Start of enabled extensions list 2014-11-10 11:29:25,269 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Instance name: 'EXAMPLE.ORG', Extension name: 'Kerberos/Ldap Authz (Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: 'N/A', Initialized: 'true' 2014-11-10 11:29:25,270 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Instance name: 'builtin-authn-internal', Extension name: 'Internal Authn (Built-in)', Version: 'N/A', Notes: '', License: 'AS L 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: 'N/A', Initialized: 'true' 2014-11-10 11:29:25,270 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Instance name: 'builtin-authn-EXAMPLE.ORG', Extension name: 'Kerberos/Ldap Authn (Built-in)', Version: 'N/A', Notes: '', Licen se: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: 'N/A', Initialized: 'true' 2014-11-10 11:29:25,271 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) Instance name: 'internal', Extension name: 'Internal Authz (Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: 'N/A', Initialized: 'true' 2014-11-10 11:29:25,272 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-10) End of enabled extensions list 2014-11-10 11:29:25,404 INFO [org.ovirt.engine.core.bll.aaa.DbUserCacheManager] (MSC service thread 1-10) Start initializing DbUserCacheManager 2014-11-10 11:29:25,405 INFO [org.ovirt.engine.core.bll.aaa.DbUserCacheManager] (MSC service thread 1-10) Finished initializing DbUserCacheManager 2014-11-10 11:29:25,414 INFO [org.ovirt.engine.core.bll.tasks.AsyncTaskManager] (MSC service thread 1-10) Initialization of AsyncTaskManager completed successfully. 2014-11-10 11:29:25,416 INFO [org.ovirt.engine.core.vdsbroker.ResourceManager] (MSC service thread 1-10) Start initializing ResourceManager 2014-11-10 11:29:25,458 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase= ] (DefaultQuartzScheduler_Worker-1) Failed to run command LdapSearchUserByQ= ueryCommand. Domain is EXAMPLE.ORG. User is user1(a)EXAMPLE.ORG. 2014-11-10 11:29:25,459 ERROR [org.ovirt.engine.core.bll.aaa.SyncUsers] (DefaultQuartzScheduler_Worker-1) Error during user synchronization of extension EXAMPLE.ORG. Exception message is No enum constant org.ovirt.engine.extensions.aaa.bui ltin.kerberosldap.LDAPSecurityAuthentication. Trying to authenticate with user2 from IPA produces this error: engine.log: 2014-11-10 11:30:08,777 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase= ] (ajp--127.0.0.1-8702-2) Failed to run command LdapAuthenticateUserCommand= . Domain is EXAMPLE.ORG. User is user2. 2014-11-10 11:30:08,779 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-2) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input:=20 {Extkey[name=3DAAA_AUTHN_CREDENTIALS;type=3Dclass java.lang.String;uuid=3DAAA_AUTHN_CREDENTIALS[03b96485-4bb5-4592-8167-810a5= c909706];]=3D***, Extkey[name=3DEXTENSION_INVOKE_CONTEXT;type=3Dclass org.o= virt.engine.api.extensions.ExtMap;uuid=3DEXTENSION_INVOKE_CONTEXT[886d2ebb-= 312a-49ae-9cc3-e1f849834b7d];]=3D{Extkey[name=3DEXTENSION_INTERFACE_VERSION= _MAX;type=3Dclass java.lang.Integer;uuid=3DEXTENSION_INTERFACE_VERSION_MAX[= f4cff49f-2717-4901-8ee9-df362446e3e7];]=3D0, Extkey[name=3DEXTENSION_LICENS= E;type=3Dclass java.lang.String;uuid=3DEXTENSION_LICENSE[8a61ad65-054c-4e31= -9c6d-1ca4d60a4c18];]=3DASL 2.0, Extkey[name=3DEXTENSION_HOME_URL;type=3Dcl= ass java.lang.String;uuid=3DEXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d1= 92e18304];]=3Dhttp://www.ovirt.org, Extkey[name=3DEXTENSION_LOCALE;type=3Dc= lass java.lang.String;uuid=3DEXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d= 778bb29];]=3Den_US, Extkey[name=3DEXTENSION_NAME;type=3Dclass java.lang.Str= ing;uuid=3DEXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=3DKerbero= s/Ldap Authn (Built-in), Extkey[name=3DEXTENSION_INTERFACE_VERSION_MIN;type= =3Dclass java.lang.Integer;uuid=3DEXTENSION_INTERFACE_VERSION_MIN[2b84fc91-= 305b-497b-a1d7-d961b9d2ce0b];]=3D0, Extkey[name=3DEXTENSION_CONFIGURATION;t= ype=3Dclass java.util.Properties;uuid=3DEXTENSION_CONFIGURATION[2d48ab72-f0= a1-4312-b4ae-5068a226b0fc];]=3D***, Extkey[name=3DEXTENSION_AUTHOR;type=3Dc= lass java.lang.String;uuid=3DEXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e0701= 8b7fbcc];]=3DThe oVirt Project, Extkey[name=3DEXTENSION_INSTANCE_NAME;type= =3Dclass java.lang.String;uuid=3DEXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5= -a245-8674327f011b];]=3Dbuiltin-authn-EXAMPLE.ORG, Extkey[name=3DEXTENSION_= BUILD_INTERFACE_VERSION;type=3Dclass java.lang.Integer;uuid=3DEXTENSION_BUI= LD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=3D0, Extkey[na= me=3DEXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=3Dinterface java.util.Coll= ection;uuid=3DEXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9= b-ebff01e35263];]=3D[, config.authn.user.password], Extkey[name=3DAAA_AUTHN= _CAPABILITIES;type=3Dclass java.lang.Long;uuid=3DAAA_AUTHN_CAPABILITIES[9d1= 6bee3-10fd-46f2-83f9-3d3c54cf258d];]=3D12, Extkey[name=3DEXTENSION_GLOBAL_C= ONTEXT;type=3Dclass org.ovirt.engine.api.extensions.ExtMap;uuid=3DEXTENSION= _GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=3D*skip*, Extkey[na= me=3DEXTENSION_VERSION;type=3Dclass java.lang.String;uuid=3DEXTENSION_VERSI= ON[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=3DN/A, Extkey[name=3DEXTENSION_M= ANAGER_TRACE_LOG;type=3Dinterface org.slf4j.Logger;uuid=3DEXTENSION_MANAGER= _TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=3Dorg.slf4j.impl.Slf4jLo= gger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.Kerberos/= Ldap Authn (Built-in).builtin-authn-EXAMPLE.ORG), Extkey[name=3DEXTENSION_P= ROVIDES;type=3Dinterface java.util.Collection;uuid=3DEXTENSION_PROVIDES[8cf= 373a6-65b5-4594-b828-0e275087de91];]=3D[org.ovirt.engine.api.extensions.aaa= .Authn]}, Extkey[name=3DAAA_AUTHN_USER;type=3Dclass java.lang.String;uuid= =3DAAA_AUTHN_USER[1ceaba26-1bdc-4663-a3c6-5d926f9dd8f0];]=3Duser2, Extkey[n= ame=3DEXTENSION_INVOKE_COMMAND;type=3Dclass org.ovirt.engine.api.extensions= .ExtUUID;uuid=3DEXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f2= 8d];]=3DAAA_AUTHN_AUTHENTICATE_CREDENTIALS[d9605c75-6b43-4b00-b32c-06bdfa80= 244c]} Output: {Extkey[name=3DEXTENSION_INVOKE_RESULT;type=3Dclass java.lang.Integer;uuid=3DEXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-09= 9c772ddd4e];]=3D2, Extkey[name=3DEXTENSION_INVOKE_MESSAGE;type=3Dclass java= .lang.String;uuid=3DEXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb7= 2f5893];]=3DNo enum constant org.ovirt.engine.extensions.aaa.builtin.kerber= osldap.LDAPSecurityAuthentication.} engine-manage-domains shows the IPA domain but I cannot delete the domain or edit it. # engine-manage-domains list Domain: EXAMPLE.ORG User name: null Manage Domains completed successfully # engine-manage-domains delete --domain=3DEXAMPLE.ORG Domain example.org doesn't exist in the configuration. Any ideas on fixing? Regards, Cameron --=-7FGTMvtERpsX2N9uBb42 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit --=-7FGTMvtERpsX2N9uBb42--