[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

20 Nov 2014

Hi,

just tried it too.
I was not successfull to reproduce, but the problem is that
the domain part of LDAPSecurityAuthentication is uppercase
as Cameron wrote.

In 3.4 it is OK when it's upper case - everything works OK,
but in 3.5 it's not.

I checked differences and something like this would be enough, Yair?

diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExte
index f5ab28d..ccaf04a 100644
--- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
+++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
@@ -240,7 +240,7 @@ public class EngineExtensionsManager extends ExtensionsManager {
                             )
                     );
                 }
-                if (nameValue[0].equals(domain)) {
+                if (nameValue[0].equalsIgnoreCase(domain)) {
                     result = nameValue[1];
                     break;
                 }


Ondra


----- Original Message -----
...
From: "Alon Bar-Lev" <alonbl at redhat.com>
To: "Cameron Christensen" <cameron.christensen at uk2group.com>, "Yair Zaslavsky" <yzaslavs at redhat.com>
Cc: users at ovirt.org
Sent: Monday, November 17, 2014 11:48:15 PM
Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
----- Original Message -----
...
From: "Cameron Christensen" <cameron.christensen at uk2group.com>
To: "Alon Bar-Lev" <alonbl at redhat.com>
Cc: users at ovirt.org
Sent: Monday, November 17, 2014 11:43:34 PM
Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
IPA
On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
...
----- Original Message -----
...
From: "Cameron Christensen" <cameron.christensen at uk2group.com>
To: users at ovirt.org
Sent: Friday, November 14, 2014 5:39:54 PM
Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
IPA
Hello,
I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
Starting up ovrit-engine the extension manager fails to properly load
the service that handles Kerberos/LDAP.
This is probably a bug, can you please execute the following and paste
result:
# PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from
vdc_options where option_name='LDAPSecurityAuthentication'"
option_id |        option_name         |   option_value    | version
-----------+----------------------------+-------------------+---------
       165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
I replaced my domain name with 'example.org'
I thought it will be empty... and it contains valid value. Yair?
No, this is fine actually.
...
Any I truly suggest you try out the new provider... Much easier to resolve
any issue, current and future, including easier to debug.
Alon

    

[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Ondra Machacek