Re: [Users] LDAP

From: "Nathan Stratton" <nathan(a)robotics.net&gt; To: "Itamar Heim" <iheim(a)redhat.com&gt; Cc: users(a)ovirt.org Sent: Wednesday, February 22, 2012 1:03:33 AM Subject: Re: [Users] LDAP On Sun, 19 Feb 2012, Itamar Heim wrote: > On 02/19/2012 11:11 PM, Nathan Stratton wrote: >> On Sun, 19 Feb 2012, Itamar Heim wrote: >> >>> the current code supports AD, freeIPA/IPA and 389ds/RHDS. >>> if apache directory server is similar to any of them, you could >>> try >>> hacking the code to add support for it. >> >> Ok, will go with 389 for now, its in the family, tho Gluster is in >> the >> family and you don't support it as a storage file system... : ) > > please remember you need 389ds with kerberos support. Got it installed and setup, I am able to authenticate from linux boxes with the new 389 LDAP so I know that works. However still running into issues getting ovirt-engine to work with it. http://share.robotics.net/ldap.pcap As you can see from the pcap, I see a DNS SRV query for _ldap._tcp.blinkmind.net and the box does talk to the LDAP box. I don't see anyting on port 88, or a ldap query for the kerberos or does it try to just use the same IP as ldap? 2012-02-21 16:59:48,411 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8080-1) Failed ldap search server LDAP://ldap-master.hou.blinkmind.net:389 due to org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException. We should not try the next server: org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticateToKDC(GSSAPIDirContextAuthenticationStrategy.java:150) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.explicitAuth(GSSAPIDirContextAuthenticationStrategy.java:119) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticate(GSSAPIDirContextAuthenticationStrategy.java:111) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GSSAPILdapTemplateWrapper.useAuthenticationStrategy(GSSAPILdapTemplateWrapper.java:90) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.PrepareLdapConnectionTask.call(PrepareLdapConnectionTask.java:56) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:108) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97) [engine-bll.jar:] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22] at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22] at org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57) [utils-3.0.0-0001.jar:] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.6.0_22] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22] at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.6.0_22] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.6.0_22] at java.lang.Thread.run(Thread.java:679) [:1.6.0_22] 2012-02-21 16:59:48,415 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-1) Failed authenticating user: nathan to domain blinkmind.net. Ldap Query Type is getUserByName 2012-02-21 16:59:48,416 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1) USER_FAILED_TO_AUTHENTICATE_NO_KDCS_FOUND : nathan 2012-02-21 16:59:48,416 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_NO_KDCS_FOUND

_______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users