6:50 p.m.
----- Original Message -----
From: "Fumihide Tani" <RXC05271(a)nifty.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: users(a)ovirt.org
Sent: Monday, October 6, 2014 6:47:15 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
Alon,
Sorry, I forgetted to start my DNS server.
After that everything goes well.
I can add LDAP account and login to the Web Portal by LDAP account
successfully!
great, now try this sequence:
1. define a group X in ldap.
2. define a group Y in ldap which is member of group X.
3. define user U that is member of group Y.
4. add group X into ovirt-engine as superuser.
5. try to login with user U.
it should work unless we have an issue.
(2014/10/07 0:33), Alon Bar-Lev wrote:
> 2014-10-07 00:27:59,829 DEBUG
> [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-14)
> Exception during sequence: LDAPException(resultCode=91 (connect error),
> errorMessage='An error occurred while attempting to connect to server
> ldap.rxc05271.com:389: java.io.IOException: An error occurred while
> attempting to establish a connection to server
> ldap.rxc05271.com/111.64.166.75:389: java.net.ConnectException:
> Connection refused')
>
>
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Monday, October 6, 2014 6:31:17 PM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> engine.log attached.
>>
>> Regards
>>
>> (2014/10/06 23:57), Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>> Cc: users(a)ovirt.org
>>>> Sent: Monday, October 6, 2014 3:40:05 PM
>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>
>>>> Alon,
>>>>
>>>> Thanks, the ovirt-engine-extension-aaa-ldap was updated successfully.
>>>> and then I restarted my ovirt-engine.
>>>>
>>>> I tried the following:
>>>>
>>>> 1) Login to the User Portal using LDAP account "tani".
>>>> Failed. (it was able to login before doing update.)
>>>>
>>>> 2) Then deleting the LDAP account "tani" from admin portal.
>>>>
>>>> 3) Tried to add new account "tani" again.
>>>> I selected "rxc05271.com (authz-company)" instead of
"internal
>>>> (internal)"
>>>> but "Go" bottun is hidden.
>>>>
>>>> What should I do next?
>>> it probably means that the engine cannot interact with the ldap.
>>> can you see any error message during engine startup that related?
>>> can you stop engine remove engine.log start engine and send me the
>>> engine.log?
>>>
>>>> Regards,
>>>> Fumihide Tani
>>>>
>>>> (2014/10/06 20:39), Alon Bar-Lev wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>> Cc: users(a)ovirt.org
>>>>>> Sent: Monday, October 6, 2014 2:36:38 PM
>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>
>>>>>> Hi, Alon
>>>>>>
>>>>>> I can not update the ovirt-engine-extension-aaa-ldap.noarch
>>>>>> 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the one you
>>>>>> specified.
>>>>>> Is it still not exist in ovirt-3.5-pre repo?
>>>>> right, they are at snapshots.
>>>>> you can take the extension rpm and only update it.
>>>>>
>>>>> yum localupdate
>>>>>
http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-en...
>>>>>
>>>>>> Regards,
>>>>>> Fumihide Tani
>>>>>>
>>>>>> (2014/10/06 17:07), Alon Bar-Lev wrote:
>>>>>>> Hello Fumihide,
>>>>>>>
>>>>>>> I pushed a significant change into ldap package, in some
cases it
>>>>>>> will
>>>>>>> provide better response times.
>>>>>>> The change is within group resolution.
>>>>>>> I wounder if you can test it, should be at least
>>>>>>>
ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Alon Bar-Lev.
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>>>> Cc: users(a)ovirt.org
>>>>>>>> Sent: Thursday, September 25, 2014 4:41:09 PM
>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
LDAP.
>>>>>>>>
>>>>>>>> Hi, Alon,
>>>>>>>>
>>>>>>>> Without waiting until the weekend,
>>>>>>>> I have finished the flesh install of the oVirt 3.5 RC3
today.
>>>>>>>> As a result, with same AAA settings,
>>>>>>>> My OpenLDAP's users became possible to login to the
Web User Portal
>>>>>>>> now.
>>>>>>>> Yes, RC3 is good for integrating with newest OpenLDAP
2.4.23, RC2 is
>>>>>>>> not.
>>>>>>>>
>>>>>>>> Very much thanks,
>>>>>>>> Fumihide Tani
>>>>>>>>
>>>>>>>> (2014/09/25 7:27), Alon Bar-Lev wrote:
>>>>>>>>> This is severe, the upgrade is not working properly
you have issues
>>>>>>>>> with
>>>>>>>>> accessing database.
>>>>>>>>> If database is not important I suggest a fresh
install, run
>>>>>>>>> engine-cleanup
>>>>>>>>> then engine-setup.
>>>>>>>>> If database is important please forward this to
devel mailing list
>>>>>>>>> for
>>>>>>>>> someone to help, regardless of LDAP.
>>>>>>>>> Regards,
>>>>>>>>> Alon
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 4-09-25 00:36:08,389 ERROR
>>>>>>>>>
[org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo]
>>>>>>>>> (DefaultQuartzScheduler_Worker-7)
ArrayIndexOutOfBoundsException:
>>>>>>>>> 1:
>>>>>>>>> java.lang.ArrayIndexOutOfBoundsException: 1
>>>>>>>>> at
>>>>>>>>>
org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208)
>>>>>>>>> [dal.jar:]
>>>>>>>>> at
>>>>>>>>>
org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20)
>>>>>>>>> [dal.jar:]
>>>>>>>>> at
>>>>>>>>>
org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184)
>>>>>>>>> [dal.jar:]
>>>>>>>>> at
>>>>>>>>>
org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168)
>>>>>>>>> [dal.jar:]
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>>> From: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>>>> To: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>>>> Sent: Wednesday, September 24, 2014 6:40:58 PM
>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure
with simple LDAP.
>>>>>>>>>>
>>>>>>>>>> Result of running engine-setup:
>>>>>>>>>> [root@ovirt ~]# yum list installed|grep
ovirt-engine
>>>>>>>>>> ovirt-engine.noarch
3.5.0-0.0.master.20140923231936.git42065cc.el6
>>>>>>>>>>
>>>>>>>>>> Yes, engine is updated to newest one.!
>>>>>>>>>>
>>>>>>>>>> But I still continued failing to login.
>>>>>>>>>> engine.log attached.
>>>>>>>>>>
>>>>>>>>>> Very thanks,
>>>>>>>>>>
>>>>>>>>>> (2014/09/24 23:59), Alon Bar-Lev wrote:
>>>>>>>>>>> you probably need to run engine-setup
>>>>>>>>>>>
>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>> From: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>>>>>> To: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>>>>>> Sent: Wednesday, September 24, 2014
4:59:22 PM
>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not
configure with simple LDAP.
>>>>>>>>>>>>
>>>>>>>>>>>> Oops!
>>>>>>>>>>>> # yum list installed | grep
ovirt-engine
>>>>>>>>>>>> ovirt-engine.noarch
>>>>>>>>>>>>
3.5.0-0.0.master.20140821064931.gitb794d66.el6
>>>>>>>>>>>> (snip)
>>>>>>>>>>>> .....
>>>>>>>>>>>>
>>>>>>>>>>>> Many ovirt-3.5-* modules are updated by
yum today but engine is
>>>>>>>>>>>> not.
>>>>>>>>>>>> Why not updated to RC3??
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> (2014/09/24 22:42), Alon Bar-Lev wrote:
>>>>>>>>>>>>> Unless I am missing something, you
run old engine:
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2014-09-24 22:16:24,136 INFO
>>>>>>>>>>>>> [org.ovirt.engine.core.bll.Backend]
>>>>>>>>>>>>> (MSC
>>>>>>>>>>>>> service thread 1-12) Running
ovirt-engine
>>>>>>>>>>>>>
3.5.0-0.0.master.20140821064931.gitb794d66.el6
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>> From: "Fumihide Tani"
<RXC05271(a)nifty.com>
>>>>>>>>>>>>>> To: "Alon Bar-Lev"
<alonbl(a)redhat.com>
>>>>>>>>>>>>>> Sent: Wednesday, September 24,
2014 4:21:09 PM
>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can
not configure with simple LDAP.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Attached engine.log with
"FINEST"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> (2014/09/24 21:32), Alon Bar-Lev
wrote:
>>>>>>>>>>>>>>> ----- Original Message
-----
>>>>>>>>>>>>>>>> From: "Fumihide
Tani" <RXC05271(a)nifty.com>
>>>>>>>>>>>>>>>> To: "Alon
Bar-Lev" <alonbl(a)redhat.com>
>>>>>>>>>>>>>>>> Cc: users(a)ovirt.org
>>>>>>>>>>>>>>>> Sent: Wednesday,
September 24, 2014 3:24:23 PM
>>>>>>>>>>>>>>>> Subject: Re:
[ovirt-users] Can not configure with simple
>>>>>>>>>>>>>>>> LDAP.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi, Alon,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I have updated the oVirt
3.5 RC2 to the newest RC3 today.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> From my
CentOS6.5 based oVirt Engine server and the
>>>>>>>>>>>>>>>> oVirt
>>>>>>>>>>>>>>>> Host
>>>>>>>>>>>>>>>> server,
>>>>>>>>>>>>>>>> # yum clean all
>>>>>>>>>>>>>>>> # yum update
>>>>>>>>>>>>>>>> Then rebooted these
servers.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> But my LDAP problem is
continued and same result as before.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> When I login to the
oVirt User Portal,
>>>>>>>>>>>>>>>> User Name: tani
>>>>>>>>>>>>>>>> Password:
(OpenLDAP's userPassword)
>>>>>>>>>>>>>>>> Domain: rxc05271.com
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> UI displays
"General command validation failure."
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Please advice.
>>>>>>>>>>>>>>> Hopefully I can if you
provide log... :)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>> Fumihide Tani
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> (2014/09/22 22:20), Alon
Bar-Lev wrote:
>>>>>>>>>>>>>>>>> The version of
engine you are using is probably out of date
>>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>> unsynced
>>>>>>>>>>>>>>>>> with latest ldap
package (20140821064931).
>>>>>>>>>>>>>>>>> Please make sure you
take latest from[1]
>>>>>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> [1]
http://resources.ovirt.org/pub/ovirt-3.5-snapshot/
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> ----- Original
Message -----
>>>>>>>>>>>>>>>>>> From:
"Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>>>>>>>>>>>>>> To: "Alon
Bar-Lev" <alonbl(a)redhat.com>
>>>>>>>>>>>>>>>>>> Cc:
users(a)ovirt.org
>>>>>>>>>>>>>>>>>> Sent: Monday,
September 22, 2014 3:42:52 PM
>>>>>>>>>>>>>>>>>> Subject: Re:
[ovirt-users] Can not configure with simple
>>>>>>>>>>>>>>>>>> LDAP.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi, Alon,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Your requested
engine.log attached.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Also, I tried to
login to web user portal by "tani"
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> User Name: tani
>>>>>>>>>>>>>>>>>> Password:
(OpenLDAP userPassword)
>>>>>>>>>>>>>>>>>> Domain:
rxc05271.com
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> cause:
"General command validation failure."
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Attated log
includes login by "Fumihide" first, "tani"
>>>>>>>>>>>>>>>>>> second.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Very thanks,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> (2014/09/22
21:24), Alon Bar-Lev wrote:
>>>>>>>>>>>>>>>>>>> -----
Original Message -----
>>>>>>>>>>>>>>>>>>>> From:
"Fumihide Tani" <RXC05271(a)nifty.com>
>>>>>>>>>>>>>>>>>>>> To:
"Alon Bar-Lev" <alonbl(a)redhat.com>
>>>>>>>>>>>>>>>>>>>> Cc:
users(a)ovirt.org
>>>>>>>>>>>>>>>>>>>> Sent:
Monday, September 22, 2014 3:06:39 PM
>>>>>>>>>>>>>>>>>>>> Subject:
Re: [ovirt-users] Can not configure with simple
>>>>>>>>>>>>>>>>>>>> LDAP.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Sorry, I
misunderstood.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> This is
outputs after LDAP user logged in.
>>>>>>>>>>>>>>>>>>> Please
attach log as files, not inline, easier to handle.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 2014-09-22
21:01:32,638 DEBUG
>>>>>>>>>>>>>>>>>>>
[org.ovirt.engineextensions.aaa.ldap.Framework]
>>>>>>>>>>>>>>>>>>>
(ajp--127.0.0.1-8702-4)
>>>>>>>>>>>>>>>>>>>
SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com',
>>>>>>>>>>>>>>>>>>> scope=SUB,
>>>>>>>>>>>>>>>>>>> deref=NEVER,
sizeLimit=0, timeLimit=0,
>>>>>>>>>>>>>>>>>>>
filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)',
>>>>>>>>>>>>>>>>>>>
attrs={entryUUID,
>>>>>>>>>>>>>>>>>>> uid,
displayName, memberOf, department, givenName, sn,
>>>>>>>>>>>>>>>>>>> title,
>>>>>>>>>>>>>>>>>>> mail},
>>>>>>>>>>>>>>>>>>>
controls={SimplePagedResultsControl(pageSize=100,
>>>>>>>>>>>>>>>>>>>
isCritical=false)})
>>>>>>>>>>>>>>>>>>> 2014-09-22
21:01:32,640 DEBUG
>>>>>>>>>>>>>>>>>>>
[org.ovirt.engineextensions.aaa.ldap.Framework]
>>>>>>>>>>>>>>>>>>>
(ajp--127.0.0.1-8702-4)
>>>>>>>>>>>>>>>>>>>
SearchResult: SearchResult(resultCode=0 (success),
>>>>>>>>>>>>>>>>>>>
messageID=3,
>>>>>>>>>>>>>>>>>>>
entriesReturned=0, referencesReturned=0,
>>>>>>>>>>>>>>>>>>>
responseControls={SimplePagedResultsControl(pageSize=0,
>>>>>>>>>>>>>>>>>>>
isCritical=false)})
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> >From the
above I see that a search was issued:
>>>>>>>>>>>>>>>>>>>>
&(objectClass=uidObject)(uid=*)(uid=Fumihide)
>>>>>>>>>>>>>>>>>>> And no
result returned.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Per previous
output:
>>>>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>>>>> # tani,
Users, rxc05271.com
>>>>>>>>>>>>>>>>>>> dn:
uid=tani,ou=Users,dc=rxc05271,dc=com
>>>>>>>>>>>>>>>>>>> objectClass:
inetOrgPerson
>>>>>>>>>>>>>>>>>>> objectClass:
uidObject
>>>>>>>>>>>>>>>>>>> uid: tani
>>>>>>>>>>>>>>>>>>> cn: Fumihide
Tani
>>>>>>>>>>>>>>>>>>> givenName:
Fumihide
>>>>>>>>>>>>>>>>>>> mail:
tani(a)rxc05271.com
>>>>>>>>>>>>>>>>>>> sn: Tani
>>>>>>>>>>>>>>>>>>>
userPassword:: a3VtaXRhbg==
>>>>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Your user
name is tani and not Fumihide.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Alon
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>
>>
>