[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI

Thursday, 30 May 2019

Even with that adjustments it gives the error of invalid credentials for the user i
specified in test login flow:

[root@ovirt ~]# ovirt-engine-extension-aaa-ldap-setup 
[ INFO  ] Stage: Initializing
[ INFO  ] Stage: Environment setup
          Configuration files:
['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
          Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20190530152903-9p7d86.log
          Version: otopi-1.7.8 (otopi-1.7.8-1.el7)
[ INFO  ] Stage: Environment packages setup
[ INFO  ] Stage: Programs detection
[ INFO  ] Stage: Environment customization
          Welcome to LDAP extension configuration program
          Available LDAP implementations:
           1 - 389ds
           2 - 389ds RFC-2307 Schema
           3 - Active Directory
           4 - IBM Security Directory Server
           5 - IBM Security Directory Server RFC-2307 Schema
           6 - IPA
           7 - Novell eDirectory RFC-2307 Schema
           8 - OpenLDAP RFC-2307 Schema
           9 - OpenLDAP Standard Schema
          10 - Oracle Unified Directory RFC-2307 Schema
          11 - RFC-2307 Schema (Generic)
          12 - RHDS
          13 - RHDS RFC-2307 Schema
          14 - iPlanet
          Please select: 9

          NOTE:
          It is highly recommended to use DNS resolution for LDAP server.
          If for some reason you intend to use hosts or plain address disable DNS usage.

          Use DNS (Yes, No) [Yes]: no
          Available policy method:
           1 - Single server
           2 - DNS domain LDAP SRV record
           3 - Round-robin between multiple hosts
           4 - Failover between multiple hosts
          Please select: 1
          Please enter host address: 192.168.16.114

          NOTE:
          It is highly recommended to use secure protocol to access the LDAP server.
          Protocol startTLS is the standard recommended method to do so.
          Only in cases in which the startTLS is not supported, fallback to non standard
ldaps protocol.
          Use plain for test environments only.

          Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain
[ INFO  ] Connecting to LDAP using 'ldap://192.168.16.114:389'
[ INFO  ] Connection succeeded
          Enter search user DN (for example uid=username,dc=example,dc=com or leave empty
for anonymous): cn=System Administrator (RO),ou=People,dc=lab,dc=local
          Enter search user password: 
[ INFO  ] Attempting to bind using 'cn=System Administrator
(RO),ou=People,dc=lab,dc=local'
          Please enter base DN (dc=lab,dc=local) [dc=lab,dc=local]:
ou=People,dc=lab,dc=local
          Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: no
          Please specify profile name that will be visible to users [192.168.16.114]:
lab.local
[ INFO  ] Stage: Setup validation

          NOTE:
          It is highly recommended to test drive the configuration before applying it into
engine.
          Login sequence is executed automatically, but it is recommended to also execute
Search sequence manually after successful Login sequence.

          Please provide credentials to test login flow:
          Enter user name: node1
          Enter user password: 
[ INFO  ] Executing login sequence...
          Login output:
          2019-05-30 15:30:13,585+01 INFO   
========================================================================
          2019-05-30 15:30:13,642+01 INFO    ============================ Initialization
============================
          2019-05-30 15:30:13,642+01 INFO   
========================================================================
          2019-05-30 15:30:13,718+01 INFO    Loading extension 'lab.local-authn'
          2019-05-30 15:30:13,887+01 INFO    Extension 'lab.local-authn' loaded
          2019-05-30 15:30:13,890+01 INFO    Loading extension 'lab.local-authz'
          2019-05-30 15:30:13,901+01 INFO    Extension 'lab.local-authz' loaded
          2019-05-30 15:30:13,901+01 INFO    Initializing extension
'lab.local-authn'
          2019-05-30 15:30:13,928+01 INFO   
[ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] Creating LDAP pool
'authz'
          2019-05-30 15:30:14,031+01 INFO   
[ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] LDAP pool 'authz'
information: vendor='null' version='null'
          2019-05-30 15:30:14,032+01 INFO   
[ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] Creating LDAP pool
'authn'
          2019-05-30 15:30:14,050+01 INFO   
[ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] LDAP pool 'authn'
information: vendor='null' version='null'
          2019-05-30 15:30:14,051+01 INFO    Extension 'lab.local-authn'
initialized
          2019-05-30 15:30:14,051+01 INFO    Initializing extension
'lab.local-authz'
          2019-05-30 15:30:14,052+01 INFO   
[ovirt-engine-extension-aaa-ldap.authz::lab.local-authz] Creating LDAP pool
'authz'
          2019-05-30 15:30:14,074+01 INFO   
[ovirt-engine-extension-aaa-ldap.authz::lab.local-authz] LDAP pool 'authz'
information: vendor='null' version='null'
          2019-05-30 15:30:14,075+01 INFO   
[ovirt-engine-extension-aaa-ldap.authz::lab.local-authz] Available Namespaces:
[ou=People,dc=lab,dc=local]
          2019-05-30 15:30:14,075+01 INFO    Extension 'lab.local-authz'
initialized
          2019-05-30 15:30:14,075+01 INFO    Start of enabled extensions list
          2019-05-30 15:30:14,083+01 INFO    Instance name: 'lab.local-authn',
Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.8',
Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.8-1.el7', License:
'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt
Project', Build interface Version: '0',  File:
'/tmp/tmpvwxEdU/extensions.d/lab.local-authn.properties', Initialized:
'true'
          2019-05-30 15:30:14,083+01 INFO    Instance name: 'lab.local-authz',
Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.8',
Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.8-1.el7', License:
'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt
Project', Build interface Version: '0',  File:
'/tmp/tmpvwxEdU/extensions.d/lab.local-authz.properties', Initialized:
'true'
          2019-05-30 15:30:14,084+01 INFO    End of enabled extensions list
          2019-05-30 15:30:14,084+01 INFO   
========================================================================
          2019-05-30 15:30:14,084+01 INFO    ============================== Execution
===============================
          2019-05-30 15:30:14,084+01 INFO   
========================================================================
          2019-05-30 15:30:14,084+01 INFO    Iteration: 0
          2019-05-30 15:30:14,085+01 INFO    Profile='lab.local'
authn='lab.local-authn' authz='lab.local-authz' mapping='null'
          2019-05-30 15:30:14,086+01 INFO    API:
-->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='lab.local'
user='node1'
          2019-05-30 15:30:14,134+01 INFO    API:
<--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='lab.local'
result=CREDENTIALS_INVALID
          2019-05-30 15:30:14,142+01 SEVERE  Authn.Result code is: CREDENTIALS_INVALID
[ ERROR ] Login sequence failed
          Please investigate details of the failure (search for lines containing SEVERE
log level).
          Select test sequence to execute (Done, Abort, Login, Search) [Abort]:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI