2014-10-20 2:23 GMT+08:00 Alon Bar-Lev <alonbl@redhat.com>:


----- Original Message -----
> From: "plysan" <plysab@gmail.com>
> To: "Alon Bar-Lev" <alonbl@redhat.com>
> Cc: "Users@ovirt.org List" <users@ovirt.org>
> Sent: Sunday, October 19, 2014 9:06:37 PM
> Subject: Re: [ovirt-users] Null object error with ovirt-engine-extension-ldap
>
> Hi,
>
> I did the following:
>
> 1. /etc/ovirt-engine/extensions.d/eayunosAuthn.properties
>
> ovirt.engine.extension.name = eayunosAuthn
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
> ovirt.engine.aaa.authn.profile.name = testad
> ovirt.engine.aaa.authn.authz.plugin = eayunosAuthz
> config.profile.file.1 =
> /usr/share/ovirt-engine-extension-aaa-ldap/profiles/common.properties

please use your own file, put it at /etc/ovirt-engine/aaa or something, please do not override package files.

>
> 2. /etc/ovirt-engine/extensions.d/eayunosAuthz.properties
>
> ovirt.engine.extension.name = eayunosAuthz
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
> config.profile.file.1 =
> /usr/share/ovirt-engine-extension-aaa-ldap/profiles/common.properties
>
> 3. /usr/share/ovirt-engine-extension-aaa-ldap/profiles/common.properties (I
> just modified the fiirst three variables)

please use your own file, put it at /etc/ovirt-engine/aaa or something, please do not override package files.

> include = <ad.properties>
>
> vars.user = lijiansheng
> vars.password = 1qaz@WSX
> vars.domain = eayunos.com
> vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}

I hope you have dc1.eayunos.com and dc2.eayunos.com.

> pool.default.serverset.type = srvrecord
> pool.default.serverset.srvrecord.domain = ${global:vars.domain}
> pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
> ${global:vars.dns}
> pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
> pool.default.ssl.startTLS = true

I suggest you start without ssl, set the above to false.

> pool.default.ssl.truststore.file =
> ${local:_basedir}/${global:vars.domain}.jks
> pool.default.ssl.truststore.password = changeit
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.password = ${global:vars.password}
>
>
> And this time there is another error in engine.log:
>
> 2014-10-20 01:59:32,291 INFO
>  [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> thread 1-3) Loading extension 'eayunosAuthn'
> 2014-10-20 01:59:32,839 ERROR
> [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC
> service thread 1-3) Could not load extension based on configuration file
> '/etc/ovirt-engine/extensions.d/eayunosAuthn.properties'. Please check the
> configuration file is valid. Exception message is: Error loading extension
> 'eayunosAuthn': Exception: class java.lang.StackOverflowError: null

yes, as the ad.properties includes common.properties which you modified to include ad.properties, so you created infinite loop.

Thanks Alon, problem solved :P

my working confuguration file is as follows:

1. /etc/ovirt-engine/aaa/common.properties

include = <ad.properties>

vars.user = lijiansheng@eayunos.com
vars.password = 1qaz@WSX
vars.domain = eayunos.com
vars.dns = dns://dc1.${global:vars.domain}
[skip...]

2. /etc/ovirt-engine/extensions.d/eayunosAuthn.properties

ovirt.engine.extension.name = eayunosAuthn
[skip...]
ovirt.engine.aaa.authn.profile.name = common
ovirt.engine.aaa.authn.authz.plugin = eayunosAuthz
config.profile.file.1 = /etc/ovirt-engine/aaa/common.properties

3. /etc/ovirt-engine/extensions.d/eayunosAuthz.properties

ovirt.engine.extension.name = eayunosAuthz
[skip...]
config.profile.file.1 = /etc/ovirt-engine/aaa/common.properties

4. /usr/share/ovirt-engine-extension-aaa-ldap/profiles/ad.properties

comment out "include = <common.properties>"

I dont know why this file must be changed to get it to work, as you said override package files is not good way.
I have tried to cp this file to /etc/ovirt-engine/aaa but is no use :(
Any ideas ?

And thanks for your help.

plysan
> 2014-10-20 01:59:32,843 INFO
>  [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> thread 1-3) Loading extension 'eayunosAuthz'
> 2014-10-20 01:59:33,206 ERROR
> [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC
> service thread 1-3) Could not load extension based on configuration file
> '/etc/ovirt-engine/extensions.d/eayunosAuthz.properties'. Please check the
> configuration file is valid. Exception message is: Error loading extension
> 'eayunosAuthz': Exception: class java.lang.StackOverflowError: null
>
>
> Thanks for your help :)
>
> plysan
>
>
> 2014-10-20 1:09 GMT+08:00 Alon Bar-Lev <alonbl@redhat.com>:
>
> > Hi,
> >
> > You need to refer to ad.properties from your profile, in this profile you
> > need to specify credentials and settings to access the active directory.
> >
> > For example, how can the implementation guess where your active directory
> > is? what is the user that is to be used to access it?
> >
> > Please follow extension configuration[1] and create two extensions per
> > documentation.
> > 1. authn - authentication
> > 2. authz - authorization.
> >
> > Both extensions should refer to your profile[2] that specifies the
> > required information.
> >
> > Regards,
> > Alon
> >
> > [1]
> > http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l17
> > [2]
> > http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l97
> >
> > ----- Original Message -----
> > > From: "plysan" <plysab@gmail.com>
> > > To: "Users@ovirt.org List" <users@ovirt.org>
> > > Sent: Sunday, October 19, 2014 7:58:48 PM
> > > Subject: [ovirt-users] Null object error with ovirt-engine-extension-ldap
> > >
> > > Hello,
> > >
> > > After I adding a AD directory server to oVirt using manage-domains, I
> > > installed the extension-ldap package. My setup is as follows:
> > >
> > > 1. /etc/ovirt-engine/extensions.d/eayunos.properties
> > >
> > > ovirt.engine.extension.name = eayunos
> > > ovirt.engine.extension.bindings.method = jbossmodule
> > > ovirt.engine.extension.binding.jbossmodule.module =
> > > org.ovirt.engine-extensions.aaa.ldap
> > > ovirt.engine.extension.binding.jbossmodule.class =
> > > org.ovirt.engineextensions.aaa.ldap.AuthzExtension
> > > ovirt.engine.extension.provides =
> > org.ovirt.engine.api.extensions.aaa.Authz
> > > config.profile.file.1 =
> > > /usr/share/ovirt-engine-extension-aaa-ldap/profiles/ad.properties
> > >
> > > 2. restart ovirt
> > >
> > > But after that there is a error in engine.log:
> > >
> > > 2014-10-20 00:52:11,199 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Loading extension 'builtin-authn-internal'
> > > 2014-10-20 00:52:11,201 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension 'builtin-authn-internal' loaded
> > > 2014-10-20 00:52:11,202 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Loading extension 'internal'
> > > 2014-10-20 00:52:11,203 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension 'internal' loaded
> > > 2014-10-20 00:52:11,218 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Loading extension ' builtin-authn-eayunos.com '
> > > 2014-10-20 00:52:11,232 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension ' builtin-authn-eayunos.com ' loaded
> > > 2014-10-20 00:52:11,245 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Loading extension ' eayunos.com '
> > > 2014-10-20 00:52:11,247 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension ' eayunos.com ' loaded
> > > 2014-10-20 00:52:11,252 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Loading extension 'ovirtSyslog'
> > > 2014-10-20 00:52:11,253 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension 'ovirtSyslog' loaded
> > > 2014-10-20 00:52:11,257 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Loading extension 'eayunos'
> > > 2014-10-20 00:52:11,286 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension 'eayunos' loaded
> > > 2014-10-20 00:52:11,287 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Initializing extension 'builtin-authn-internal'
> > > 2014-10-20 00:52:11,288 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension 'builtin-authn-internal' initialized
> > > 2014-10-20 00:52:11,289 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Initializing extension 'eayunos'
> > > 2014-10-20 00:52:11,290 INFO
> > [org.ovirt.engineextensions.aaa.ldap.Framework]
> > > (MSC service thread 1-16) Creating LDAP pool 'authz' for 'eayunos'
> > > 2014-10-20 00:52:11,305 ERROR
> > > [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
> > > 1-16) Cannot initialize LDAP framework, deferring initialization. Error:
> > A
> > > null object was provided where a non-null object is required (non-null
> > index
> > > 0). Thread stack trace: getStackTrace(Thread.java:1589) /
> > > ensureNotNull(Validator.java:60) / <init>(SingleServerSet.java:140) /
> > > createConnectionPool(Framework.java:516) /
> > createPool(Framework.java:632) /
> > > runSequence(Framework.java:1312) / open(Framework.java:666) /
> > > ensureFramework(AuthzExtension.java:104) /
> > doInit(AuthzExtension.java:436) /
> > > invoke(AuthzExtension.java:368) / invoke(ExtensionProxy.java:49) /
> > > invoke(ExtensionProxy.java:73) / invoke(ExtensionProxy.java:109) /
> > > initialize(ExtensionsManager.java:308) /
> > > engineInitialize(EngineExtensionsManager.java:111) /
> > > initialize(Backend.java:266) / create(Backend.java:138) /
> > > invoke0(NativeMethodAccessorImpl.java) /
> > > invoke(NativeMethodAccessorImpl.java:57) /
> > > invoke(DelegatingMethodAccessorImpl.java:43) / invoke(Method.java:606) /
> > >
> > processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:130)
> > > / proceed(InterceptorContext.java:288) /
> > > processInvocation(WeavedInterceptor.java:53) /
> > > proceed(InterceptorContext.java:288) /
> > > processInvocation(WeldInjectionInterceptor.java:73) /
> > > proceed(InterceptorContext.java:288) /
> > > processInvocation(ManagedReferenceInterceptorFactory.java:95) /
> > > proceed(InterceptorContext.java:288) /
> > > processInvocation(ManagedReferenceInterceptorFactory.java:95) /
> > > proceed(InterceptorContext.java:288) /
> > > processInvocation(WeavedInterceptor.java:53) /
> > > proceed(InterceptorContext.java:288) /
> > > processInvocation(NamespaceContextInterceptor.java:50) /
> > > proceed(InterceptorContext.java:288) /
> > > invokeInOurTx(CMTTxInterceptor.java:228) /
> > > requiresNew(CMTTxInterceptor.java:333) /
> > > processInvocation(SingletonLifecycleCMTTxInterceptor.java:56) /
> > > proceed(InterceptorContext.java:288) /
> > > processInvocation(CurrentInvocationContextInterceptor.java:41) /
> > > proceed(InterceptorContext.java:288) /
> > > processInvocation(TCCLInterceptor.java:45) /
> > > proceed(InterceptorContext.java:288) /
> > > processInvocation(ChainedInterceptor.java:61) /
> > > constructComponentInstance(BasicComponent.java:161) /
> > > createInstance(BasicComponent.java:85) /
> > > getComponentInstance(SingletonComponent.java:116) /
> > > start(SingletonComponent.java:130) /
> > start(ComponentStartService.java:44) /
> > > startService(ServiceControllerImpl.java:1811) /
> > > run(ServiceControllerImpl.java:1746) /
> > > runWorker(ThreadPoolExecutor.java:1145) /
> > run(ThreadPoolExecutor.java:615) /
> > > run(Thread.java:745)
> > > 2014-10-20 00:52:11,313 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension 'eayunos' initialized
> > > 2014-10-20 00:52:11,314 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Initializing extension 'ovirtSyslog'
> > > 2014-10-20 00:52:11,327 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension 'ovirtSyslog' initialized
> > > 2014-10-20 00:52:11,327 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Initializing extension ' builtin-authn-eayunos.com '
> > > 2014-10-20 00:52:11,330 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension ' builtin-authn-eayunos.com ' initialized
> > > 2014-10-20 00:52:11,331 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Initializing extension ' eayunos.com '
> > > 2014-10-20 00:52:11,332 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension ' eayunos.com ' initialized
> > > 2014-10-20 00:52:11,333 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Initializing extension 'internal'
> > > 2014-10-20 00:52:11,334 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Extension 'internal' initialized
> > > 2014-10-20 00:52:11,334 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Start of enabled extensions list
> > > 2014-10-20 00:52:11,335 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Instance name: 'builtin-authn-internal', Extension name: 'Internal
> > > Authn (Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home: '
> > > http://www.ovirt.org ', Author 'The oVirt Project', Build interface
> > Version:
> > > '0', File: 'N/A', Initialized: 'true'
> > > 2014-10-20 00:52:11,337 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Instance name: 'eayunos', Extension name: 'aaa.ldap.authz',
> > Version:
> > > '0.0.0_master', Notes: 'Display name:
> > >
> > ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141018224300.gita43f663.el6',
> > > License: 'ASL 2.0', Home: ' http://www.ovirt.org ', Author 'The oVirt
> > > Project', Build interface Version: '0', File:
> > > '/etc/ovirt-engine/extensions.d/eayunos.properties', Initialized: 'true'
> > > 2014-10-20 00:52:11,338 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Instance name: 'ovirtSyslog', Extension name: 'Log4jLogger',
> > Version:
> > > '0.0.0', Notes: 'Display name:
> > >
> > ovirt-engine-extension-logger-log4j-0.0.0-1.20141006155019.gitfef2d2a.el6',
> > > License: 'ASL 2.0', Home: ' http://www.ovirt.org ', Author 'The oVirt
> > > Project', Build interface Version: '0', File:
> > > '/etc/ovirt-engine/extensions.d/Log4jLogger.properties', Initialized:
> > 'true'
> > > 2014-10-20 00:52:11,340 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Instance name: ' builtin-authn-eayunos.com ', Extension name:
> > > 'Kerberos/Ldap Authn (Built-in)', Version: 'N/A', Notes: '', License:
> > 'ASL
> > > 2.0', Home: ' http://www.ovirt.org ', Author 'The oVirt Project', Build
> > > interface Version: '0', File: 'N/A', Initialized: 'true'
> > > 2014-10-20 00:52:11,342 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Instance name: ' eayunos.com ', Extension name: 'Kerberos/Ldap
> > Authz
> > > (Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home: '
> > > http://www.ovirt.org ', Author 'The oVirt Project', Build interface
> > Version:
> > > '0', File: 'N/A', Initialized: 'true'
> > > 2014-10-20 00:52:11,343 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) Instance name: 'internal', Extension name: 'Internal Authz
> > > (Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home: '
> > > http://www.ovirt.org ', Author 'The oVirt Project', Build interface
> > Version:
> > > '0', File: 'N/A', Initialized: 'true'
> > > 2014-10-20 00:52:11,345 INFO
> > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
> > thread
> > > 1-16) End of enabled extensions list
> > >
> > >
> > > My environment:
> > >
> > > # cat /etc/issue
> > > CentOS release 6.5 (Final)
> > >
> > > # rpm -qa |grep aaa-ldap
> > >
> > ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141018224300.gita43f663.el6.noarch
> > >
> > > # rpm -qa |grep ovirt-engine
> > >
> > ovirt-engine-setup-plugin-websocket-proxy-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > >
> > ovirt-engine-extensions-api-impl-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > > ovirt-engine-tools-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > >
> > ovirt-engine-userportal-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > >
> > ovirt-engine-extension-aaa-misc-0.0.0-0.0.master.20140902120001.git1fa6912.el6.noarch
> > > ovirt-engine-lib-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > >
> > ovirt-engine-setup-plugin-ovirt-engine-common-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > >
> > ovirt-engine-websocket-proxy-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > > ovirt-engine-cli-3.5.0.6-0.1.20140926.gitbbb1e44.el6.noarch
> > >
> > ovirt-engine-extension-logger-log4j-0.0.0-1.20141006155019.gitfef2d2a.el6.noarch
> > > ovirt-engine-setup-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > >
> > ovirt-engine-dbscripts-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > >
> > ovirt-engine-webadmin-portal-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > >
> > ovirt-engine-restapi-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > > ovirt-engine-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > >
> > ovirt-engine-setup-base-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > > ovirt-engine-sdk-python-3.5.0.8-0.1.20140926.gitd3a5e4d.el6.noarch
> > >
> > ovirt-engine-setup-plugin-ovirt-engine-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > >
> > ovirt-engine-backend-3.5.1-0.0.master.20141017171921.git1b75b82.el6.noarch
> > > ovirt-engine-sdk-java-3.5.0.6-0.1.20140910.git05ab94f.el6.noarch
> > >
> > ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141018224300.gita43f663.el6.noarch
> > > ovirt-engine-jboss-as-7.1.1-1.el6.x86_64
> > >
> > >
> > > Can anyone give me some help?
> > >
> > > Thanks!
> > >
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users@ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> >
>