I am working on getting ovirt working with our LDAP enviornment and have run into a few issues. Based on my googling my understanding is that ovirt should query DNS for a ldap SRV record. However based on my wireshark captures I never see such a request. I ended up installing phpPgAdmin and found the vdc_options table and someting called DomainName. I figured that was a good place to start so I put our domain there and now I see the DNS SRV queries. In the logs I see: 2012-02-19 12:58:26,532 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSETask] (pool-5-thread-47) Couldnt deduce provider type for domain blinkmind.net 2012-02-19 12:58:26,533 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8080-10) Failed ldap search server LDAP://ldap-master.dal.blinkmind.net:389 due to org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: Failed to get rootDSE record for server LDAP://ldap-master.dal.blinkmind.net:389. We should try the next server: org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: Failed to get rootDSE record for server LDAP://ldap-master.dal.blinkmind.net:389 at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:101) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97) [engine-bll.jar:] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22] at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22] at org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57) [utils-3.0.0-0001.jar:] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.6.0_22] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22] at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.6.0_22] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.6.0_22] at java.lang.Thread.run(Thread.java:679) [:1.6.0_22] 2012-02-19 12:58:26,537 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-10) Failed authenticating user: nathan to domain blinkmind.net. Ldap Query Type is getUserByName 2012-02-19 12:58:26,538 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-10) USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR : nathan 2012-02-19 12:58:26,539 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-10) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR All our linux boxes use the same LDAP server without issue, so I know that part is working. P.S. What is LDAPSecurityAuthentication (option_id 2) and what should it be set to?
<> Nathan Stratton CTO, BlinkMind, Inc. nathan at robotics.net nathan at blinkmind.com http://www.robotics.net http://www.blinkmind.com