hello i'm trying to use ad authentication in my ovirt setup
however i can't seem to get it to work.
i can browse the ad and select users & groups but logging in does not work
output of engine-manage-domains
engine-manage-domains -report -action=validate
Domain
mydomain.com is valid.
The configured user for domain
mydomain.com is sync(a)MYDOMAIN.COM
Manage Domains completed successfully
in the egine.log i see following info :
2013-11-05 09:53:45,088 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
v1db1]; remaining name ''
2013-11-05 09:53:45,100 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc06.mydomain.com:389 using user vzeebrod(a)MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
name, data 0, v1db1]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1];
remaining name ''. We should try the next server
2013-11-05 09:53:45,179 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
v1db1]; remaining name ''
2013-11-05 09:53:45,189 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc04.mydomain.com:389 using user vzeebrod(a)MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
name, data 0, v1db1]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1];
remaining name ''. We should try the next server
2013-11-05 09:53:45,253 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
v1db1]; remaining name ''
2013-11-05 09:53:45,262 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc05.mydomain.com:389 using user vzeebrod(a)MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
name, data 0, v1db1]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1];
remaining name ''. We should try the next server
2013-11-05 09:53:45,335 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0,
v23f0]; remaining name ''
2013-11-05 09:53:45,353 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc08.mydomain.com:389 using user vzeebrod(a)MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing
name, data 0, v23f0]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0];
remaining name ''. We should try the next server
2013-11-05 09:53:45,433 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0,
v23f0]; remaining name ''
2013-11-05 09:53:45,451 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc07.mydomain.com:389 using user vzeebrod(a)MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing
name, data 0, v23f0]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0];
remaining name ''. We should try the next server
2013-11-05 09:53:45,523 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
v1db1]; remaining name ''
2013-11-05 09:53:45,540 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc03.mydomain.com:389 using user vzeebrod(a)MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
name, data 0, v1db1]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1];
remaining name ''. We should try the next server
2013-11-05 09:53:45,987 WARN
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--127.0.0.1-8702-11)
CanDoAction of action LoginAdminUser failed.
Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
when i try to get a kerberos ticket on the server i'm able to get a correct
ticket