Hello Alon and everybody,

I have installed package ovirt-engine-extension-aaa-ldap and configure my files as the documentation says. The files are:

/etc/ovirt-engine/extensions.d/siee.local-authn.properties:

ovirt.engine.extension.name = siee.local-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = siee.local
ovirt.engine.aaa.authn.authz.plugin = siee.local-authz
config.profile.file.1 = aaa/siee.local.properties

/etc/ovirt-engine/extensions.d/siee.local-authz.properties:

ovirt.engine.extension.name = siee.local-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = aaa/siee.local.properties

/etc/ovirt-engine/extensions.d/aaa/siee.local.properties:

include = <ad.properties>

#
# Active directory domain name.
#
vars.domain = siee.local

#
# Search user and its password.
#
vars.user = juanjo@${global:vars.domain}
vars.password = xxxxxxxx

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
#vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}

pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

# Uncomment if using custom DNS
#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns}
#pool.default.socketfactory.resolver.uRL = ${global:vars.dns}

# Create keystore, import certificate chain and uncomment
# if using ssl/tls.
#pool.default.ssl.startTLS = true
#pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks
#pool.default.ssl.truststore.password = changeit

And after this configuration I restart ovirt-engine service. When I try to login in administrator portal I can see the error "The user name or password is incorrect.". In /var/log/ovirt-engine/engine.log I have the errors:

2014-12-02 14:02:21,983 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo cannot login, please verify the username and password.
2014-12-02 14:02:21,991 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User juanjo failed to log in.

I'm using correct user and password becuase I can login in a Windows client machine which is inside siee.local domain with this user and its correct password.

What do you think it could be the problem?

If you need more information or I have to configure any other parameters, please tell me.

Many thanks in advanced,

Juanjo.



On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:


----- Original Message -----
> From: "Juan Jose" <jj197005@gmail.com>
> To: "Alon Bar-Lev" <alonbl@redhat.com>
> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org
> Sent: Wednesday, November 26, 2014 3:04:14 PM
> Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
>
> Hello Alon and everybody,
>
> Check in my ovirt-engine machine for ovirt-engine-aaa-ldap package and it
> is not available:
>
> yum list "ovirt-engine*"
> Loaded plugins: fastestmirror, refresh-packagekit, security, versionlock
> Loading mirror speeds from cached hostfile
>  * base: ftp.udl.es
>  * epel: mirror.uv.es
>  * extras: ftp.udl.es
>  * ovirt-3.5: ftp.nluug.nl
>  * ovirt-3.5-epel: mirror.uv.es
>  * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr
>  * ovirt-epel: mirror.uv.es
>  * ovirt-jpackage-6.0-generic: mirror.ibcp.fr
>  * updates: ftp.udl.es
> Installed Packages
> ovirt-engine.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-backend.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-cli.noarch
> 3.3.0.6-1.el6                         @ovirt-3.3.3
> ovirt-engine-dbscripts.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-extensions-api-impl.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-jboss-as.x86_64
> 7.1.1-1.el6                           @ovirt-3.5
> ovirt-engine-lib.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-restapi.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-sdk-python.noarch
> 3.5.0.8-1.el6                         @ovirt-3.5
> ovirt-engine-setup.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-setup-base.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-setup-plugin-ovirt-engine.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-setup-plugin-ovirt-engine-common.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-setup-plugin-websocket-proxy.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-tools.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-userportal.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-webadmin-portal.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> ovirt-engine-websocket-proxy.noarch
> 3.5.0.1-1.el6                         @ovirt-3.5
> Available Packages
> ovirt-engine-cli.noarch
> 3.5.0.5-1.el6                         ovirt-3.5
> ovirt-engine-dwh.noarch
> 3.5.0-1.el6                           ovirt-3.5
> ovirt-engine-dwh-setup.noarch
> 3.5.0-1.el6                           ovirt-3.5
> ovirt-engine-extensions-api-impl-javadoc.noarch
> 3.5.0.1-1.el6                         ovirt-3.5
> ovirt-engine-reports.noarch
> 3.5.1-0.1.el6                         ovirt-3.5
> ovirt-engine-reports-setup.noarch
> 3.5.1-0.1.el6                         ovirt-3.5
> ovirt-engine-sdk-java.noarch
> 3.5.0.5-1.el6                         ovirt-3.5
> ovirt-engine-sdk-java-javadoc.noarch
> 3.5.0.5-1.el6                         ovirt-3.5
> ovirt-engine-setup-plugin-allinone.noarch
>
> How can I get this package?


Thanks for trying!

Package is available at ovirt-3.5-snapshot[1].

[1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/