Hi! I tested the configuration and it worked properly. ----- Original Message -----
From: "Juan Jose" <jj197005@gmail.com> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Ondra Machacek" <omachace@redhat.com>, "Yair Zaslavsky" <yzaslavs@redhat.com>, users@ovirt.org Sent: Friday, December 5, 2014 1:10:06 PM Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
Hello Alon,
I have deleted Legacy domain with engine-manage-domain, and I have changed configuration to absolute file name as you can see:
/etc/ovirt-engine/extensions.d/siee-local-authn.properties:
ovirt.engine.extension.name = siee-local-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = siee ovirt.engine.aaa.authn.authz.plugin = siee-local-authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties
Please move this file to /etc/ovirt-engine/aaa/siee.properties, it should not reside within the extensions.d
/etc/ovirt-engine/extensions.d/siee-local-authz.properties:
ovirt.engine.extension.name = siee-local-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties
Same.
I had configured relative file name because the example /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties has a relative file name.
Yes, as I wrote, this relative is coming int 3.5.1.
I have done the same: delete engine.log, restart ovirt-engine and try log in and the same error is showed, "General command validation failure."
Please first refer the startup errors, there is no much sense to try login if startup fails... :) In your case: 2014-12-05 11:25:05,575 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-2) [ovirt-engine-extension-aaa-ldap.authz::siee-local-authz] Cannot initialize LDAP framework, deferring initialization. Error: null Which is as if something missing. I took your configuration as-is and it does work, in the exception of moving /etc/ovirt-engine/extensions.d/aaa to /etc/ovirt-engine/aaa as it should be, please perform this change and modify the file locations within extension properties file. I need to figure out what is happening, so from README[1], please follow the following instructions and restart engine so we get more verbose logs. Update: /usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in Make sure handle level name is ALL for ENGINE, if not set like I am unsure if in 3.5.0 this was the case: --- <file-handler name="ENGINE" autoflush="true"> <level name="ALL"/> --- Add the following before the <root-logger> line: --- <logger category="org.ovirt.engineextensions.aaa.ldap"> <level name="ALL"/> </logger> --- Restart the engine and send the engine.log, this way I can see what happening during initialization. Thanks for checking it out, hopefully something trivial is missing, Alon [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;...