
6 Oct
2014
6 Oct
'14
4:46 p.m.
(2014/10/07 0:50), Alon Bar-Lev wrote: > > ----- Original Message ----- >> From: "Fumihide Tani" <RXC05271@nifty.com> >> To: "Alon Bar-Lev" <alonbl@redhat.com> >> Cc: users@ovirt.org >> Sent: Monday, October 6, 2014 6:47:15 PM >> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >> >> Alon, >> >> Sorry, I forgetted to start my DNS server. >> After that everything goes well. >> I can add LDAP account and login to the Web Portal by LDAP account >> successfully! > great, now try this sequence: > 1. define a group X in ldap. > 2. define a group Y in ldap which is member of group X. > 3. define user U that is member of group Y. > 4. add group X into ovirt-engine as superuser. > 5. try to login with user U. > > it should work unless we have an issue. I have done sequence 1 to 4. I can successflly login to the User Portal using ldap's user U. But my VMs which I have added permission to the group X as superuser are not displayed on the screen. Why not? something wrong? > >> (2014/10/07 0:33), Alon Bar-Lev wrote: >>> 2014-10-07 00:27:59,829 DEBUG >>> [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-14) >>> Exception during sequence: LDAPException(resultCode=91 (connect error), >>> errorMessage='An error occurred while attempting to connect to server >>> ldap.rxc05271.com:389: java.io.IOException: An error occurred while >>> attempting to establish a connection to server >>> ldap.rxc05271.com/111.64.166.75:389: java.net.ConnectException: >>> Connection refused') >>> >>> >>> ----- Original Message ----- >>>> From: "Fumihide Tani" <RXC05271@nifty.com> >>>> To: "Alon Bar-Lev" <alonbl@redhat.com> >>>> Cc: users@ovirt.org >>>> Sent: Monday, October 6, 2014 6:31:17 PM >>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>> >>>> engine.log attached. >>>> >>>> Regards >>>> >>>> (2014/10/06 23:57), Alon Bar-Lev wrote: >>>>> ----- Original Message ----- >>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> >>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> >>>>>> Cc: users@ovirt.org >>>>>> Sent: Monday, October 6, 2014 3:40:05 PM >>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>> >>>>>> Alon, >>>>>> >>>>>> Thanks, the ovirt-engine-extension-aaa-ldap was updated successfully. >>>>>> and then I restarted my ovirt-engine. >>>>>> >>>>>> I tried the following: >>>>>> >>>>>> 1) Login to the User Portal using LDAP account "tani". >>>>>> Failed. (it was able to login before doing update.) >>>>>> >>>>>> 2) Then deleting the LDAP account "tani" from admin portal. >>>>>> >>>>>> 3) Tried to add new account "tani" again. >>>>>> I selected "rxc05271.com (authz-company)" instead of "internal >>>>>> (internal)" >>>>>> but "Go" bottun is hidden. >>>>>> >>>>>> What should I do next? >>>>> it probably means that the engine cannot interact with the ldap. >>>>> can you see any error message during engine startup that related? >>>>> can you stop engine remove engine.log start engine and send me the >>>>> engine.log? >>>>> >>>>>> Regards, >>>>>> Fumihide Tani >>>>>> >>>>>> (2014/10/06 20:39), Alon Bar-Lev wrote: >>>>>>> ----- Original Message ----- >>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> >>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> >>>>>>>> Cc: users@ovirt.org >>>>>>>> Sent: Monday, October 6, 2014 2:36:38 PM >>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>> >>>>>>>> Hi, Alon >>>>>>>> >>>>>>>> I can not update the ovirt-engine-extension-aaa-ldap.noarch >>>>>>>> 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the one you >>>>>>>> specified. >>>>>>>> Is it still not exist in ovirt-3.5-pre repo? >>>>>>> right, they are at snapshots. >>>>>>> you can take the extension rpm and only update it. >>>>>>> >>>>>>> yum localupdate >>>>>>> http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d.el6.noarch.rpm >>>>>>> >>>>>>>> Regards, >>>>>>>> Fumihide Tani >>>>>>>> >>>>>>>> (2014/10/06 17:07), Alon Bar-Lev wrote: >>>>>>>>> Hello Fumihide, >>>>>>>>> >>>>>>>>> I pushed a significant change into ldap package, in some cases it >>>>>>>>> will >>>>>>>>> provide better response times. >>>>>>>>> The change is within group resolution. >>>>>>>>> I wounder if you can test it, should be at least >>>>>>>>> ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Alon Bar-Lev. >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> >>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> >>>>>>>>>> Cc: users@ovirt.org >>>>>>>>>> Sent: Thursday, September 25, 2014 4:41:09 PM >>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>> >>>>>>>>>> Hi, Alon, >>>>>>>>>> >>>>>>>>>> Without waiting until the weekend, >>>>>>>>>> I have finished the flesh install of the oVirt 3.5 RC3 today. >>>>>>>>>> As a result, with same AAA settings, >>>>>>>>>> My OpenLDAP's users became possible to login to the Web User Portal >>>>>>>>>> now. >>>>>>>>>> Yes, RC3 is good for integrating with newest OpenLDAP 2.4.23, RC2 is >>>>>>>>>> not. >>>>>>>>>> >>>>>>>>>> Very much thanks, >>>>>>>>>> Fumihide Tani >>>>>>>>>> >>>>>>>>>> (2014/09/25 7:27), Alon Bar-Lev wrote: >>>>>>>>>>> This is severe, the upgrade is not working properly you have issues >>>>>>>>>>> with >>>>>>>>>>> accessing database. >>>>>>>>>>> If database is not important I suggest a fresh install, run >>>>>>>>>>> engine-cleanup >>>>>>>>>>> then engine-setup. >>>>>>>>>>> If database is important please forward this to devel mailing list >>>>>>>>>>> for >>>>>>>>>>> someone to help, regardless of LDAP. >>>>>>>>>>> Regards, >>>>>>>>>>> Alon >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 4-09-25 00:36:08,389 ERROR >>>>>>>>>>> [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] >>>>>>>>>>> (DefaultQuartzScheduler_Worker-7) ArrayIndexOutOfBoundsException: >>>>>>>>>>> 1: >>>>>>>>>>> java.lang.ArrayIndexOutOfBoundsException: 1 >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208) >>>>>>>>>>> [dal.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20) >>>>>>>>>>> [dal.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184) >>>>>>>>>>> [dal.jar:] >>>>>>>>>>> at >>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168) >>>>>>>>>>> [dal.jar:] >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> >>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> >>>>>>>>>>>> Sent: Wednesday, September 24, 2014 6:40:58 PM >>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>>> >>>>>>>>>>>> Result of running engine-setup: >>>>>>>>>>>> [root@ovirt ~]# yum list installed|grep ovirt-engine >>>>>>>>>>>> ovirt-engine.noarch 3.5.0-0.0.master.20140923231936.git42065cc.el6 >>>>>>>>>>>> >>>>>>>>>>>> Yes, engine is updated to newest one.! >>>>>>>>>>>> >>>>>>>>>>>> But I still continued failing to login. >>>>>>>>>>>> engine.log attached. >>>>>>>>>>>> >>>>>>>>>>>> Very thanks, >>>>>>>>>>>> >>>>>>>>>>>> (2014/09/24 23:59), Alon Bar-Lev wrote: >>>>>>>>>>>>> you probably need to run engine-setup >>>>>>>>>>>>> >>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> >>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> >>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:59:22 PM >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Oops! >>>>>>>>>>>>>> # yum list installed | grep ovirt-engine >>>>>>>>>>>>>> ovirt-engine.noarch >>>>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6 >>>>>>>>>>>>>> (snip) >>>>>>>>>>>>>> ..... >>>>>>>>>>>>>> >>>>>>>>>>>>>> Many ovirt-3.5-* modules are updated by yum today but engine is >>>>>>>>>>>>>> not. >>>>>>>>>>>>>> Why not updated to RC3?? >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> (2014/09/24 22:42), Alon Bar-Lev wrote: >>>>>>>>>>>>>>> Unless I am missing something, you run old engine: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 2014-09-24 22:16:24,136 INFO >>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.Backend] >>>>>>>>>>>>>>> (MSC >>>>>>>>>>>>>>> service thread 1-12) Running ovirt-engine >>>>>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> >>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> >>>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:21:09 PM >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Attached engine.log with "FINEST" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> (2014/09/24 21:32), Alon Bar-Lev wrote: >>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> >>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> >>>>>>>>>>>>>>>>>> Cc: users@ovirt.org >>>>>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 3:24:23 PM >>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple >>>>>>>>>>>>>>>>>> LDAP. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi, Alon, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I have updated the oVirt 3.5 RC2 to the newest RC3 today. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> From my CentOS6.5 based oVirt Engine server and the >>>>>>>>>>>>>>>>>> oVirt >>>>>>>>>>>>>>>>>> Host >>>>>>>>>>>>>>>>>> server, >>>>>>>>>>>>>>>>>> # yum clean all >>>>>>>>>>>>>>>>>> # yum update >>>>>>>>>>>>>>>>>> Then rebooted these servers. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> But my LDAP problem is continued and same result as before. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> When I login to the oVirt User Portal, >>>>>>>>>>>>>>>>>> User Name: tani >>>>>>>>>>>>>>>>>> Password: (OpenLDAP's userPassword) >>>>>>>>>>>>>>>>>> Domain: rxc05271.com >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> UI displays "General command validation failure." >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Please advice. >>>>>>>>>>>>>>>>> Hopefully I can if you provide log... :) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>> Fumihide Tani >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> (2014/09/22 22:20), Alon Bar-Lev wrote: >>>>>>>>>>>>>>>>>>> The version of engine you are using is probably out of date >>>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>>> unsynced >>>>>>>>>>>>>>>>>>> with latest ldap package (20140821064931). >>>>>>>>>>>>>>>>>>> Please make sure you take latest from[1] >>>>>>>>>>>>>>>>>>> Thanks! >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/ >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> >>>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> >>>>>>>>>>>>>>>>>>>> Cc: users@ovirt.org >>>>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:42:52 PM >>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple >>>>>>>>>>>>>>>>>>>> LDAP. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hi, Alon, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Your requested engine.log attached. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Also, I tried to login to web user portal by "tani" >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> User Name: tani >>>>>>>>>>>>>>>>>>>> Password: (OpenLDAP userPassword) >>>>>>>>>>>>>>>>>>>> Domain: rxc05271.com >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> cause: "General command validation failure." >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Attated log includes login by "Fumihide" first, "tani" >>>>>>>>>>>>>>>>>>>> second. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Very thanks, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> (2014/09/22 21:24), Alon Bar-Lev wrote: >>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> >>>>>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> >>>>>>>>>>>>>>>>>>>>>> Cc: users@ovirt.org >>>>>>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:06:39 PM >>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple >>>>>>>>>>>>>>>>>>>>>> LDAP. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Sorry, I misunderstood. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> This is outputs after LDAP user logged in. >>>>>>>>>>>>>>>>>>>>> Please attach log as files, not inline, easier to handle. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,638 DEBUG >>>>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] >>>>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) >>>>>>>>>>>>>>>>>>>>> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', >>>>>>>>>>>>>>>>>>>>> scope=SUB, >>>>>>>>>>>>>>>>>>>>> deref=NEVER, sizeLimit=0, timeLimit=0, >>>>>>>>>>>>>>>>>>>>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', >>>>>>>>>>>>>>>>>>>>> attrs={entryUUID, >>>>>>>>>>>>>>>>>>>>> uid, displayName, memberOf, department, givenName, sn, >>>>>>>>>>>>>>>>>>>>> title, >>>>>>>>>>>>>>>>>>>>> mail}, >>>>>>>>>>>>>>>>>>>>> controls={SimplePagedResultsControl(pageSize=100, >>>>>>>>>>>>>>>>>>>>> isCritical=false)}) >>>>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,640 DEBUG >>>>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] >>>>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) >>>>>>>>>>>>>>>>>>>>> SearchResult: SearchResult(resultCode=0 (success), >>>>>>>>>>>>>>>>>>>>> messageID=3, >>>>>>>>>>>>>>>>>>>>> entriesReturned=0, referencesReturned=0, >>>>>>>>>>>>>>>>>>>>> responseControls={SimplePagedResultsControl(pageSize=0, >>>>>>>>>>>>>>>>>>>>> isCritical=false)}) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >From the above I see that a search was issued: >>>>>>>>>>>>>>>>>>>>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide) >>>>>>>>>>>>>>>>>>>>> And no result returned. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Per previous output: >>>>>>>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>>>>>>> # tani, Users, rxc05271.com >>>>>>>>>>>>>>>>>>>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com >>>>>>>>>>>>>>>>>>>>> objectClass: inetOrgPerson >>>>>>>>>>>>>>>>>>>>> objectClass: uidObject >>>>>>>>>>>>>>>>>>>>> uid: tani >>>>>>>>>>>>>>>>>>>>> cn: Fumihide Tani >>>>>>>>>>>>>>>>>>>>> givenName: Fumihide >>>>>>>>>>>>>>>>>>>>> mail: tani@rxc05271.com >>>>>>>>>>>>>>>>>>>>> sn: Tani >>>>>>>>>>>>>>>>>>>>> userPassword:: a3VtaXRhbg== >>>>>>>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Your user name is tani and not Fumihide. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Alon >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >> >> >