Re: [ovirt-users] Can not configure with simple LDAP.

----- Original Message ----- > From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; > To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; > Cc: users(a)ovirt.org > Sent: Monday, October 6, 2014 6:47:15 PM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > Alon, > > Sorry, I forgetted to start my DNS server. > After that everything goes well. > I can add LDAP account and login to the Web Portal by LDAP account > successfully! great, now try this sequence: 1. define a group X in ldap. 2. define a group Y in ldap which is member of group X. 3. define user U that is member of group Y. 4. add group X into ovirt-engine as superuser. 5. try to login with user U. it should work unless we have an issue.

> (2014/10/07 0:33), Alon Bar-Lev wrote: >> 2014-10-07 00:27:59,829 DEBUG >> [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-14) >> Exception during sequence: LDAPException(resultCode=91 (connect error), >> errorMessage='An error occurred while attempting to connect to server >> ldap.rxc05271.com:389: java.io.IOException: An error occurred while >> attempting to establish a connection to server >> ldap.rxc05271.com/111.64.166.75:389: java.net.ConnectException: >> Connection refused') >> >> >> ----- Original Message ----- >>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>> Cc: users(a)ovirt.org >>> Sent: Monday, October 6, 2014 6:31:17 PM >>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>> >>> engine.log attached. >>> >>> Regards >>> >>> (2014/10/06 23:57), Alon Bar-Lev wrote: >>>> ----- Original Message ----- >>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>> Cc: users(a)ovirt.org >>>>> Sent: Monday, October 6, 2014 3:40:05 PM >>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>> >>>>> Alon, >>>>> >>>>> Thanks, the ovirt-engine-extension-aaa-ldap was updated successfully. >>>>> and then I restarted my ovirt-engine. >>>>> >>>>> I tried the following: >>>>> >>>>> 1) Login to the User Portal using LDAP account "tani". >>>>> Failed. (it was able to login before doing update.) >>>>> >>>>> 2) Then deleting the LDAP account "tani" from admin portal. >>>>> >>>>> 3) Tried to add new account "tani" again. >>>>> I selected "rxc05271.com (authz-company)" instead of "internal >>>>> (internal)" >>>>> but "Go" bottun is hidden. >>>>> >>>>> What should I do next? >>>> it probably means that the engine cannot interact with the ldap. >>>> can you see any error message during engine startup that related? >>>> can you stop engine remove engine.log start engine and send me the >>>> engine.log? >>>> >>>>> Regards, >>>>> Fumihide Tani >>>>> >>>>> (2014/10/06 20:39), Alon Bar-Lev wrote: >>>>>> ----- Original Message ----- >>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>> Cc: users(a)ovirt.org >>>>>>> Sent: Monday, October 6, 2014 2:36:38 PM >>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>> >>>>>>> Hi, Alon >>>>>>> >>>>>>> I can not update the ovirt-engine-extension-aaa-ldap.noarch >>>>>>> 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the one you >>>>>>> specified. >>>>>>> Is it still not exist in ovirt-3.5-pre repo? >>>>>> right, they are at snapshots. >>>>>> you can take the extension rpm and only update it. >>>>>> >>>>>> yum localupdate >>>>>> http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-en... >>>>>> >>>>>>> Regards, >>>>>>> Fumihide Tani >>>>>>> >>>>>>> (2014/10/06 17:07), Alon Bar-Lev wrote: >>>>>>>> Hello Fumihide, >>>>>>>> >>>>>>>> I pushed a significant change into ldap package, in some cases it >>>>>>>> will >>>>>>>> provide better response times. >>>>>>>> The change is within group resolution. >>>>>>>> I wounder if you can test it, should be at least >>>>>>>> ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Alon Bar-Lev. >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>> Cc: users(a)ovirt.org >>>>>>>>> Sent: Thursday, September 25, 2014 4:41:09 PM >>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>> >>>>>>>>> Hi, Alon, >>>>>>>>> >>>>>>>>> Without waiting until the weekend, >>>>>>>>> I have finished the flesh install of the oVirt 3.5 RC3 today. >>>>>>>>> As a result, with same AAA settings, >>>>>>>>> My OpenLDAP's users became possible to login to the Web User Portal >>>>>>>>> now. >>>>>>>>> Yes, RC3 is good for integrating with newest OpenLDAP 2.4.23, RC2 is >>>>>>>>> not. >>>>>>>>> >>>>>>>>> Very much thanks, >>>>>>>>> Fumihide Tani >>>>>>>>> >>>>>>>>> (2014/09/25 7:27), Alon Bar-Lev wrote: >>>>>>>>>> This is severe, the upgrade is not working properly you have issues >>>>>>>>>> with >>>>>>>>>> accessing database. >>>>>>>>>> If database is not important I suggest a fresh install, run >>>>>>>>>> engine-cleanup >>>>>>>>>> then engine-setup. >>>>>>>>>> If database is important please forward this to devel mailing list >>>>>>>>>> for >>>>>>>>>> someone to help, regardless of LDAP. >>>>>>>>>> Regards, >>>>>>>>>> Alon >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 4-09-25 00:36:08,389 ERROR >>>>>>>>>> [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] >>>>>>>>>> (DefaultQuartzScheduler_Worker-7) ArrayIndexOutOfBoundsException: >>>>>>>>>> 1: >>>>>>>>>> java.lang.ArrayIndexOutOfBoundsException: 1 >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208) >>>>>>>>>> [dal.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20) >>>>>>>>>> [dal.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184) >>>>>>>>>> [dal.jar:] >>>>>>>>>> at >>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168) >>>>>>>>>> [dal.jar:] >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>> Sent: Wednesday, September 24, 2014 6:40:58 PM >>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>> >>>>>>>>>>> Result of running engine-setup: >>>>>>>>>>> [root@ovirt ~]# yum list installed|grep ovirt-engine >>>>>>>>>>> ovirt-engine.noarch 3.5.0-0.0.master.20140923231936.git42065cc.el6 >>>>>>>>>>> >>>>>>>>>>> Yes, engine is updated to newest one.! >>>>>>>>>>> >>>>>>>>>>> But I still continued failing to login. >>>>>>>>>>> engine.log attached. >>>>>>>>>>> >>>>>>>>>>> Very thanks, >>>>>>>>>>> >>>>>>>>>>> (2014/09/24 23:59), Alon Bar-Lev wrote: >>>>>>>>>>>> you probably need to run engine-setup >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:59:22 PM >>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>>>> >>>>>>>>>>>>> Oops! >>>>>>>>>>>>> # yum list installed | grep ovirt-engine >>>>>>>>>>>>> ovirt-engine.noarch >>>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6 >>>>>>>>>>>>> (snip) >>>>>>>>>>>>> ..... >>>>>>>>>>>>> >>>>>>>>>>>>> Many ovirt-3.5-* modules are updated by yum today but engine is >>>>>>>>>>>>> not. >>>>>>>>>>>>> Why not updated to RC3?? >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> (2014/09/24 22:42), Alon Bar-Lev wrote: >>>>>>>>>>>>>> Unless I am missing something, you run old engine: >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2014-09-24 22:16:24,136 INFO >>>>>>>>>>>>>> [org.ovirt.engine.core.bll.Backend] >>>>>>>>>>>>>> (MSC >>>>>>>>>>>>>> service thread 1-12) Running ovirt-engine >>>>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:21:09 PM >>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Attached engine.log with "FINEST" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> (2014/09/24 21:32), Alon Bar-Lev wrote: >>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>>>>>> Cc: users(a)ovirt.org >>>>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 3:24:23 PM >>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple >>>>>>>>>>>>>>>>> LDAP. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi, Alon, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I have updated the oVirt 3.5 RC2 to the newest RC3 today. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> From my CentOS6.5 based oVirt Engine server and the >>>>>>>>>>>>>>>>> oVirt >>>>>>>>>>>>>>>>> Host >>>>>>>>>>>>>>>>> server, >>>>>>>>>>>>>>>>> # yum clean all >>>>>>>>>>>>>>>>> # yum update >>>>>>>>>>>>>>>>> Then rebooted these servers. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> But my LDAP problem is continued and same result as before. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> When I login to the oVirt User Portal, >>>>>>>>>>>>>>>>> User Name: tani >>>>>>>>>>>>>>>>> Password: (OpenLDAP's userPassword) >>>>>>>>>>>>>>>>> Domain: rxc05271.com >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> UI displays "General command validation failure." >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Please advice. >>>>>>>>>>>>>>>> Hopefully I can if you provide log... :) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>> Fumihide Tani >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> (2014/09/22 22:20), Alon Bar-Lev wrote: >>>>>>>>>>>>>>>>>> The version of engine you are using is probably out of date >>>>>>>>>>>>>>>>>> and >>>>>>>>>>>>>>>>>> unsynced >>>>>>>>>>>>>>>>>> with latest ldap package (20140821064931). >>>>>>>>>>>>>>>>>> Please make sure you take latest from[1] >>>>>>>>>>>>>>>>>> Thanks! >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/ >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>>>>>>>> Cc: users(a)ovirt.org >>>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:42:52 PM >>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple >>>>>>>>>>>>>>>>>>> LDAP. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi, Alon, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Your requested engine.log attached. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Also, I tried to login to web user portal by "tani" >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> User Name: tani >>>>>>>>>>>>>>>>>>> Password: (OpenLDAP userPassword) >>>>>>>>>>>>>>>>>>> Domain: rxc05271.com >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> cause: "General command validation failure." >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Attated log includes login by "Fumihide" first, "tani" >>>>>>>>>>>>>>>>>>> second. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Very thanks, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> (2014/09/22 21:24), Alon Bar-Lev wrote: >>>>>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>>>>>>>>>> Cc: users(a)ovirt.org >>>>>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:06:39 PM >>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple >>>>>>>>>>>>>>>>>>>>> LDAP. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Sorry, I misunderstood. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> This is outputs after LDAP user logged in. >>>>>>>>>>>>>>>>>>>> Please attach log as files, not inline, easier to handle. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,638 DEBUG >>>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] >>>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) >>>>>>>>>>>>>>>>>>>> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', >>>>>>>>>>>>>>>>>>>> scope=SUB, >>>>>>>>>>>>>>>>>>>> deref=NEVER, sizeLimit=0, timeLimit=0, >>>>>>>>>>>>>>>>>>>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', >>>>>>>>>>>>>>>>>>>> attrs={entryUUID, >>>>>>>>>>>>>>>>>>>> uid, displayName, memberOf, department, givenName, sn, >>>>>>>>>>>>>>>>>>>> title, >>>>>>>>>>>>>>>>>>>> mail}, >>>>>>>>>>>>>>>>>>>> controls={SimplePagedResultsControl(pageSize=100, >>>>>>>>>>>>>>>>>>>> isCritical=false)}) >>>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,640 DEBUG >>>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] >>>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) >>>>>>>>>>>>>>>>>>>> SearchResult: SearchResult(resultCode=0 (success), >>>>>>>>>>>>>>>>>>>> messageID=3, >>>>>>>>>>>>>>>>>>>> entriesReturned=0, referencesReturned=0, >>>>>>>>>>>>>>>>>>>> responseControls={SimplePagedResultsControl(pageSize=0, >>>>>>>>>>>>>>>>>>>> isCritical=false)}) >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >From the above I see that a search was issued: >>>>>>>>>>>>>>>>>>>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide) >>>>>>>>>>>>>>>>>>>> And no result returned. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Per previous output: >>>>>>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>>>>>> # tani, Users, rxc05271.com >>>>>>>>>>>>>>>>>>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com >>>>>>>>>>>>>>>>>>>> objectClass: inetOrgPerson >>>>>>>>>>>>>>>>>>>> objectClass: uidObject >>>>>>>>>>>>>>>>>>>> uid: tani >>>>>>>>>>>>>>>>>>>> cn: Fumihide Tani >>>>>>>>>>>>>>>>>>>> givenName: Fumihide >>>>>>>>>>>>>>>>>>>> mail: tani(a)rxc05271.com >>>>>>>>>>>>>>>>>>>> sn: Tani >>>>>>>>>>>>>>>>>>>> userPassword:: a3VtaXRhbg== >>>>>>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Your user name is tani and not Fumihide. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Alon >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> > >