Bottom posted update:
On 2020-06-11 17:35, Stack Korora wrote:
Greetings,
I'm having some issues getting LDAP working on CentOS 8 with oVirt 4.4.
I would appreciate some help please.
When I run ovirt-engine-extension-aaa-ldap-setup I choose "11 - RFC-2307
Schema (Generic)" because that's what my LDAP guy said I should do. :-)
Next I select the default Yes for "Use DNS".
I select 4 for "Failover between multiple hosts".
I put in my two hosts "svr1.my.domain srv2.my.domain".
To select the protocol I type "ldaps".
To select the method to obtain the PEM I type "File".
Then the "File path". A full path to the file. Not quoted. Yes, I
checked that I typed it correct. I can copy-paste into "ls" and it's
fine with the correct read permissions and everything. (I can't copy
paste into the script but that's another issue.)
It immediately fails with:
[ ERROR ] Failed to execute stage 'Environment customization': a
byte-like object is required, not 'str'
There is a log file, here is the snippet at the point it goes wrong.
2020-06-11 11:35:49,915-0500 DEBUG otopi.plugins.otopi.dialog.human
dialog.__logString:204 DIALOG:SEND File path:
2020-06-11 11:36:24,373-0500 DEBUG otopi.plugins.otopi.dialog.human
dialog.__logString:204 DIALOG:RECEIVE
/etc/pki/ca-trust/source/anchors/Infrastructure.pem
2020-06-11 11:36:24,375-0500 DEBUG otopi.context
context._executeMethod:145 method exception
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in
_executeMethod
method['method']()
File
"/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py",
line 781, in _customization_late
cacert, cacertfile, insecure = self._getCACert()
File
"/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py",
line 357, in _getCACert
_cacertfile.write('\n'.join(cacert) + '\n')
File "/usr/lib64/python3.6/tempfile.py", line 485, in func_wrapper
return func(*args, **kwargs)
TypeError: a bytes-like object is required, not 'str'
2020-06-11 11:36:24,376-0500 ERROR otopi.context
context._executeMethod:154 Failed to execute stage 'Environment
customization': a bytes-like object is required, not 'str'
2020-06-11 11:36:24,376-0500 DEBUG otopi.context
context.dumpEnvironment:765 ENVIRONMENT DUMP - BEGIN
2020-06-11 11:36:24,376-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV BASE/error=bool:'True'
2020-06-11 11:36:24,376-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV BASE/exceptionInfo=list:'[(<class
'TypeError'>, TypeError("a bytes-like object is required, not
'str'",),
<traceback object at 0x7f7e053a4448>)]'
2020-06-11 11:36:24,377-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/hosts=str:'svr1.my.domain
srv2.my.domain'
2020-06-11 11:36:24,377-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/protocol=str:'ldaps'
2020-06-11 11:36:24,377-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/serverset=str:'failover'
2020-06-11 11:36:24,377-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/useDNS=bool:'True'
2020-06-11 11:36:24,378-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV
QUESTION/1/OVAAALDAP_LDAP_CACERT_FILE=str:'/etc/pki/ca-trust/source/anchors/Infrastructure.pem'
2020-06-11 11:36:24,378-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV
QUESTION/1/OVAAALDAP_LDAP_CACERT_METHOD=str:'file'
2020-06-11 11:36:24,378-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV
QUESTION/1/OVAAALDAP_LDAP_PROTOCOL=str:'ldaps'
2020-06-11 11:36:24,378-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_SERVERSET=str:'4'
2020-06-11 11:36:24,378-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_USE_DNS=str:'yes'
2020-06-11 11:36:24,378-0500 DEBUG otopi.context
context.dumpEnvironment:775 ENV
QUESTION/2/OVAAALDAP_LDAP_SERVERSET=str:'svr1.my.domain srv2.my.domain'
2020-06-11 11:36:24,378-0500 DEBUG otopi.context
context.dumpEnvironment:779 ENVIRONMENT DUMP - END
Since I wasn't getting anywhere with this, I decided to try a few
things. I copied the following files from a working 4.3 on RHEL 7
(again, this setup is CentOS8 with 4.4):
/etc/ovirt-engine/aaa/ldap.jks
/etc/ovirt-engine/aaa/ldap.properties
/etc/ovirt-engine/extensions.d/ldap-authn.properties
/etc/ovirt-engine/extensions.d/ldap-authz.properties
I verified permissions were all good (including SELinux). I restarted a
few services but wasn't getting anything at all of value telling me what
was wrong...so I rebooted. That did the trick! Now I get an error,
though nothing of use is turning up from the internet searches.
# ovirt-engine-extensions-tool info list-extensions
[snip]
SEVERE: Extension 'ldap-authn.properties' load failed (ignored): Error
loading 'ldap-authn': The module 'org.ovirt.engine-extensions.aaa.ldap'
cannot be loaded: org.ovirt.engine-extensions.aaa.ldap
SEVERE: Extension 'ldap-authn.properties' load failed (ignored): Error
loading 'ldap-authz': The module 'org.ovirt.engine-extensions.aaa.ldap'
cannot be loaded: org.ovirt.engine-extensions.aaa.ldap
[snip]
I do have these packages installed:
ovirt-engine-extensions-aaa-ldap
ovirt-engine-extensions-aaa-ldap-setup
Any thoughts on what went wrong?
Thanks!