Bottom posted update: On 2020-06-11 17:35, Stack Korora wrote:
Greetings, I'm having some issues getting LDAP working on CentOS 8 with oVirt 4.4. I would appreciate some help please.
When I run ovirt-engine-extension-aaa-ldap-setup I choose "11 - RFC-2307 Schema (Generic)" because that's what my LDAP guy said I should do. :-)
Next I select the default Yes for "Use DNS".
I select 4 for "Failover between multiple hosts".
I put in my two hosts "svr1.my.domain srv2.my.domain".
To select the protocol I type "ldaps".
To select the method to obtain the PEM I type "File".
Then the "File path". A full path to the file. Not quoted. Yes, I checked that I typed it correct. I can copy-paste into "ls" and it's fine with the correct read permissions and everything. (I can't copy paste into the script but that's another issue.)
It immediately fails with: [ ERROR ] Failed to execute stage 'Environment customization': a byte-like object is required, not 'str'
There is a log file, here is the snippet at the point it goes wrong.
2020-06-11 11:35:49,915-0500 DEBUG otopi.plugins.otopi.dialog.human dialog.__logString:204 DIALOG:SEND File path: 2020-06-11 11:36:24,373-0500 DEBUG otopi.plugins.otopi.dialog.human dialog.__logString:204 DIALOG:RECEIVE /etc/pki/ca-trust/source/anchors/Infrastructure.pem 2020-06-11 11:36:24,375-0500 DEBUG otopi.context context._executeMethod:145 method exception Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/otopi/context.py", line 132, in _executeMethod method['method']() File "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py", line 781, in _customization_late cacert, cacertfile, insecure = self._getCACert() File "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py", line 357, in _getCACert _cacertfile.write('\n'.join(cacert) + '\n') File "/usr/lib64/python3.6/tempfile.py", line 485, in func_wrapper return func(*args, **kwargs) TypeError: a bytes-like object is required, not 'str' 2020-06-11 11:36:24,376-0500 ERROR otopi.context context._executeMethod:154 Failed to execute stage 'Environment customization': a bytes-like object is required, not 'str' 2020-06-11 11:36:24,376-0500 DEBUG otopi.context context.dumpEnvironment:765 ENVIRONMENT DUMP - BEGIN 2020-06-11 11:36:24,376-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV BASE/error=bool:'True' 2020-06-11 11:36:24,376-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV BASE/exceptionInfo=list:'[(<class 'TypeError'>, TypeError("a bytes-like object is required, not 'str'",), <traceback object at 0x7f7e053a4448>)]' 2020-06-11 11:36:24,377-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/hosts=str:'svr1.my.domain srv2.my.domain' 2020-06-11 11:36:24,377-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/protocol=str:'ldaps' 2020-06-11 11:36:24,377-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/serverset=str:'failover' 2020-06-11 11:36:24,377-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV OVAAALDAP_LDAP/useDNS=bool:'True' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_CACERT_FILE=str:'/etc/pki/ca-trust/source/anchors/Infrastructure.pem' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_CACERT_METHOD=str:'file' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_PROTOCOL=str:'ldaps' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_SERVERSET=str:'4' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/1/OVAAALDAP_LDAP_USE_DNS=str:'yes' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:775 ENV QUESTION/2/OVAAALDAP_LDAP_SERVERSET=str:'svr1.my.domain srv2.my.domain' 2020-06-11 11:36:24,378-0500 DEBUG otopi.context context.dumpEnvironment:779 ENVIRONMENT DUMP - END
Since I wasn't getting anywhere with this, I decided to try a few things. I copied the following files from a working 4.3 on RHEL 7 (again, this setup is CentOS8 with 4.4): /etc/ovirt-engine/aaa/ldap.jks /etc/ovirt-engine/aaa/ldap.properties /etc/ovirt-engine/extensions.d/ldap-authn.properties /etc/ovirt-engine/extensions.d/ldap-authz.properties I verified permissions were all good (including SELinux). I restarted a few services but wasn't getting anything at all of value telling me what was wrong...so I rebooted. That did the trick! Now I get an error, though nothing of use is turning up from the internet searches. # ovirt-engine-extensions-tool info list-extensions [snip] SEVERE: Extension 'ldap-authn.properties' load failed (ignored): Error loading 'ldap-authn': The module 'org.ovirt.engine-extensions.aaa.ldap' cannot be loaded: org.ovirt.engine-extensions.aaa.ldap SEVERE: Extension 'ldap-authn.properties' load failed (ignored): Error loading 'ldap-authz': The module 'org.ovirt.engine-extensions.aaa.ldap' cannot be loaded: org.ovirt.engine-extensions.aaa.ldap [snip] I do have these packages installed: ovirt-engine-extensions-aaa-ldap ovirt-engine-extensions-aaa-ldap-setup Any thoughts on what went wrong? Thanks!