Re: [Users] LDAP

23 Feb 2012

      On Thu, 23 Feb 2012, Oved Ourfalli wrote:
...
It should be in /var/log/ovirt-engine/engine-manage-domains/engine-manage-domains.log
(or in /var/log/engine/engine-manage-domains/engine-manage-domains.log... not sure).
Hmm, dont have that, all I have is /var/log/ovirt-engine/engine.log files. 
and engine-setup log files.

I think the issue was old kerberos tickets, I flushed them all and retried 
and now I get:

-bash-4.2# engine-manage-domains -action=add -domain=blinkmind.net -user=nathan -interactive
Enter password:

No user in Directory was found for nathan@BLINKMIND.NET. Trying next LDAP server in list
Failure while testing domain blinkmind.net. Details: No user information was found for user

If I look on the ipa-server I do see the following in the LDAP access log:

[23/Feb/2012:18:33:34 +0000] conn=19 op=232 SRCH 
base="dc=blinkmind,dc=net" scope=2 
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan@BLINKMIND.NET))" 
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey 
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration 
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference 
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount 
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock 
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=19 op=232 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=17 op=74 SRCH 
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net" 
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife 
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength 
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=17 op=74 RESULT err=0 tag=101 nentries=1 
etime=0
[23/Feb/2012:18:33:34 +0000] conn=19 op=233 SRCH 
base="dc=blinkmind,dc=net" scope=2 
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BLINKMIND.NET@BLINKMIND.NET))" 
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey 
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration 
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference 
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount 
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock 
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=19 op=233 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=19 op=234 SRCH 
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net" 
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife 
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength 
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=19 op=234 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=220 SRCH 
base="dc=blinkmind,dc=net" scope=2 
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan@BLINKMIND.NET))" 
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey 
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration 
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference 
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount 
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock 
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=20 op=220 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=18 op=71 SRCH 
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net" 
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife 
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength 
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=18 op=71 RESULT err=0 tag=101 nentries=1 
etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=221 SRCH 
base="dc=blinkmind,dc=net" scope=2 
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BLINKMIND.NET@BLINKMIND.NET))" 
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey 
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration 
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference 
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount 
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock 
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=20 op=221 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=222 SRCH 
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net" 
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife 
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength 
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=20 op=222 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=223 SRCH 
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net" 
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife 
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength 
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=20 op=223 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=224 SRCH 
base="uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net" scope=0 
filter="(objectClass=*)" attrs="objectClass"
[23/Feb/2012:18:33:34 +0000] conn=20 op=224 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=20 op=225 MOD 
dn="uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net"
[23/Feb/2012:18:33:34 +0000] conn=20 op=225 RESULT err=0 tag=103 
nentries=0 etime=0
[23/Feb/2012:18:33:34 +0000] conn=49 fd=75 slot=75 connection from 
10.13.0.245 to 10.13.0.105
[23/Feb/2012:18:33:34 +0000] conn=19 op=235 SRCH 
base="dc=blinkmind,dc=net" scope=2 
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=krbtgt/BLINKMIND.NET@BLINKMIND.NET))" 
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey 
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration 
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference 
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount 
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock 
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=19 op=235 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=19 op=236 SRCH 
base="dc=blinkmind,dc=net" scope=2 
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ldap/ipa-master.blinkmind.net@BLINKMIND.NET))" 
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey 
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration 
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference 
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount 
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock 
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=19 op=236 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=19 op=237 SRCH 
base="dc=blinkmind,dc=net" scope=2 
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=nathan@BLINKMIND.NET))" 
attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey 
krbMaxRenewableAge krbMaxTicketLife krbTicketFlags krbPrincipalExpiration 
krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference 
krbPasswordExpiration krbLastFailedAuth krbLoginFailedCount 
krbLastSuccessfulAuth nsAccountLock krbLastPwdChange krbLastAdminUnlock 
krbExtraData krbObjectReferences krballowedtodelegateto"
[23/Feb/2012:18:33:34 +0000] conn=19 op=237 RESULT err=0 tag=101 
nentries=1 etime=0
[23/Feb/2012:18:33:34 +0000] conn=17 op=75 SRCH 
base="cn=global_policy,cn=BLINKMIND.NET,cn=kerberos,dc=blinkmind,dc=net" 
scope=0 filter="(objectClass=krbPwdPolicy)" attrs="cn krbMaxPwdLife 
krbMinPwdLife krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength 
krbPwdMaxFailure krbPwdFailureCountInterval krbPwdLockoutDuration"
[23/Feb/2012:18:33:34 +0000] conn=17 op=75 RESULT err=0 tag=101 nentries=1 
etime=0
[23/Feb/2012:18:33:34 +0000] conn=49 op=0 BIND dn="" method=sasl version=3 
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=49 op=0 RESULT err=14 tag=97 nentries=0 
etime=0, SASL bind in progress
[23/Feb/2012:18:33:34 +0000] conn=49 op=1 BIND dn="" method=sasl version=3 
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=49 op=1 RESULT err=14 tag=97 nentries=0 
etime=0, SASL bind in progress
[23/Feb/2012:18:33:34 +0000] conn=49 op=2 BIND dn="" method=sasl version=3 
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=49 op=2 RESULT err=0 tag=97 nentries=0 
etime=0 dn="uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net"
[23/Feb/2012:18:33:34 +0000] conn=49 op=3 SRCH base="" scope=0 
filter="(objectClass=*)" attrs=ALL
[23/Feb/2012:18:33:34 +0000] conn=49 op=3 RESULT err=0 tag=101 nentries=1 
etime=0
[23/Feb/2012:18:33:34 +0000] conn=50 fd=76 slot=76 connection from 
10.13.0.245 to 10.13.0.105
[23/Feb/2012:18:33:34 +0000] conn=50 op=0 BIND dn="" method=sasl version=3 
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=50 op=0 RESULT err=14 tag=97 nentries=0 
etime=0, SASL bind in progress
[23/Feb/2012:18:33:34 +0000] conn=50 op=1 BIND dn="" method=sasl version=3 
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=50 op=1 RESULT err=14 tag=97 nentries=0 
etime=0, SASL bind in progress
[23/Feb/2012:18:33:34 +0000] conn=50 op=2 BIND dn="" method=sasl version=3 
mech=GSSAPI
[23/Feb/2012:18:33:34 +0000] conn=50 op=2 RESULT err=0 tag=97 nentries=0 
etime=0 dn="uid=nathan,cn=users,cn=accounts,dc=blinkmind,dc=net"
[23/Feb/2012:18:33:34 +0000] conn=50 op=3 SRCH base="dc=blinkmind,dc=net" 
scope=2 
filter="(&(samaccounttype=805306368)(userprincipalname=nathan@BLINKMIND.NET))" 
attrs="nsUniqueId ipaUniqueID objectguid objectClass javaSerializedData 
javaClassName javaFactory javaCodebase javaReferenceAddress javaClassNames 
javaremotelocation"
[23/Feb/2012:18:33:34 +0000] conn=50 op=3 RESULT err=0 tag=101 nentries=0 
etime=0 notes=U
[23/Feb/2012:18:33:34 +0000] conn=50 op=4 UNBIND
[23/Feb/2012:18:33:34 +0000] conn=50 op=4 fd=76 closed - U1
[23/Feb/2012:18:33:34 +0000] conn=49 op=-1 fd=75 closed - B1

Re: [Users] LDAP

Nathan Stratton