[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI

It gives the same error that can't connect because of invalid credentials and when i try to put the hostname on the option of Single Server it can't resolve the host but when i ping him i can resolve it. [root@ovirt ~]# ovirt-engine-extension-aaa-ldap-setup [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf'] Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20190530142721-m0p3r8.log Version: otopi-1.7.8 (otopi-1.7.8-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment customization Welcome to LDAP extension configuration program Available LDAP implementations: 1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IBM Security Directory Server 5 - IBM Security Directory Server RFC-2307 Schema 6 - IPA 7 - Novell eDirectory RFC-2307 Schema 8 - OpenLDAP RFC-2307 Schema 9 - OpenLDAP Standard Schema 10 - Oracle Unified Directory RFC-2307 Schema 11 - RFC-2307 Schema (Generic) 12 - RHDS 13 - RHDS RFC-2307 Schema 14 - iPlanet Please select: 9 NOTE: It is highly recommended to use DNS resolution for LDAP server. If for some reason you intend to use hosts or plain address disable DNS usage. Use DNS (Yes, No) [Yes]: Available policy method: 1 - Single server 2 - DNS domain LDAP SRV record 3 - Round-robin between multiple hosts 4 - Failover between multiple hosts Please select: 1 Please enter host address: 192.168.16.114 [WARNING] Detected plain IP address '192.168.16.114', disabling DNS. NOTE: It is highly recommended to use secure protocol to access the LDAP server. Protocol startTLS is the standard recommended method to do so. Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol. Use plain for test environments only. Please select protocol to use (startTLS, ldaps, plain) [startTLS]: Please select method to obtain PEM encoded CA certificate (File, URL, Inline, System, Insecure): Insecure [ INFO ] Connecting to LDAP using 'ldap://192.168.16.114:389' [ INFO ] Executing startTLS [ INFO ] Connection succeeded Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): uid=node1,ou=People,dc=lab,dc=local Enter search user password: [ INFO ] Attempting to bind using 'uid=node1,ou=People,dc=lab,dc=local' Please enter base DN (dc=lab,dc=local) [dc=lab,dc=local]: ou=People,dc=lab,dc=local Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: NOTE: Profile name has to match domain name, otherwise Single Sign-On for Virtual Machines will not work. Please specify profile name that will be visible to users [192.168.16.114]: lab.local [ INFO ] Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before applying it into engine. Login sequence is executed automatically, but it is recommended to also execute Search sequence manually after successful Login sequence. Please provide credentials to test login flow: Enter user name: node1 Enter user password: [ INFO ] Executing login sequence... Login output: 2019-05-30 14:29:03,825+01 INFO ======================================================================== 2019-05-30 14:29:03,859+01 INFO ============================ Initialization ============================ 2019-05-30 14:29:03,859+01 INFO ======================================================================== 2019-05-30 14:29:03,926+01 INFO Loading extension 'lab.local-authn' 2019-05-30 14:29:04,075+01 INFO Extension 'lab.local-authn' loaded 2019-05-30 14:29:04,095+01 INFO Loading extension 'lab.local' 2019-05-30 14:29:04,103+01 INFO Extension 'lab.local' loaded 2019-05-30 14:29:04,104+01 INFO Initializing extension 'lab.local-authn' 2019-05-30 14:29:04,105+01 INFO [ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] Creating LDAP pool 'authz' 2019-05-30 14:29:04,121+01 WARNING [ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] TLS/SSL insecure mode 2019-05-30 14:29:04,593+01 WARNING Exception: An error occurred while attempting to set the value of the SO_TIMEOUT socket option for connection LDAPConnection(connected to 192.168.16.114:389) to 50ms: SocketException(Socket is closed), ldapSDKVersion=4.0.5, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58 2019-05-30 14:29:04,594+01 INFO [ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] Creating LDAP pool 'authn' 2019-05-30 14:29:04,594+01 WARNING [ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] TLS/SSL insecure mode 2019-05-30 14:29:04,674+01 WARNING Exception: The connection reader was unable to successfully complete TLS negotiation: LDAPException(resultCode=91 (connect error), errorMessage='Hostname verification failed because the expected hostname '192.168.16.114' was not found in peer certificate 'subject='CN=localhost' dNSName='localhost' dNSName='localhost' dNSName='localhost.localdomain''.', ldapSDKVersion=4.0.5, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58) 2019-05-30 14:29:04,675+01 INFO Extension 'lab.local-authn' initialized 2019-05-30 14:29:04,675+01 INFO Initializing extension 'lab.local' 2019-05-30 14:29:04,676+01 INFO [ovirt-engine-extension-aaa-ldap.authz::lab.local] Creating LDAP pool 'authz' 2019-05-30 14:29:04,676+01 WARNING [ovirt-engine-extension-aaa-ldap.authz::lab.local] TLS/SSL insecure mode 2019-05-30 14:29:04,776+01 WARNING Exception: The connection reader was unable to successfully complete TLS negotiation: LDAPException(resultCode=91 (connect error), errorMessage='Hostname verification failed because the expected hostname '192.168.16.114' was not found in peer certificate 'subject='CN=localhost' dNSName='localhost' dNSName='localhost' dNSName='localhost.localdomain''.', ldapSDKVersion=4.0.5, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58) 2019-05-30 14:29:04,777+01 INFO [ovirt-engine-extension-aaa-ldap.authz::lab.local] Available Namespaces: [ou=People,dc=lab,dc=local] 2019-05-30 14:29:04,778+01 INFO Extension 'lab.local' initialized 2019-05-30 14:29:04,778+01 INFO Start of enabled extensions list 2019-05-30 14:29:04,779+01 INFO Instance name: 'lab.local-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.8', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.8-1.el7', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpwbSUo5/extensions.d/lab.local-authn.properties', Initialized: 'true' 2019-05-30 14:29:04,779+01 INFO Instance name: 'lab.local', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.8', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.8-1.el7', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpwbSUo5/extensions.d/lab.local.properties', Initialized: 'true' 2019-05-30 14:29:04,779+01 INFO End of enabled extensions list 2019-05-30 14:29:04,779+01 INFO ======================================================================== 2019-05-30 14:29:04,779+01 INFO ============================== Execution =============================== 2019-05-30 14:29:04,779+01 INFO ======================================================================== 2019-05-30 14:29:04,780+01 INFO Iteration: 0 2019-05-30 14:29:04,780+01 INFO Profile='lab.local' authn='lab.local-authn' authz='lab.local' mapping='null' 2019-05-30 14:29:04,781+01 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='lab.local' user='node1' 2019-05-30 14:29:04,825+01 WARNING Ignoring records from pool: 'authz' 2019-05-30 14:29:04,826+01 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='lab.local' result=CREDENTIALS_INVALID 2019-05-30 14:29:04,834+01 SEVERE Authn.Result code is: CREDENTIALS_INVALID [ ERROR ] Login sequence failed Please investigate details of the failure (search for lines containing SEVERE log level). Select test sequence to execute (Done, Abort, Login, Search) [Abort]: