Re: [ovirt-users] Can not configure with simple LDAP.

From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; Cc: users(a)ovirt.org Sent: Monday, October 6, 2014 6:31:17 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. engine.log attached. Regards (2014/10/06 23:57), Alon Bar-Lev wrote: > > ----- Original Message ----- >> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >> Cc: users(a)ovirt.org >> Sent: Monday, October 6, 2014 3:40:05 PM >> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >> >> Alon, >> >> Thanks, the ovirt-engine-extension-aaa-ldap was updated successfully. >> and then I restarted my ovirt-engine. >> >> I tried the following: >> >> 1) Login to the User Portal using LDAP account "tani". >> Failed. (it was able to login before doing update.) >> >> 2) Then deleting the LDAP account "tani" from admin portal. >> >> 3) Tried to add new account "tani" again. >> I selected "rxc05271.com (authz-company)" instead of "internal (internal)" >> but "Go" bottun is hidden. >> >> What should I do next? > it probably means that the engine cannot interact with the ldap. > can you see any error message during engine startup that related? > can you stop engine remove engine.log start engine and send me the > engine.log? > >> Regards, >> Fumihide Tani >> >> (2014/10/06 20:39), Alon Bar-Lev wrote: >>> ----- Original Message ----- >>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>> Cc: users(a)ovirt.org >>>> Sent: Monday, October 6, 2014 2:36:38 PM >>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>> >>>> Hi, Alon >>>> >>>> I can not update the ovirt-engine-extension-aaa-ldap.noarch >>>> 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the one you >>>> specified. >>>> Is it still not exist in ovirt-3.5-pre repo? >>> right, they are at snapshots. >>> you can take the extension rpm and only update it. >>> >>> yum localupdate >>> http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-en... >>> >>>> Regards, >>>> Fumihide Tani >>>> >>>> (2014/10/06 17:07), Alon Bar-Lev wrote: >>>>> Hello Fumihide, >>>>> >>>>> I pushed a significant change into ldap package, in some cases it will >>>>> provide better response times. >>>>> The change is within group resolution. >>>>> I wounder if you can test it, should be at least >>>>> ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d. >>>>> >>>>> Regards, >>>>> Alon Bar-Lev. >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>> Cc: users(a)ovirt.org >>>>>> Sent: Thursday, September 25, 2014 4:41:09 PM >>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>> >>>>>> Hi, Alon, >>>>>> >>>>>> Without waiting until the weekend, >>>>>> I have finished the flesh install of the oVirt 3.5 RC3 today. >>>>>> As a result, with same AAA settings, >>>>>> My OpenLDAP's users became possible to login to the Web User Portal >>>>>> now. >>>>>> Yes, RC3 is good for integrating with newest OpenLDAP 2.4.23, RC2 is >>>>>> not. >>>>>> >>>>>> Very much thanks, >>>>>> Fumihide Tani >>>>>> >>>>>> (2014/09/25 7:27), Alon Bar-Lev wrote: >>>>>>> This is severe, the upgrade is not working properly you have issues >>>>>>> with >>>>>>> accessing database. >>>>>>> If database is not important I suggest a fresh install, run >>>>>>> engine-cleanup >>>>>>> then engine-setup. >>>>>>> If database is important please forward this to devel mailing list >>>>>>> for >>>>>>> someone to help, regardless of LDAP. >>>>>>> Regards, >>>>>>> Alon >>>>>>> >>>>>>> >>>>>>> 4-09-25 00:36:08,389 ERROR >>>>>>> [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] >>>>>>> (DefaultQuartzScheduler_Worker-7) ArrayIndexOutOfBoundsException: 1: >>>>>>> java.lang.ArrayIndexOutOfBoundsException: 1 >>>>>>> at >>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208) >>>>>>> [dal.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20) >>>>>>> [dal.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184) >>>>>>> [dal.jar:] >>>>>>> at >>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168) >>>>>>> [dal.jar:] >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>> Sent: Wednesday, September 24, 2014 6:40:58 PM >>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>> >>>>>>>> Result of running engine-setup: >>>>>>>> [root@ovirt ~]# yum list installed|grep ovirt-engine >>>>>>>> ovirt-engine.noarch 3.5.0-0.0.master.20140923231936.git42065cc.el6 >>>>>>>> >>>>>>>> Yes, engine is updated to newest one.! >>>>>>>> >>>>>>>> But I still continued failing to login. >>>>>>>> engine.log attached. >>>>>>>> >>>>>>>> Very thanks, >>>>>>>> >>>>>>>> (2014/09/24 23:59), Alon Bar-Lev wrote: >>>>>>>>> you probably need to run engine-setup >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>> Sent: Wednesday, September 24, 2014 4:59:22 PM >>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>> >>>>>>>>>> Oops! >>>>>>>>>> # yum list installed | grep ovirt-engine >>>>>>>>>> ovirt-engine.noarch 3.5.0-0.0.master.20140821064931.gitb794d66.el6 >>>>>>>>>> (snip) >>>>>>>>>> ..... >>>>>>>>>> >>>>>>>>>> Many ovirt-3.5-* modules are updated by yum today but engine is >>>>>>>>>> not. >>>>>>>>>> Why not updated to RC3?? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> (2014/09/24 22:42), Alon Bar-Lev wrote: >>>>>>>>>>> Unless I am missing something, you run old engine: >>>>>>>>>>> >>>>>>>>>>> 2014-09-24 22:16:24,136 INFO [org.ovirt.engine.core.bll.Backend] >>>>>>>>>>> (MSC >>>>>>>>>>> service thread 1-12) Running ovirt-engine >>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:21:09 PM >>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>>> >>>>>>>>>>>> Attached engine.log with "FINEST" >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> >>>>>>>>>>>> (2014/09/24 21:32), Alon Bar-Lev wrote: >>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>>> Cc: users(a)ovirt.org >>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 3:24:23 PM >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi, Alon, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I have updated the oVirt 3.5 RC2 to the newest RC3 today. >>>>>>>>>>>>>> >>>>>>>>>>>>>> From my CentOS6.5 based oVirt Engine server and the >>>>>>>>>>>>>> oVirt >>>>>>>>>>>>>> Host >>>>>>>>>>>>>> server, >>>>>>>>>>>>>> # yum clean all >>>>>>>>>>>>>> # yum update >>>>>>>>>>>>>> Then rebooted these servers. >>>>>>>>>>>>>> >>>>>>>>>>>>>> But my LDAP problem is continued and same result as before. >>>>>>>>>>>>>> >>>>>>>>>>>>>> When I login to the oVirt User Portal, >>>>>>>>>>>>>> User Name: tani >>>>>>>>>>>>>> Password: (OpenLDAP's userPassword) >>>>>>>>>>>>>> Domain: rxc05271.com >>>>>>>>>>>>>> >>>>>>>>>>>>>> UI displays "General command validation failure." >>>>>>>>>>>>>> >>>>>>>>>>>>>> Please advice. >>>>>>>>>>>>> Hopefully I can if you provide log... :) >>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>> Fumihide Tani >>>>>>>>>>>>>> >>>>>>>>>>>>>> (2014/09/22 22:20), Alon Bar-Lev wrote: >>>>>>>>>>>>>>> The version of engine you are using is probably out of date >>>>>>>>>>>>>>> and >>>>>>>>>>>>>>> unsynced >>>>>>>>>>>>>>> with latest ldap package (20140821064931). >>>>>>>>>>>>>>> Please make sure you take latest from[1] >>>>>>>>>>>>>>> Thanks! >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/ >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>>>>> Cc: users(a)ovirt.org >>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:42:52 PM >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple >>>>>>>>>>>>>>>> LDAP. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi, Alon, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Your requested engine.log attached. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Also, I tried to login to web user portal by "tani" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> User Name: tani >>>>>>>>>>>>>>>> Password: (OpenLDAP userPassword) >>>>>>>>>>>>>>>> Domain: rxc05271.com >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> cause: "General command validation failure." >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Attated log includes login by "Fumihide" first, "tani" >>>>>>>>>>>>>>>> second. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Very thanks, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> (2014/09/22 21:24), Alon Bar-Lev wrote: >>>>>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271(a)nifty.com&gt; >>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; >>>>>>>>>>>>>>>>>> Cc: users(a)ovirt.org >>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:06:39 PM >>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple >>>>>>>>>>>>>>>>>> LDAP. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Sorry, I misunderstood. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> This is outputs after LDAP user logged in. >>>>>>>>>>>>>>>>> Please attach log as files, not inline, easier to handle. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,638 DEBUG >>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] >>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) >>>>>>>>>>>>>>>>> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', >>>>>>>>>>>>>>>>> scope=SUB, >>>>>>>>>>>>>>>>> deref=NEVER, sizeLimit=0, timeLimit=0, >>>>>>>>>>>>>>>>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', >>>>>>>>>>>>>>>>> attrs={entryUUID, >>>>>>>>>>>>>>>>> uid, displayName, memberOf, department, givenName, sn, >>>>>>>>>>>>>>>>> title, >>>>>>>>>>>>>>>>> mail}, >>>>>>>>>>>>>>>>> controls={SimplePagedResultsControl(pageSize=100, >>>>>>>>>>>>>>>>> isCritical=false)}) >>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,640 DEBUG >>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] >>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) >>>>>>>>>>>>>>>>> SearchResult: SearchResult(resultCode=0 (success), >>>>>>>>>>>>>>>>> messageID=3, >>>>>>>>>>>>>>>>> entriesReturned=0, referencesReturned=0, >>>>>>>>>>>>>>>>> responseControls={SimplePagedResultsControl(pageSize=0, >>>>>>>>>>>>>>>>> isCritical=false)}) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >From the above I see that a search was issued: >>>>>>>>>>>>>>>>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide) >>>>>>>>>>>>>>>>> And no result returned. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Per previous output: >>>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>>> # tani, Users, rxc05271.com >>>>>>>>>>>>>>>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com >>>>>>>>>>>>>>>>> objectClass: inetOrgPerson >>>>>>>>>>>>>>>>> objectClass: uidObject >>>>>>>>>>>>>>>>> uid: tani >>>>>>>>>>>>>>>>> cn: Fumihide Tani >>>>>>>>>>>>>>>>> givenName: Fumihide >>>>>>>>>>>>>>>>> mail: tani(a)rxc05271.com >>>>>>>>>>>>>>>>> sn: Tani >>>>>>>>>>>>>>>>> userPassword:: a3VtaXRhbg== >>>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Your user name is tani and not Fumihide. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Alon >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>> >> >> >