
On Mon, 2012-04-09 at 12:38 -0700, Sharad Mishra wrote:
On Mon, 2012-04-09 at 14:10 -0400, Oved Ourfalli wrote:
----- Original Message -----
From: "Oved Ourfalli" <ovedo@redhat.com> To: "Sharad Mishra" <snmishra@linux.vnet.ibm.com> Cc: users@ovirt.org Sent: Monday, April 9, 2012 8:36:49 PM Subject: Re: [Users] Testing LDAP support.
----- Original Message -----
From: "Sharad Mishra" <snmishra@linux.vnet.ibm.com> To: users@ovirt.org Sent: Monday, April 9, 2012 8:19:23 PM Subject: [Users] Testing LDAP support.
Hi,
I was able to successfully test simple authentication support of IBM Directory Server (IDS) in ovirt. Next step is to test "DIGEST-MD5" support. This protocol is currently supported by my test IDS. But I get -
javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error]
When a call is made to construct InitialDirContext with following settings -
{java.naming.provider.url=ldap://ldapserver.ibm.com:389, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=uid=1234567,c=us,ou=ldapserver,o=ibm.com, java.naming.security.authentication=DIGEST-MD5 GSSAPI, java.naming.security.credentials=password, java.naming.referral=follow, java.naming.ldap.attributes.binary=objectGUID}
Can you also attach the jboss log and engine log? (assuming you are testing it in the ovirt-engine environment). They can be helpful, as it might be related to some class loading issue or something similar, and the log might shed light on that.
I think its my setup that is the issue here. I am unable to run ldapsearch CLI with DIGEST-MD5 protocol. I am not sure how to setup/use secret key with sasl. I am running my queries against a production ldap server on which I have user access. I tried to look around on internet but did not get a good hit. -Sharad
there is nothing much in jboss and engine logs.
2012-04-09 10:03:19,203 INFO [org.ovirt.engine.core.bll.DbUserCacheManager] (QuartzScheduler_Worker-56) DbUserCacheManager::refreshAllUserData() - entered 2012-04-09 11:03:19,205 INFO [org.ovirt.engine.core.bll.DbUserCacheManager] (QuartzScheduler_Worker-11) DbUserCacheManager::refreshAllUserData() - entered 2012-04-09 12:03:19,207 INFO [org.ovirt.engine.core.bll.DbUserCacheManager] (QuartzScheduler_Worker-84) DbUserCacheManager::refreshAllUserData() - entered
Output of both, server.log and engine.log for this time period looks exactly same. Do I need to enable more logging?
-Sharad
Do you know what could be going wrong here? I think its something wrong with my usage and not in code.
What test cases were run to verify RedHat DS support? I can try to run the same for IBM DS before posting the patch.
Hard to tell what went wrong there. I'll try to take a look a bit on the web (as I assume you did but I guess it can't hurt). As for RHDS, most tests were done manually:
* Adding users/groups * Authentication * Group membership * Adding / removing / editing RHDS domain with the engine-manage-domains utility. * Refresh users/groups. * Search for users/groups That's basically the main scenarios. We have an LdapTester as well. The problem there was to setup the environment needed for the testing. It contains test cases for AD/IPA.
Oved
Thanks Sharad Mishra IBM
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users