Re: [ovirt-users] Can not configure with simple LDAP.

22 Sep 2014

      Sorry, I misunderstood.

This is outputs after LDAP user logged in.

2014-09-22 21:01:32,619 DEBUG [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (ajp--127.0.0.1-8702-4) doAuthenticateCredentials Entry user='Fumihide'
2014-09-22 21:01:32,620 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) runSequence entry name='authn'
2014-09-22 21:01:32,621 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Running sequence authn/010/call resolve user
2014-09-22 21:01:32,621 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,621 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,622 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,622 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,622 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,623 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,623 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,623 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) search_attr__dn =
2014-09-22 21:01:32,623 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,624 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,624 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,624 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,625 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,625 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,626 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,626 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,626 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,627 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,627 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,627 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) runSequence entry name='simple-resolve-user'
2014-09-22 21:01:32,627 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Running sequence simple-resolve-user/010/fetch-record resolve user
2014-09-22 21:01:32,628 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,628 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,628 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,628 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,629 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,629 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,629 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,629 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) search_attr__dn =
2014-09-22 21:01:32,630 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,630 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,630 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,631 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,631 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,631 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,631 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,632 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,632 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,632 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,632 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,633 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) searchOpen Entry name='simple-user-mapping', pageSize=0, limit=5
2014-09-22 21:01:32,633 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Creating SearchRequest
2014-09-22 21:01:32,634 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0, filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', attrs={entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail})
2014-09-22 21:01:32,635 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Entry name='authz'
2014-09-22 21:01:32,635 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Entry name='map-principal-record'
2014-09-22 21:01:32,635 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) AttrMapInfo Return [AttrMapInfo(PrincipalRecord_DEPARTMENT, STRING, '%s', department), AttrMapInfo(PrincipalRecord_DISPLAY_NAME, STRING, '%s', displayName), AttrMapInfo(PrincipalRecord_DN, STRING, '%s', _dn), AttrMapInfo(PrincipalRecord_EMAIL, STRING, '%s', mail), AttrMapInfo(PrincipalRecord_FIRST_NAME, STRING, '%s', givenName), AttrMapInfo(PrincipalRecord_GROUPS_RAW, STRING, '%s', memberOf), AttrMapInfo(PrincipalRecord_ID, STRING, '%s', entryUUID), AttrMapInfo(PrincipalRecord_LAST_NAME, STRING, '%s', sn), AttrMapInfo(PrincipalRecord_NAME, STRING, '%s', uid), AttrMapInfo(PrincipalRecord_PRINCIPAL, STRING, '%s', uid), AttrMapInfo(PrincipalRecord_TITLE, STRING, '%s', title)]
2014-09-22 21:01:32,637 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) SearchOpen Return SearchInstance(searchRequest='SearchRequest(baseDN='dc=rxc05271,dc=com', scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0, filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', attrs={entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail})', doPaging=true, resumeCookie='null', pageSize=100, limitLeft=5, done=false)
2014-09-22 21:01:32,638 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Enter
2014-09-22 21:01:32,638 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0, filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', attrs={entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail}, controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})
2014-09-22 21:01:32,640 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) SearchResult: SearchResult(resultCode=0 (success), messageID=3, entriesReturned=0, referencesReturned=0, responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
2014-09-22 21:01:32,641 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) SearchReferences: []
2014-09-22 21:01:32,641 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) SearchReferences: []
2014-09-22 21:01:32,641 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Return: null
2014-09-22 21:01:32,642 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) End sequence simple-resolve-user resolve user
2014-09-22 21:01:32,642 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,642 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,643 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,643 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,643 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,643 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,644 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,644 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,644 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,644 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,645 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,645 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,645 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,646 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,646 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,646 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,646 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,647 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,647 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Running sequence simple-resolve-user/020/call no user?
2014-09-22 21:01:32,647 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,648 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,648 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,648 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,648 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,649 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,649 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,649 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,649 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,650 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,650 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,650 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,651 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,651 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,651 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,652 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,652 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,652 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,652 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) runSequence entry name='simple-resolve-user-error'
2014-09-22 21:01:32,653 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Running sequence simple-resolve-user-error/010/var-set error
2014-09-22 21:01:32,653 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,653 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,653 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,654 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,654 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,654 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,654 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,655 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,655 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,655 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,656 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,656 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,656 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,656 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,657 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,657 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,657 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,658 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,658 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) End sequence simple-resolve-user-error error
2014-09-22 21:01:32,658 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,658 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,659 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,659 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,659 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,659 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,660 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,660 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,660 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,660 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,661 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,661 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,661 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,662 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,662 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,662 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,663 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,663 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,663 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,663 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Running sequence simple-resolve-user-error/020/var-set error
2014-09-22 21:01:32,664 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,664 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,664 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,664 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,665 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,665 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,665 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,665 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,666 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,666 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,666 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,667 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,667 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,667 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,668 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,668 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,668 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,668 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,669 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,669 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) End sequence simple-resolve-user-error error
2014-09-22 21:01:32,669 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,670 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,670 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authTranslatedMessage = CREDENTIALS_INVALID
2014-09-22 21:01:32,670 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,671 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,671 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,672 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,672 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,673 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,673 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,674 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,674 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,675 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,675 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,676 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,676 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,677 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,677 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,677 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,677 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,678 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) Running sequence simple-resolve-user-error/030/stop stop
2014-09-22 21:01:32,678 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,678 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,679 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authTranslatedMessage = CREDENTIALS_INVALID
2014-09-22 21:01:32,679 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,679 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,679 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,680 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,680 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,680 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,680 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,681 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,681 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,681 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,682 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,682 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,682 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,683 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,683 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = false
2014-09-22 21:01:32,683 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,683 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,684 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) End sequence simple-resolve-user-error stop
2014-09-22 21:01:32,684 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,684 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,684 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authTranslatedMessage = CREDENTIALS_INVALID
2014-09-22 21:01:32,685 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,685 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,685 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,685 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,686 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,686 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,686 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,686 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,687 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,687 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,687 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,688 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,688 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,688 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,689 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = true
2014-09-22 21:01:32,689 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,689 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,689 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) runSequence Return name='simple-resolve-user-error'
2014-09-22 21:01:32,690 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) End sequence simple-resolve-user no user?
2014-09-22 21:01:32,690 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,690 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,690 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authTranslatedMessage = CREDENTIALS_INVALID
2014-09-22 21:01:32,691 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,691 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,691 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,691 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,692 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,692 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,692 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,692 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,693 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,693 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,693 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,694 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,694 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,694 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,694 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = true
2014-09-22 21:01:32,695 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,695 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,695 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) runSequence Return name='simple-resolve-user'
2014-09-22 21:01:32,695 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) End sequence authn resolve user
2014-09-22 21:01:32,696 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-BEGIN
2014-09-22 21:01:32,696 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) _simple_baseDN = dc=rxc05271,dc=com
2014-09-22 21:01:32,696 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authTranslatedMessage = CREDENTIALS_INVALID
2014-09-22 21:01:32,696 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) authn_enable = 1
2014-09-22 21:01:32,697 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_credentialsChange = false
2014-09-22 21:01:32,697 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) capability_resucrsiveGroupResolution = false
2014-09-22 21:01:32,697 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) maxFilterSize = 50
2014-09-22 21:01:32,697 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) password = ***
2014-09-22 21:01:32,698 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) resultCode = INVALID_CREDENTIALS
2014-09-22 21:01:32,698 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) sensitiveKeys = , password, passwordNew
2014-09-22 21:01:32,698 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsBaseDN = namingContexts
2014-09-22 21:01:32,699 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsGroupRecord = entryUUID, cn, description, memberOf
2014-09-22 21:01:32,699 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsPrincipalRecord = entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail
2014-09-22 21:01:32,699 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_attrsUserName = uid
2014-09-22 21:01:32,699 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_bindFormat = dn
2014-09-22 21:01:32,700 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterGroupObject = (objectClass=groupOfNames)
2014-09-22 21:01:32,700 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) simple_filterUserObject = (objectClass=uidObject)(uid=*)
2014-09-22 21:01:32,700 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) stop = true
2014-09-22 21:01:32,701 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) user = Fumihide
2014-09-22 21:01:32,701 TRACE [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) VARS-END
2014-09-22 21:01:32,701 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) runSequence Return name='authn'
2014-09-22 21:01:32,702 DEBUG [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (ajp--127.0.0.1-8702-4) doAuthenticateCredentials Return {Extkey[name=AAA_AUTHN_RESULT;type=class java.lang.Integer;uuid=AAA_AUTHN_RESULT[af9771dc-a0bb-417d-a700-277616aedd85];]=12}
2014-09-22 21:01:32,702 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand] (ajp--127.0.0.1-8702-4) Cant login user "Fumihide" with authentication profile "rxc05271.com" because the authentication failed.
2014-09-22 21:01:32,713 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-4) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User Fumihide cannot login, please verify the username and password.
2014-09-22 21:01:32,724 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-4) Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User Fumihide failed to log in.
2014-09-22 21:01:32,724 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (ajp--127.0.0.1-8702-4) CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD

(2014/09/22 20:41), Alon Bar-Lev wrote:
...
Not sure what adds crlf to your file... please use *NIX editor, please use dos2unix to remove these,
Per our previous discussion, you should modify:
       <file-handler name="ENGINE" autoflush="true">
         <level name="INFO"/>
Into:
       <file-handler name="ENGINE" autoflush="true">
         <level name="FINEST"/>
You should see a difference.
Thanks!
----- Original Message -----
...
From: "Fumihide Tani" <RXC05271@nifty.com>
To: "Alon Bar-Lev" <alonbl@redhat.com>
Cc: users@ovirt.org
Sent: Monday, September 22, 2014 2:36:05 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
Hi, Alon,
I modified ovirt-engine.xml.in and restarted ovirt-engine.
Attached is the modified ovirt-engine.xml.in.
The engine.log outputs are fllowing: (Unfortunately it became the same
result.)
-----
2014-09-22 19:48:11,245 INFO [org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with authentication
profile "rxc05271.com" because the authentication failed.
2014-09-22 19:48:11,257 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User Fumihide cannot login, please verify the username and
password.
2014-09-22 19:48:11,265 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom Event
ID: -1, Message: User Fumihide failed to log in.
2014-09-22 19:48:11,266 WARN [org.ovirt.engine.core.bll.aaa.LoginUserCommand]
(ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
-----
As a cause of fail to OpenLDAP user login,
I suspect that the my openldap password encryption method setting not meet
with the ovirt.
Is there any method to verify?
Thanks,
(2014/09/22 19:15), Alon Bar-Lev wrote:
...
You need to add the following:
+       <logger category="org.ovirt.engineextensions.aaa.ldap">
+        <level name="FINEST"/>
+       </logger>
          <logger category="org.ovirt.engine.core.bll">
Look at the + lines, please add these (without the  +) just before: <logger
category="org.ovirt.engine.core.bll">
Thanks!
----- Original Message -----
...
From: "Fumihide Tani" <RXC05271@nifty.com>
To: "Alon Bar-Lev" <alonbl@redhat.com>
Cc: users@ovirt.org
Sent: Monday, September 22, 2014 1:10:57 PM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
(2014/09/22 15:00), Alon Bar-Lev wrote:
...
----- Original Message -----
...
From: "Fumihide Tani" <RXC05271@nifty.com>
To: "Alon Bar-Lev" <alonbl@redhat.com>
Cc: users@ovirt.org
Sent: Monday, September 22, 2014 4:16:17 AM
Subject: Re: [ovirt-users] Can not configure with simple LDAP.
(2014/09/22 0:16), Alon Bar-Lev wrote:
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271@nifty.com>
>> To: "Alon Bar-Lev" <alonbl@redhat.com>
>> Cc: users@ovirt.org
>> Sent: Sunday, September 21, 2014 6:00:48 PM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> Hi, Alon,
>>
>> Following Alon's advice, I added authz-company.properties file to the
>> configuration directory.
>> Then OpenLDAP users can searched from oVirt Web admin. and I could add
>> it's
>> users
>> to the portal successfully.
>>
>> But I have another problem.
>> These OpenLDAP users that I added can not login to ovirt web user
>> portal.
>>
>> User Name: Fumihide (This is shown on Web Admin Portal "Users" tab as
>> "First
>> Name")
>> Password: (I specified it as OpenLDAP's userPassword for "Fumihide")
>> Domain: rxc05271.com (I selected instead of "internal")
>>
>> ?
> 1. What error do you get at ui?
"The user name or password is incorrect."
> 2. Please look at engine.log while attempting to login, if you see
> something helpful.
2014-09-22 09:53:27,669 INFO
[org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-2) Cant login user "Fumihide" with authentication
profile "rxc05271.com" because the authentication failed.
2014-09-22 09:53:27,685 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom
Event
ID: -1, Message: User Fumihide cannot login, please verify the username
and
password.
2014-09-22 09:53:27,693 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-2) Correlation ID: null, Call Stack: null, Custom
Event
ID: -1, Message: User Fumihide failed to log in.
2014-09-22 09:53:27,693 WARN
[org.ovirt.engine.core.bll.aaa.LoginUserCommand]
(ajp--127.0.0.1-8702-2) CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
> 3. Please make sure that the following is a success:
> $ ldapsearch -h <HOST> -x -W -D <LOGIN_USER_DN> -b <BASE_DN>
> uid=<LOGIN_NAME>
[root@ovirt ~]# ldapsearch -H ldapi:/// -x -W -D
"uid=tani,ou=Users,dc=rxc05271,dc=com" -b 'dc=rxc05271,dc=com' -x
'(uid=tani)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=rxc05271,dc=com> with scope subtree
# filter: (uid=tani)
# requesting: ALL
#
# tani, Users, rxc05271.com
dn: uid=tani,ou=Users,dc=rxc05271,dc=com
objectClass: inetOrgPerson
objectClass: uidObject
uid: tani
cn: Fumihide Tani
givenName: Fumihide
mail: tani@rxc05271.com
sn: Tani
userPassword:: a3VtaXRhbg==
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@ovirt ~]#
> 4. If working please modify
> /usr/share/ovirt-enigne/services/ovirt-enigne/ovirt-enigne.xml.in
> ---
>            <file-handler name="ENGINE" autoflush="true">
> -        <level name="INFO"/>
> -        <level name="FINEST"/>
> <snip>
> +       <logger category="org.ovirt.engineextensions.aaa.ldap">
> +        <level name="FINEST"/>
> +       </logger>
>             <logger category="org.ovirt.engine.core.bll">
> ---
> Restart engine, attempt login, send me the output.
2014-09-22 10:03:57,517 INFO
[org.ovirt.engine.core.bll.aaa.LoginBaseCommand]
(ajp--127.0.0.1-8702-7) Cant login user "Fumihide" with authentication
profile "rxc05271.com" because the authentication failed.
2014-09-22 10:03:57,534 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom
Event
ID: -1, Message: User Fumihide cannot login, please verify the username
and
password.
2014-09-22 10:03:57,545 ERROR
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-7) Correlation ID: null, Call Stack: null, Custom
Event
ID: -1, Message: User Fumihide failed to log in.
2014-09-22 10:03:57,545 WARN
[org.ovirt.engine.core.bll.aaa.LoginUserCommand]
(ajp--127.0.0.1-8702-7) CanDoAction of action LoginUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD
(logger level is not changed to FINEST? outputs is same as above.)
I had a mistake above... the file-handler level should be set to finest.
<file-handler name="ENGINE" autoflush="true">
       <level name="FINEST"/>
can you confirm?
or best send me the engine.xml.in file and I can see what's wrong.
thanks!
I set file-handler's level name to "FINEST". but outputs are same as
before.
I attached the ovirt-engine.xml.in
Regards,
...
...
Thanks,
Fumihide Tani
>> Please advice me, it's so thanksfull.
>>
>> Fumihide Tani
>>
>>
>> (2014/09/21 17:13), Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "Fumihide Tani" <RXC05271@nifty.com>
>>>> To: "Alon Bar-Lev" <alonbl@redhat.com>
>>>> Cc: users@ovirt.org
>>>> Sent: Sunday, September 21, 2014 11:11:11 AM
>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>
>>>> Hi, Alon
>>>>
>>>> Very thanks for your help.
>>>> My problem was solved and the AAA is working now.
>>>> I could add LDAP user. :)
>>> Great.
>>> Can you please send me a patch or modified README to make it better?
>>>
>>> Alon
>>>
>>>> Fumihide Tani
>>>>
>>>> (2014/09/21 16:19), Alon Bar-Lev wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Alon Bar-Lev" <alonbl@redhat.com>
>>>>>> To: "Fumihide Tani" <RXC05271@nifty.com>
>>>>>> Cc: users@ovirt.org
>>>>>> Sent: Sunday, September 21, 2014 10:19:11 AM
>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> You need to create authz extension as well (authz-company).
>>>>>> The configuration you provided is establishing authentication only
>>>>>> (authn)
>>>>>> which refer to authz-company but you did not add it.
>>>>>>
>>>>>> The terms are:
>>>>>> 1. authn - who the user is.
>>>>>> 2. authz - what user is permitted.
>>>>>> 3. profile - combination of the two.
>>>>>>
>>>>>> -----------------------------
>>>>>> # vi /etc/ovirt-engine/extensions.d/authz-company.properties
>>>>>> ovirt.engine.extension.name = authz-company
>>>>>> ovirt.engine.extension.bindings.method = jbossmodule
>>>>>> ovirt.engine.extension.binding.jbossmodule.module =
>>>>>> org.ovirt.engine-extensions.aaa.ldap
>>>>>> ovirt.engine.extension.binding.jbossmodule.class =
>>>>>> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
>>>>> Sorry:
>>>>> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
>>>>>> ovirt.engine.extension.provides =
>>>>>> org.ovirt.engine.api.extensions.aaa.Authz
>>>>>> config.profile.file.1 = /etc/ovirt-engine/aaa/rxc05271.properties
>>>>>> --------------------------------------------------
>>>>>>
>>>>>> Regards,
>>>>>> Alon