On Sun, 19 Feb 2012, Itamar Heim wrote:
On 02/19/2012 11:11 PM, Nathan Stratton wrote:
> On Sun, 19 Feb 2012, Itamar Heim wrote:
>
>> the current code supports AD, freeIPA/IPA and 389ds/RHDS.
>> if apache directory server is similar to any of them, you could try
>> hacking the code to add support for it.
>
> Ok, will go with 389 for now, its in the family, tho Gluster is in the
> family and you don't support it as a storage file system... : )
please remember you need 389ds with kerberos support.
Got it installed and setup, I am able to authenticate from linux boxes
with the new 389 LDAP so I know that works. However still running into
issues getting ovirt-engine to work with it.
http://share.robotics.net/ldap.pcap
As you can see from the pcap, I see a DNS SRV query for
_ldap._tcp.blinkmind.net and the box does talk to the LDAP box. I don't
see anyting on port 88, or a ldap query for the kerberos or does it try to
just use the same IP as ldap?
2012-02-21 16:59:48,411 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(http--0.0.0.0-8080-1) Failed ldap search server
LDAP://ldap-master.hou.blinkmind.net:389 due to
org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException. We
should not try the next server:
org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException
at
org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticateToKDC(GSSAPIDirContextAuthenticationStrategy.java:150)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.explicitAuth(GSSAPIDirContextAuthenticationStrategy.java:119)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticate(GSSAPIDirContextAuthenticationStrategy.java:111)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.GSSAPILdapTemplateWrapper.useAuthenticationStrategy(GSSAPILdapTemplateWrapper.java:90)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.PrepareLdapConnectionTask.call(PrepareLdapConnectionTask.java:56)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:108)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97)
[engine-bll.jar:]
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
[:1.6.0_22]
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
[:1.6.0_22]
at
org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57)
[utils-3.0.0-0001.jar:]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
[:1.6.0_22]
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
[:1.6.0_22]
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
[:1.6.0_22]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
[:1.6.0_22]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
[:1.6.0_22]
at java.lang.Thread.run(Thread.java:679) [:1.6.0_22]
2012-02-21 16:59:48,415 ERROR
[org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand]
(http--0.0.0.0-8080-1) Failed authenticating user: nathan to domain
blinkmind.net. Ldap Query Type is getUserByName
2012-02-21 16:59:48,416 ERROR
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1)
USER_FAILED_TO_AUTHENTICATE_NO_KDCS_FOUND : nathan
2012-02-21 16:59:48,416 WARN
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1)
CanDoAction of action LoginAdminUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_NO_KDCS_FOUND