This error:
The user user@example.com(a)example.com is not authorized to perform login
means that you don't have any role assigned to your user.
Please check following documentation:
https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/#use...
to understand permission model of oVirt.
On 06/14/2018 02:39 PM, Michael Watters wrote:
> ldapsearch works correctly and I'm able to bind to AD without any
> issues. ovirt-engine-extension-aaa-ldap-setup also shows searches
> working correctly.
>
> One thing I've discovered is that I can login as "user(a)domain.com" but
> then receive an error as follows.
>
>> The user user@example.com(a)example.com is not authorized to perform login
>
> How do I enable debug logs? The log entries from the engine.log file
> are the same as my previous message.
>
>
> On 06/14/2018 06:37 AM, Ondra Machacek wrote:
>> Can you share the debug log, and also make sure the search user you are
>> using is correct for example by running the ldapsearch command with it.
>>
>> On 06/13/2018 05:33 PM, Michael Watters wrote:
>>> I've ran the ovirt-engine-extension-aaa-ldap-setup command to configure
>>> LDAP authentication using Active Directory however I am unable to
>>> authenticate using valid credentials. Here is the output show while
>>> testing the login flow.
>>>
>>> [ INFO ] Executing login sequence...
>>> Login output:
>>> 2018-06-13 11:27:17,931-04 INFO
>>> ========================================================================
>>> 2018-06-13 11:27:17,960-04 INFO
>>> ============================ Initialization ============================
>>> 2018-06-13 11:27:17,960-04 INFO
>>> ========================================================================
>>> 2018-06-13 11:27:17,999-04 INFO Loading extension
>>> 'example.com-authn'
>>> 2018-06-13 11:27:18,072-04 INFO Extension
>>> 'example.com-authn' loaded
>>> 2018-06-13 11:27:18,077-04 INFO Loading extension
>>> 'example.com-authz'
>>> 2018-06-13 11:27:18,089-04 INFO Extension
>>> 'example.com-authz' loaded
>>> 2018-06-13 11:27:18,090-04 INFO Initializing extension
>>> 'example.com-authn'
>>> 2018-06-13 11:27:18,091-04 INFO
>>> [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP
>>> pool 'authz'
>>> 2018-06-13 11:27:19,574-04 WARNING Exception: 80090308:
>>> LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e,
>>> v3839
>>> 2018-06-13 11:27:19,576-04 INFO
>>> [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating LDAP
>>> pool 'authn'
>>> 2018-06-13 11:27:20,668-04 INFO
>>> [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] LDAP pool
>>> 'authn' information: vendor='null' version='null'
>>> 2018-06-13 11:27:20,674-04 WARNING Ignoring records from
>>> pool:
>>> 'authz'
>>> 2018-06-13 11:27:20,676-04 WARNING Ignoring records from
>>> pool:
>>> 'authz'
>>> 2018-06-13 11:27:20,676-04 INFO Extension
>>> 'example.com-authn' initialized
>>> 2018-06-13 11:27:20,677-04 INFO Initializing extension
>>> 'example.com-authz'
>>> 2018-06-13 11:27:20,679-04 INFO
>>> [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP
>>> pool 'authz'
>>> 2018-06-13 11:27:21,270-04 WARNING Exception: 80090308:
>>> LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e,
>>> v3839
>>> 2018-06-13 11:27:21,273-04 INFO
>>> [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating LDAP
>>> pool 'gc'
>>> 2018-06-13 11:27:22,065-04 WARNING Exception: 80090308:
>>> LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e,
>>> v1db1
>>> 2018-06-13 11:27:22,069-04 WARNING Ignoring records from
>>> pool:
>>> 'authz'
>>> 2018-06-13 11:27:22,072-04 WARNING Ignoring records from
>>> pool:
>>> 'authz'
>>> 2018-06-13 11:27:22,085-04 WARNING Ignoring records from
>>> pool:
>>> 'authz'
>>> 2018-06-13 11:27:22,086-04 INFO
>>> [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Available
>>> Namespaces: []
>>> 2018-06-13 11:27:22,087-04 INFO Extension
>>> 'example.com-authz' initialized
>>> 2018-06-13 11:27:22,088-04 INFO Start of enabled
>>> extensions
>>> list
>>> 2018-06-13 11:27:22,089-04 INFO Instance name:
>>> 'example.com-authz', Extension name:
>>> 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.7',
Notes:
>>> 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos',
>>> License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author
'The oVirt
>>> Project', Build interface Version: '0', File:
>>> '/tmp/tmpPQluAI/extensions.d/example.com-authz.properties',
Initialized:
>>> 'true'
>>> 2018-06-13 11:27:22,089-04 INFO Instance name:
>>> 'example.com-authn', Extension name:
>>> 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.7',
Notes:
>>> 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos',
>>> License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author
'The oVirt
>>> Project', Build interface Version: '0', File:
>>> '/tmp/tmpPQluAI/extensions.d/example.com-authn.properties',
Initialized:
>>> 'true'
>>> 2018-06-13 11:27:22,090-04 INFO End of enabled
>>> extensions list
>>> 2018-06-13 11:27:22,090-04 INFO
>>> ========================================================================
>>> 2018-06-13 11:27:22,090-04 INFO
>>> ============================== Execution ===============================
>>> 2018-06-13 11:27:22,091-04 INFO
>>> ========================================================================
>>> 2018-06-13 11:27:22,091-04 INFO Iteration: 0
>>> 2018-06-13 11:27:22,093-04 INFO Profile='example.com'
>>> authn='example.com-authn' authz='example.com-authz'
mapping='null'
>>> 2018-06-13 11:27:22,094-04 INFO API:
>>> -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS
profile='example.com'
>>> user='d861703'
>>> 2018-06-13 11:27:22,251-04 INFO API:
>>> <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS
profile='example.com'
>>> result=CREDENTIALS_INCORRECT
>>> 2018-06-13 11:27:22,262-04 SEVERE Authn.Result code is:
>>> CREDENTIALS_INCORRECT
>>> [ ERROR ] Login sequence failed
>>>
>>> Does anybody know what LdapErr: DSID-0C09042A, comment:
>>> AcceptSecurityContext error, data 52e, v3839 means? Is this a TLS
>>> issue? I am quite certain the password I'm using is correct.
>>> _______________________________________________
>>> Users mailing list -- users(a)ovirt.org
>>> To unsubscribe send an email to users-leave(a)ovirt.org
>>> Privacy Statement:
https://www.ovirt.org/site/privacy-policy/
>>> oVirt Code of Conduct:
>>>
https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7KTJZ6ID3PB...
>>>
>