
6 Oct
2014
6 Oct
'14
4:54 p.m.
----- Original Message ----- > From: "Fumihide Tani" <RXC05271@nifty.com> > To: "Alon Bar-Lev" <alonbl@redhat.com> > Cc: users@ovirt.org > Sent: Monday, October 6, 2014 7:46:05 PM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > (2014/10/07 0:50), Alon Bar-Lev wrote: > > > > ----- Original Message ----- > >> From: "Fumihide Tani" <RXC05271@nifty.com> > >> To: "Alon Bar-Lev" <alonbl@redhat.com> > >> Cc: users@ovirt.org > >> Sent: Monday, October 6, 2014 6:47:15 PM > >> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >> > >> Alon, > >> > >> Sorry, I forgetted to start my DNS server. > >> After that everything goes well. > >> I can add LDAP account and login to the Web Portal by LDAP account > >> successfully! > > great, now try this sequence: > > 1. define a group X in ldap. > > 2. define a group Y in ldap which is member of group X. > > 3. define user U that is member of group Y. > > 4. add group X into ovirt-engine as superuser. > > 5. try to login with user U. > > > > it should work unless we have an issue. > > I have done sequence 1 to 4. > I can successflly login to the User Portal using ldap's user U. > But my VMs which I have added permission to the group X as superuser > are not displayed on the screen. > Why not? something wrong? Can you please confirm the X is shown under "Directory Groups" tag when you select user U? > > > > >> (2014/10/07 0:33), Alon Bar-Lev wrote: > >>> 2014-10-07 00:27:59,829 DEBUG > >>> [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-14) > >>> Exception during sequence: LDAPException(resultCode=91 (connect error), > >>> errorMessage='An error occurred while attempting to connect to server > >>> ldap.rxc05271.com:389: java.io.IOException: An error occurred while > >>> attempting to establish a connection to server > >>> ldap.rxc05271.com/111.64.166.75:389: java.net.ConnectException: > >>> Connection refused') > >>> > >>> > >>> ----- Original Message ----- > >>>> From: "Fumihide Tani" <RXC05271@nifty.com> > >>>> To: "Alon Bar-Lev" <alonbl@redhat.com> > >>>> Cc: users@ovirt.org > >>>> Sent: Monday, October 6, 2014 6:31:17 PM > >>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>> > >>>> engine.log attached. > >>>> > >>>> Regards > >>>> > >>>> (2014/10/06 23:57), Alon Bar-Lev wrote: > >>>>> ----- Original Message ----- > >>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> > >>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> > >>>>>> Cc: users@ovirt.org > >>>>>> Sent: Monday, October 6, 2014 3:40:05 PM > >>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>>>> > >>>>>> Alon, > >>>>>> > >>>>>> Thanks, the ovirt-engine-extension-aaa-ldap was updated successfully. > >>>>>> and then I restarted my ovirt-engine. > >>>>>> > >>>>>> I tried the following: > >>>>>> > >>>>>> 1) Login to the User Portal using LDAP account "tani". > >>>>>> Failed. (it was able to login before doing update.) > >>>>>> > >>>>>> 2) Then deleting the LDAP account "tani" from admin portal. > >>>>>> > >>>>>> 3) Tried to add new account "tani" again. > >>>>>> I selected "rxc05271.com (authz-company)" instead of "internal > >>>>>> (internal)" > >>>>>> but "Go" bottun is hidden. > >>>>>> > >>>>>> What should I do next? > >>>>> it probably means that the engine cannot interact with the ldap. > >>>>> can you see any error message during engine startup that related? > >>>>> can you stop engine remove engine.log start engine and send me the > >>>>> engine.log? > >>>>> > >>>>>> Regards, > >>>>>> Fumihide Tani > >>>>>> > >>>>>> (2014/10/06 20:39), Alon Bar-Lev wrote: > >>>>>>> ----- Original Message ----- > >>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> > >>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> > >>>>>>>> Cc: users@ovirt.org > >>>>>>>> Sent: Monday, October 6, 2014 2:36:38 PM > >>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>>>>>> > >>>>>>>> Hi, Alon > >>>>>>>> > >>>>>>>> I can not update the ovirt-engine-extension-aaa-ldap.noarch > >>>>>>>> 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the one you > >>>>>>>> specified. > >>>>>>>> Is it still not exist in ovirt-3.5-pre repo? > >>>>>>> right, they are at snapshots. > >>>>>>> you can take the extension rpm and only update it. > >>>>>>> > >>>>>>> yum localupdate > >>>>>>> http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d.el6.noarch.rpm > >>>>>>> > >>>>>>>> Regards, > >>>>>>>> Fumihide Tani > >>>>>>>> > >>>>>>>> (2014/10/06 17:07), Alon Bar-Lev wrote: > >>>>>>>>> Hello Fumihide, > >>>>>>>>> > >>>>>>>>> I pushed a significant change into ldap package, in some cases it > >>>>>>>>> will > >>>>>>>>> provide better response times. > >>>>>>>>> The change is within group resolution. > >>>>>>>>> I wounder if you can test it, should be at least > >>>>>>>>> ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d. > >>>>>>>>> > >>>>>>>>> Regards, > >>>>>>>>> Alon Bar-Lev. > >>>>>>>>> > >>>>>>>>> ----- Original Message ----- > >>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> > >>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> > >>>>>>>>>> Cc: users@ovirt.org > >>>>>>>>>> Sent: Thursday, September 25, 2014 4:41:09 PM > >>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>>>>>>>> > >>>>>>>>>> Hi, Alon, > >>>>>>>>>> > >>>>>>>>>> Without waiting until the weekend, > >>>>>>>>>> I have finished the flesh install of the oVirt 3.5 RC3 today. > >>>>>>>>>> As a result, with same AAA settings, > >>>>>>>>>> My OpenLDAP's users became possible to login to the Web User > >>>>>>>>>> Portal > >>>>>>>>>> now. > >>>>>>>>>> Yes, RC3 is good for integrating with newest OpenLDAP 2.4.23, RC2 > >>>>>>>>>> is > >>>>>>>>>> not. > >>>>>>>>>> > >>>>>>>>>> Very much thanks, > >>>>>>>>>> Fumihide Tani > >>>>>>>>>> > >>>>>>>>>> (2014/09/25 7:27), Alon Bar-Lev wrote: > >>>>>>>>>>> This is severe, the upgrade is not working properly you have > >>>>>>>>>>> issues > >>>>>>>>>>> with > >>>>>>>>>>> accessing database. > >>>>>>>>>>> If database is not important I suggest a fresh install, run > >>>>>>>>>>> engine-cleanup > >>>>>>>>>>> then engine-setup. > >>>>>>>>>>> If database is important please forward this to devel mailing > >>>>>>>>>>> list > >>>>>>>>>>> for > >>>>>>>>>>> someone to help, regardless of LDAP. > >>>>>>>>>>> Regards, > >>>>>>>>>>> Alon > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> 4-09-25 00:36:08,389 ERROR > >>>>>>>>>>> [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] > >>>>>>>>>>> (DefaultQuartzScheduler_Worker-7) ArrayIndexOutOfBoundsException: > >>>>>>>>>>> 1: > >>>>>>>>>>> java.lang.ArrayIndexOutOfBoundsException: 1 > >>>>>>>>>>> at > >>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208) > >>>>>>>>>>> [dal.jar:] > >>>>>>>>>>> at > >>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20) > >>>>>>>>>>> [dal.jar:] > >>>>>>>>>>> at > >>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184) > >>>>>>>>>>> [dal.jar:] > >>>>>>>>>>> at > >>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168) > >>>>>>>>>>> [dal.jar:] > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> > >>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> > >>>>>>>>>>>> Sent: Wednesday, September 24, 2014 6:40:58 PM > >>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>>>>>>>>>> > >>>>>>>>>>>> Result of running engine-setup: > >>>>>>>>>>>> [root@ovirt ~]# yum list installed|grep ovirt-engine > >>>>>>>>>>>> ovirt-engine.noarch > >>>>>>>>>>>> 3.5.0-0.0.master.20140923231936.git42065cc.el6 > >>>>>>>>>>>> > >>>>>>>>>>>> Yes, engine is updated to newest one.! > >>>>>>>>>>>> > >>>>>>>>>>>> But I still continued failing to login. > >>>>>>>>>>>> engine.log attached. > >>>>>>>>>>>> > >>>>>>>>>>>> Very thanks, > >>>>>>>>>>>> > >>>>>>>>>>>> (2014/09/24 23:59), Alon Bar-Lev wrote: > >>>>>>>>>>>>> you probably need to run engine-setup > >>>>>>>>>>>>> > >>>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> > >>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> > >>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:59:22 PM > >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Oops! > >>>>>>>>>>>>>> # yum list installed | grep ovirt-engine > >>>>>>>>>>>>>> ovirt-engine.noarch > >>>>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6 > >>>>>>>>>>>>>> (snip) > >>>>>>>>>>>>>> ..... > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Many ovirt-3.5-* modules are updated by yum today but engine > >>>>>>>>>>>>>> is > >>>>>>>>>>>>>> not. > >>>>>>>>>>>>>> Why not updated to RC3?? > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> (2014/09/24 22:42), Alon Bar-Lev wrote: > >>>>>>>>>>>>>>> Unless I am missing something, you run old engine: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> 2014-09-24 22:16:24,136 INFO > >>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.Backend] > >>>>>>>>>>>>>>> (MSC > >>>>>>>>>>>>>>> service thread 1-12) Running ovirt-engine > >>>>>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6 > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> > >>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> > >>>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:21:09 PM > >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple > >>>>>>>>>>>>>>>> LDAP. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Attached engine.log with "FINEST" > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Thanks, > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> (2014/09/24 21:32), Alon Bar-Lev wrote: > >>>>>>>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> > >>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> > >>>>>>>>>>>>>>>>>> Cc: users@ovirt.org > >>>>>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 3:24:23 PM > >>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple > >>>>>>>>>>>>>>>>>> LDAP. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Hi, Alon, > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> I have updated the oVirt 3.5 RC2 to the newest RC3 today. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> From my CentOS6.5 based oVirt Engine server and > >>>>>>>>>>>>>>>>>> the > >>>>>>>>>>>>>>>>>> oVirt > >>>>>>>>>>>>>>>>>> Host > >>>>>>>>>>>>>>>>>> server, > >>>>>>>>>>>>>>>>>> # yum clean all > >>>>>>>>>>>>>>>>>> # yum update > >>>>>>>>>>>>>>>>>> Then rebooted these servers. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> But my LDAP problem is continued and same result as > >>>>>>>>>>>>>>>>>> before. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> When I login to the oVirt User Portal, > >>>>>>>>>>>>>>>>>> User Name: tani > >>>>>>>>>>>>>>>>>> Password: (OpenLDAP's userPassword) > >>>>>>>>>>>>>>>>>> Domain: rxc05271.com > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> UI displays "General command validation failure." > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Please advice. > >>>>>>>>>>>>>>>>> Hopefully I can if you provide log... :) > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Thanks, > >>>>>>>>>>>>>>>>>> Fumihide Tani > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> (2014/09/22 22:20), Alon Bar-Lev wrote: > >>>>>>>>>>>>>>>>>>> The version of engine you are using is probably out of > >>>>>>>>>>>>>>>>>>> date > >>>>>>>>>>>>>>>>>>> and > >>>>>>>>>>>>>>>>>>> unsynced > >>>>>>>>>>>>>>>>>>> with latest ldap package (20140821064931). > >>>>>>>>>>>>>>>>>>> Please make sure you take latest from[1] > >>>>>>>>>>>>>>>>>>> Thanks! > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/ > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> > >>>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> > >>>>>>>>>>>>>>>>>>>> Cc: users@ovirt.org > >>>>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:42:52 PM > >>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple > >>>>>>>>>>>>>>>>>>>> LDAP. > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> Hi, Alon, > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> Your requested engine.log attached. > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> Also, I tried to login to web user portal by "tani" > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> User Name: tani > >>>>>>>>>>>>>>>>>>>> Password: (OpenLDAP userPassword) > >>>>>>>>>>>>>>>>>>>> Domain: rxc05271.com > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> cause: "General command validation failure." > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> Attated log includes login by "Fumihide" first, "tani" > >>>>>>>>>>>>>>>>>>>> second. > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> Very thanks, > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> (2014/09/22 21:24), Alon Bar-Lev wrote: > >>>>>>>>>>>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271@nifty.com> > >>>>>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl@redhat.com> > >>>>>>>>>>>>>>>>>>>>>> Cc: users@ovirt.org > >>>>>>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:06:39 PM > >>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with > >>>>>>>>>>>>>>>>>>>>>> simple > >>>>>>>>>>>>>>>>>>>>>> LDAP. > >>>>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>>>> Sorry, I misunderstood. > >>>>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>>>> This is outputs after LDAP user logged in. > >>>>>>>>>>>>>>>>>>>>> Please attach log as files, not inline, easier to > >>>>>>>>>>>>>>>>>>>>> handle. > >>>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,638 DEBUG > >>>>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] > >>>>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) > >>>>>>>>>>>>>>>>>>>>> SearchRequest: > >>>>>>>>>>>>>>>>>>>>> SearchRequest(baseDN='dc=rxc05271,dc=com', > >>>>>>>>>>>>>>>>>>>>> scope=SUB, > >>>>>>>>>>>>>>>>>>>>> deref=NEVER, sizeLimit=0, timeLimit=0, > >>>>>>>>>>>>>>>>>>>>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', > >>>>>>>>>>>>>>>>>>>>> attrs={entryUUID, > >>>>>>>>>>>>>>>>>>>>> uid, displayName, memberOf, department, givenName, sn, > >>>>>>>>>>>>>>>>>>>>> title, > >>>>>>>>>>>>>>>>>>>>> mail}, > >>>>>>>>>>>>>>>>>>>>> controls={SimplePagedResultsControl(pageSize=100, > >>>>>>>>>>>>>>>>>>>>> isCritical=false)}) > >>>>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,640 DEBUG > >>>>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] > >>>>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) > >>>>>>>>>>>>>>>>>>>>> SearchResult: SearchResult(resultCode=0 (success), > >>>>>>>>>>>>>>>>>>>>> messageID=3, > >>>>>>>>>>>>>>>>>>>>> entriesReturned=0, referencesReturned=0, > >>>>>>>>>>>>>>>>>>>>> responseControls={SimplePagedResultsControl(pageSize=0, > >>>>>>>>>>>>>>>>>>>>> isCritical=false)}) > >>>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>>> >From the above I see that a search was issued: > >>>>>>>>>>>>>>>>>>>>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide) > >>>>>>>>>>>>>>>>>>>>> And no result returned. > >>>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>>> Per previous output: > >>>>>>>>>>>>>>>>>>>>> --- > >>>>>>>>>>>>>>>>>>>>> # tani, Users, rxc05271.com > >>>>>>>>>>>>>>>>>>>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com > >>>>>>>>>>>>>>>>>>>>> objectClass: inetOrgPerson > >>>>>>>>>>>>>>>>>>>>> objectClass: uidObject > >>>>>>>>>>>>>>>>>>>>> uid: tani > >>>>>>>>>>>>>>>>>>>>> cn: Fumihide Tani > >>>>>>>>>>>>>>>>>>>>> givenName: Fumihide > >>>>>>>>>>>>>>>>>>>>> mail: tani@rxc05271.com > >>>>>>>>>>>>>>>>>>>>> sn: Tani > >>>>>>>>>>>>>>>>>>>>> userPassword:: a3VtaXRhbg== > >>>>>>>>>>>>>>>>>>>>> --- > >>>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>>> Your user name is tani and not Fumihide. > >>>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>>> Alon > >>>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>>> > >> > >> > > > > >