3:07 p.m.
This is a multi-part message in MIME format.
--------------040506020505040804040504
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Hi!
We just upgaded oVirt from 3.4 to 3.5 and now users cannot select the
LDAP domain on the login screen. Only internal is available.
Our LDAP server is actually a 389DS instance and we are using for
authentication in oVirt without Kerberos. The existing setup has worked
since the days of 3.2.
When we try to validate the domain, we get
[root@brda ~]# engine-manage-domains validate
Error: Cannot authenticate user ovirt to domain guest.arnes.si, details:
[LDAP: error code 32 - No Such Object]; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]
Failure while testing domain guest.arnes.si. Details: Cannot
authenticate user to LDAP server.
The LDAP log reports
[18/Jun/2015:13:52:38 +0200] conn=3 op=0 BIND
dn="uid=ovirt,ou=Peopledc=guest,dc=arnes,dc=si" method=128 version=3
As you can see there is a comma missing before "dc=guest,dc=arnes,dc=si".
Before the upgrade the bind DN was generated properly as
[18/Jun/2015:12:42:45 +0200] conn=10219 op=0 BIND
dn="uid=ovirt,ou=People,dc=arnes,dc=si" method=128 version=3
This looks like a bug.
Is there a quick fix we can do to fix this typo?
We are also interested in knowing what is the correct way in 3.5 to add
a domain that uses an LDAP server for its authentication source without
Kerberos.
Kind regards, Mitja
--
--
Mitja Mihelič
ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia
tel: +386 1 479 8800, fax: +386 1 479 88 99
--------------040506020505040804040504
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font size="-1">Hi!<br>
<br>
We just upgaded oVirt from 3.4 to 3.5 and now users cannot select
the LDAP domain on the login screen. Only internal is available.<br>
Our LDAP server is actually a 389DS instance and we are using for
authentication in oVirt without Kerberos. The existing setup has
worked since the days of 3.2.<br>
<br>
When we try to validate the domain, we get<br>
[root@brda ~]# engine-manage-domains validate<br>
Error: Cannot authenticate user ovirt to domain guest.arnes.si,
details: [LDAP: error code 32 - No Such Object]; nested exception
is javax.naming.AuthenticationException: [LDAP: error code 32 - No
Such Object]<br>
Failure while testing domain guest.arnes.si. Details: Cannot
authenticate user to LDAP server.<br>
<br>
The LDAP log reports<br>
[18/Jun/2015:13:52:38 +0200] conn=3 op=0 BIND
dn="uid=ovirt,ou=Peopledc=guest,dc=arnes,dc=si" method=128
version=3<br>
As you can see there is a comma missing before
"dc=guest,dc=arnes,dc=si".<br>
<br>
Before the upgrade the bind DN was generated properly as<br>
[18/Jun/2015:12:42:45 +0200] conn=10219 op=0 BIND
dn="uid=ovirt,ou=People,dc=arnes,dc=si" method=128 version=3<br>
<br>
This looks like a bug.<br>
Is there a quick fix we can do to fix this typo?<br>
<br>
We are also interested in knowing what is the correct way in 3.5
to add a domain that uses an LDAP server for its authentication
source without Kerberos.<br>
<br>
Kind regards, Mitja<br>
</font>
<pre class="moz-signature" cols="72">
--
--
Mitja Mihelič
ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia
tel: +386 1 479 8800, fax: +386 1 479 88 99</pre>
</body>
</html>
--------------040506020505040804040504--