This is a multi-part message in MIME format. --------------040506020505040804040504 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Hi! We just upgaded oVirt from 3.4 to 3.5 and now users cannot select the LDAP domain on the login screen. Only internal is available. Our LDAP server is actually a 389DS instance and we are using for authentication in oVirt without Kerberos. The existing setup has worked since the days of 3.2. When we try to validate the domain, we get [root@brda ~]# engine-manage-domains validate Error: Cannot authenticate user ovirt to domain guest.arnes.si, details: [LDAP: error code 32 - No Such Object]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object] Failure while testing domain guest.arnes.si. Details: Cannot authenticate user to LDAP server. The LDAP log reports [18/Jun/2015:13:52:38 +0200] conn=3 op=0 BIND dn="uid=ovirt,ou=Peopledc=guest,dc=arnes,dc=si" method=128 version=3 As you can see there is a comma missing before "dc=guest,dc=arnes,dc=si". Before the upgrade the bind DN was generated properly as [18/Jun/2015:12:42:45 +0200] conn=10219 op=0 BIND dn="uid=ovirt,ou=People,dc=arnes,dc=si" method=128 version=3 This looks like a bug. Is there a quick fix we can do to fix this typo? We are also interested in knowing what is the correct way in 3.5 to add a domain that uses an LDAP server for its authentication source without Kerberos. Kind regards, Mitja -- -- Mitja Mihelič ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386 1 479 8800, fax: +386 1 479 88 99 --------------040506020505040804040504 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> </head> <body bgcolor="#FFFFFF" text="#000000"> <font size="-1">Hi!<br> <br> We just upgaded oVirt from 3.4 to 3.5 and now users cannot select the LDAP domain on the login screen. Only internal is available.<br> Our LDAP server is actually a 389DS instance and we are using for authentication in oVirt without Kerberos. The existing setup has worked since the days of 3.2.<br> <br> When we try to validate the domain, we get<br> [root@brda ~]# engine-manage-domains validate<br> Error: Cannot authenticate user ovirt to domain guest.arnes.si, details: [LDAP: error code 32 - No Such Object]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]<br> Failure while testing domain guest.arnes.si. Details: Cannot authenticate user to LDAP server.<br> <br> The LDAP log reports<br> [18/Jun/2015:13:52:38 +0200] conn=3 op=0 BIND dn="uid=ovirt,ou=Peopledc=guest,dc=arnes,dc=si" method=128 version=3<br> As you can see there is a comma missing before "dc=guest,dc=arnes,dc=si".<br> <br> Before the upgrade the bind DN was generated properly as<br> [18/Jun/2015:12:42:45 +0200] conn=10219 op=0 BIND dn="uid=ovirt,ou=People,dc=arnes,dc=si" method=128 version=3<br> <br> This looks like a bug.<br> Is there a quick fix we can do to fix this typo?<br> <br> We are also interested in knowing what is the correct way in 3.5 to add a domain that uses an LDAP server for its authentication source without Kerberos.<br> <br> Kind regards, Mitja<br> </font> <pre class="moz-signature" cols="72"> -- -- Mitja Mihelič ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386 1 479 8800, fax: +386 1 479 88 99</pre> </body> </html> --------------040506020505040804040504--