On Thu, May 30, 2019 at 11:22 AM <rubennunes12@gmail.com> wrote:

Hello everyone.

So i don't know what i'm doing wrong but this doesn't seem to work, i already made the confgurations needed on the ovirt-engine-extension-aaa-ldap i'm a little desperate here.

I'm going to put all the commands that i already made and the errors that they give:

- ovirt-engine-extension-aaa-ldap-setup

Stage: Setup validation

NOTE:
It is highly recommended to test drive the configuration before applying it into engine.
Login sequence is executed automatically, but it is recommended to also execute Search sequence manually after successful Login sequence.

Please provide credentials to test login flow:
Enter user name: node1
Enter user password:
[ INFO ] Executing login sequence...

[snip]

2019-05-29 03:45:59,778+01 INFO ========================================================================
2019-05-29 03:45:59,778+01 INFO ============================== Execution ===============================
2019-05-29 03:45:59,778+01 INFO ========================================================================
2019-05-29 03:45:59,779+01 INFO Iteration: 0
2019-05-29 03:45:59,780+01 INFO Profile='192.168.16.114' authn='192.168.16.114-authn' authz='192.168.16.114' mapping='null'
2019-05-29 03:45:59,780+01 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='192.168.16.114' user='node1'
2019-05-29 03:45:59,835+01 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='192.168.16.114' result=CREDENTIALS_INVALID
2019-05-29 03:45:59,843+01 SEVERE Authn.Result code is: CREDENTIALS_INVALID
[ ERROR ] Login sequence failed
Please investigate details of the failure (search for lines containing SEVERE log level).
Select test sequence to execute (Done, Abort, Login, Search) [Abort]:

The setup command above didn't succeed, so before going ahead with further steps you have to fix it. Error has been

2019-05-29 03:45:59,843+01 SEVERE Authn.Result code is: CREDENTIALS_INVALID

So the password used for user node1 is not ok. Is this the user you want to use to bind?

What option did you choose:

9 - OpenLDAP Standard Schema

- ovirt-engine-extensions-tool aaa login-user --profile=lab.local --user-name=node1

[snip]

2019-05-29 03:57:35,859+01 WARNING Exception: An error occurred while attempting to connect to server ldap.lab.local:389: IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap.lab.local/192.168.16.114:389: UnknownHostException(ldap.lab.local), ldapSDKVersion=4.0.5, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58'))

here you go apparently now with an hostname (ldap.lab.local) but it seems not resolved.

So you have to decide if going with hostname or ip and use consistently, because then your ldapsearch test is used below, it is used with ip (192.168.16.114)

- ldapsearch -x -h 192.168.16.114 -b "dc=ldap,dc=local" -D "cn=ldapadm,dc=lab,dc=local" -W

Enter LDAP Password:
# extended LDIF
#

Also, to bind here you use DN cn=ldapadm,dc=lab,dc=local, while in test above you use node1...

I also see you have profile1 and profile 2 with profile1 using something like "dc=sybase,dc=pt"... is this a working profile?

Anyway, as a starting point you could also read the automatic workflow here:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/sect-configuring_an_external_ldap_provider#Configuring_an_External_LDAP_Provider

or the manual method here:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/sect-configuring_an_external_ldap_provider#Configuring_an_External_LDAP_Provider_ManualMethod

In particular:

Prerequisites:

You must know the domain name of the DNS or the LDAP server.
To set up secure connection between the LDAP server and the Manager, ensure that a PEM-encoded CA certificate has been prepared.
Have at least one set of account name and password ready to perform search and login queries to the LDAP server.

HIH,

Gianluca