11:03 a.m.
--_000_CO2PR0801MB07430BD1B4EBE69A288FF50EA69B0CO2PR0801MB0743_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
SGVsbG8sDQoNCkdldHRpbmcgdGhpcyBhbmQgaGF2ZSBubyBpZGVhIHdoZXJlIHRvIGJlZ2luOg0K
DQpzZXJ2ZXJfZXJyb3I6IFVuZXhwZWN0ZWQgY29tbWEgb3Igc2VtaWNvbG9uIGZvdW5kIGF0IHRo
ZSBlbmQgb2YgdGhlIEROIHN0cmluZy4NCg0KU2VydmVyIGlzIHNldCB1cCB3aXRoIEFEIGZvciBh
dXRoZW50aWNhdGlvbi4gVGhlIHByb2JsZW0gc3RhcnRlZCBhZnRlciBhdHRlbXB0aW5nIHRvIGNo
YW5nZSBTU0wgY2VydGlmaWNhdGVzIHdpdGggb3VyIG93biBob3dldmVyLCB0aGF0IGZhaWxlZCBz
byB3ZSByb2xsZWQgYmFjay4gTm93LCBhdXRoZW50aWNhdGlvbiBkb2VzbuKAmXQgd29yayBhbnlt
b3JlIGFuZCB0aGUgZXJyb3IgaXMgdmFndWUuDQo=
--_000_CO2PR0801MB07430BD1B4EBE69A288FF50EA69B0CO2PR0801MB0743_
Content-Type: text/html; charset="utf-8"
Content-ID:
<41DC910482B1F847AED60B21A5974043(a)sct-15-1-659-11-msonline-outlook-7ade0.templateTenant>
Content-Transfer-Encoding: base64
PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4
bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo
dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo
dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp
dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l
dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg
bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj
ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2
IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy
IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt
YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i
b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp
IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy
aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph
OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5
Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQouTXNv
Q2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTt9DQpAcGFnZSBXb3JkU2Vj
dGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEu
MGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHls
ZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0iIzk1NEY3
MiI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGVs
bG8sPC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj5HZXR0aW5nIHRoaXMgYW5kIGhhdmUgbm8gaWRlYSB3aGVyZSB0byBi
ZWdpbjo8L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPnNlcnZlcl9lcnJvcjogVW5leHBlY3RlZCBjb21tYSBvciBzZW1p
Y29sb24gZm91bmQgYXQgdGhlIGVuZCBvZiB0aGUgRE4gc3RyaW5nLjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+U2Vy
dmVyIGlzIHNldCB1cCB3aXRoIEFEIGZvciBhdXRoZW50aWNhdGlvbi4gVGhlIHByb2JsZW0gc3Rh
cnRlZCBhZnRlciBhdHRlbXB0aW5nIHRvIGNoYW5nZSBTU0wgY2VydGlmaWNhdGVzIHdpdGggb3Vy
IG93biBob3dldmVyLCB0aGF0IGZhaWxlZCBzbyB3ZSByb2xsZWQgYmFjay4gTm93LCBhdXRoZW50
aWNhdGlvbiBkb2VzbuKAmXQgd29yayBhbnltb3JlIGFuZCB0aGUgZXJyb3IgaXMgdmFndWUuDQo8
L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg==
--_000_CO2PR0801MB07430BD1B4EBE69A288FF50EA69B0CO2PR0801MB0743_--
11:28 a.m.
Hi,
could you please execute following command to get full logs from login flow
and share those logs?
ovirt-engine-extensions-tool --log-level=FINEST aaa login-user
--profile=<PROFILE_NAME> --user-name=<USERNAME>
Please replace <PROFILE_NAME> and <USERNAME> according to your setup.
Thanks
Martin Perina
On Tue, Dec 13, 2016 at 9:03 AM, Bill Bill <jax2568(a)outlook.com> wrote:
Hello,
Getting this and have no idea where to begin:
server_error: Unexpected comma or semicolon found at the end of the DN
string.
Server is set up with AD for authentication. The problem started after
attempting to change SSL certificates with our own however, that failed so
we rolled back. Now, authentication doesn’t work anymore and the error is
vague.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users
11:35 p.m.
--_000_CO2PR0801MB0743F2EF9B05536554E0BBE4A69B0CO2PR0801MB0743_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
I was actually able to resolve this by renaming the corresponding files in =
the /etc/pki/ovirt-engine/aaa directory and the extentions.d directory. The=
n, I simply ran the ovirt-engine-extension-aaa-ldap-setup command and re-ad=
ded the AD back. The users were not affected since they were already in oVi=
rt.
I have found that in the properties file, it stores the login information I=
used to set the connection up. If I remove those, the error is generated. =
It seems as though unless there=92s a username/password stored in plain tex=
t in that file, the AD connection will not work. Is this correct or are the=
re some variables that can be entered to use the info from the login fields=
?
From: Martin Perina<mailto:mperina@redhat.com>
Sent: Tuesday, December 13, 2016 3:28 AM
To: Bill Bill<mailto:jax2568@outlook.com>
Cc: users@ovirt.org<mailto:users@ovirt.org>; Ondra Machacek<mailto:omachace=
@redhat.com>
Subject: Re: [ovirt-users] unexpected comma found at the end of DN string
Hi,
could you please execute following command to get full logs from login flow=
and share those logs?
ovirt-engine-extensions-tool --log-level=3DFINEST aaa login-user --profil=
e=3D<PROFILE_NAME> --user-name=3D<USERNAME>
Please replace <PROFILE_NAME> and <USERNAME> according to your setup.
Thanks
Martin Perina
On Tue, Dec 13, 2016 at 9:03 AM, Bill Bill <jax2568@outlook.com<mailto:jax2=
568(a)outlook.com>> wrote:
Hello,
Getting this and have no idea where to begin:
server_error: Unexpected comma or semicolon found at the end of the DN stri=
ng.
Server is set up with AD for authentication. The problem started after atte=
mpting to change SSL certificates with our own however, that failed so we r=
olled back. Now, authentication doesn=92t work anymore and the error is vag=
ue.
_______________________________________________
Users mailing list
Users@ovirt.org<mailto:Users@ovirt.org>
http://lists.phx.ovirt.org/mailman/listinfo/users
--_000_CO2PR0801MB0743F2EF9B05536554E0BBE4A69B0CO2PR0801MB0743_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3DWindows-1=
252">
</head>
<body>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class=3D"WordSection1">
<p class=3D"MsoNormal">I was actually able to resolve this by renaming the
=
corresponding files in the /etc/pki/ovirt-engine/aaa directory and the exte=
ntions.d directory. Then, I simply ran the ovirt-engine-extension-aaa-ldap-=
setup command and re-added the AD
back. The users were not affected since they were already in oVirt.</p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">I have found that in the properties file, it stores
=
the login information I used to set the connection up. If I remove those, t=
he error is generated. It seems as though unless there=92s a username/passw=
ord stored in plain text in that file,
the AD connection will not work. Is this correct or are there some variabl=
es that can be entered to use the info from the login fields?</p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<div style=3D"mso-element:para-border-div;border:none;border-top:solid #E1E=
1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class=3D"MsoNormal"
style=3D"border:none;padding:0in"><b>From: </b><a hr=
ef=3D"mailto:mperina@redhat.com">Martin Perina</a><br>
<b>Sent: </b>Tuesday, December 13, 2016 3:28 AM<br>
<b>To: </b><a href=3D"mailto:jax2568@outlook.com">Bill
Bill</a><br>
<b>Cc: </b><a
href=3D"mailto:users@ovirt.org">users@ovirt.org</a>; <a href=
=3D"mailto:omachace@redhat.com">
Ondra Machacek</a><br>
<b>Subject: </b>Re: [ovirt-users] unexpected comma found at the end of DN s=
tring</p>
</div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div dir=3D"ltr">
<div style=3D"font-family:arial,helvetica,sans-serif"
class=3D"gmail_defaul=
t">Hi,<br>
<br>
</div>
<div style=3D"font-family:arial,helvetica,sans-serif"
class=3D"gmail_defaul=
t">could you please execute following command to get full logs from login f=
low and share those logs?<br>
<br>
ovirt-engine-extensions-tool --log-level=3DFINEST aaa login-user --p=
rofile=3D<PROFILE_NAME> --user-name=3D<USERNAME><br>
<br>
</div>
<div style=3D"font-family:arial,helvetica,sans-serif"
class=3D"gmail_defaul=
t">Please replace <PROFILE_NAME> and <USERNAME>
according to yo=
ur setup.<br>
<br>
</div>
<div style=3D"font-family:arial,helvetica,sans-serif"
class=3D"gmail_defaul=
t">Thanks<br>
<br>
</div>
<div style=3D"font-family:arial,helvetica,sans-serif"
class=3D"gmail_defaul=
t">Martin Perina<br>
<br>
</div>
</div>
<div class=3D"gmail_extra"><br>
<div class=3D"gmail_quote">On Tue, Dec 13, 2016 at 9:03 AM, Bill Bill
<span=
dir=3D"ltr">
<<a href=3D"mailto:jax2568@outlook.com"
target=3D"_blank">jax2568@outloo=
k.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0
.8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
<div link=3D"blue" vlink=3D"#954F72" lang=3D"EN-US">
<div class=3D"m_1628617985248980709WordSection1">
<p class=3D"MsoNormal">Hello,</p>
<p
class=3D"MsoNormal"><u></u> <u></u></p>
<p class=3D"MsoNormal">Getting this and have no idea where to
begin:</p>
<p
class=3D"MsoNormal"><u></u> <u></u></p>
<p class=3D"MsoNormal">server_error: Unexpected comma or semicolon found
at=
the end of the DN string.</p>
<p
class=3D"MsoNormal"><u></u> <u></u></p>
<p class=3D"MsoNormal">Server is set up with AD for authentication. The
pro=
blem started after attempting to change SSL certificates with our own howev=
er, that failed so we rolled back. Now, authentication doesn=92t work anymo=
re and the error is vague.
</p>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href=3D"mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href=3D"http://lists.phx.ovirt.org/mailman/listinfo/users"
rel=3D"norefe=
rrer"
target=3D"_blank">http://lists.phx.ovirt.org/<wbr>mail...
ers</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</body>
</html>
--_000_CO2PR0801MB0743F2EF9B05536554E0BBE4A69B0CO2PR0801MB0743_--
12:29 a.m.
Good that you make it work.
AFAIK in Active Directory is very rarely used anonymous bind, so you should
always use the username/password configuration in your properties files.
Or properly setup the anonymous bind, because according to logs there
are some ldap attributes with strange values.
The aaa-ldap doesn't use the user from the login fields, as it's not
correct.
You should have setup some search user which does authorization, it
should not be performed by user which is trying to login.
On Tue, Dec 13, 2016 at 9:35 PM, Bill Bill <jax2568(a)outlook.com> wrote:
I was actually able to resolve this by renaming the corresponding
files in
the /etc/pki/ovirt-engine/aaa directory and the extentions.d directory.
Then, I simply ran the ovirt-engine-extension-aaa-ldap-setup command and
re-added the AD back. The users were not affected since they were already
in oVirt.
I have found that in the properties file, it stores the login information
I used to set the connection up. If I remove those, the error is generated.
It seems as though unless there’s a username/password stored in plain text
in that file, the AD connection will not work. Is this correct or are there
some variables that can be entered to use the info from the login fields?
*From: *Martin Perina <mperina(a)redhat.com>
*Sent: *Tuesday, December 13, 2016 3:28 AM
*To: *Bill Bill <jax2568(a)outlook.com>
*Cc: *users(a)ovirt.org; Ondra Machacek <omachace(a)redhat.com>
*Subject: *Re: [ovirt-users] unexpected comma found at the end of DN
string
Hi,
could you please execute following command to get full logs from login
flow and share those logs?
ovirt-engine-extensions-tool --log-level=FINEST aaa login-user
--profile=<PROFILE_NAME> --user-name=<USERNAME>
Please replace <PROFILE_NAME> and <USERNAME> according to your setup.
Thanks
Martin Perina
On Tue, Dec 13, 2016 at 9:03 AM, Bill Bill <jax2568(a)outlook.com> wrote:
> Hello,
>
>
>
> Getting this and have no idea where to begin:
>
>
>
> server_error: Unexpected comma or semicolon found at the end of the DN
> string.
>
>
>
> Server is set up with AD for authentication. The problem started after
> attempting to change SSL certificates with our own however, that failed so
> we rolled back. Now, authentication doesn’t work anymore and the error is
> vague.
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.phx.ovirt.org/mailman/listinfo/users
>
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users
2901
days inactive
2901
days old
3 comments
3 participants
participants (3)
-
Bill Bill -
Martin Perina -
Ondra Machacek