[Users] Problem adding an IPA server to oVirt
Hi, I am trying to set up an oVirt environment with an IPA provider and am hitting a GeneralException that I am unsure how to debug. I have configured freeIPA in a Fedora VM using the supplied configuration script and I can 'kinit admin' from the ovirt-engine machine. When I run the manage-domains command I get the following exception: I didn't realize it, but I had to add _kerberos srv records to my dnsmasq.conf in order for the script to even find my KDC. ./engine-manage-domains -action=add -provider=IPA -domain=alitke.net -user=admin -interactive -ldapServers=directory.alitke.net Enter password: General error has occurednull java.lang.NegativeArraySizeException at sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367) at sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722) at sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200) at sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861) at sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385) at com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104) at com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52) at org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254) at org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135) at org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739) at org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909) at org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531) at org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308) at org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:260) at org.jboss.modules.Main.main(Main.java:291) Failure while testing domain %1$s. Details: %2$s: One of the parameters for this error is null and no default message to show Any thoughts on what might be going wrong?
Hi Adam, Looks like you have problems in running the Root DSE query. I would like you to try and troubleshoot by comparing this to the execution of - ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base ----- Original Message -----
From: "Adam Litke" <alitke@redhat.com> To: users@ovirt.org Sent: Tuesday, January 21, 2014 12:12:03 AM Subject: [Users] Problem adding an IPA server to oVirt
Hi,
I am trying to set up an oVirt environment with an IPA provider and am hitting a GeneralException that I am unsure how to debug. I have configured freeIPA in a Fedora VM using the supplied configuration script and I can 'kinit admin' from the ovirt-engine machine. When I run the manage-domains command I get the following exception:
I didn't realize it, but I had to add _kerberos srv records to my dnsmasq.conf in order for the script to even find my KDC.
./engine-manage-domains -action=add -provider=IPA -domain=alitke.net -user=admin -interactive -ldapServers=directory.alitke.net Enter password: General error has occurednull java.lang.NegativeArraySizeException at sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367) at sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722) at sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200) at sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861) at sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385) at com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104) at com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52) at org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254) at org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135) at org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739) at org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909) at org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531) at org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308) at org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:260) at org.jboss.modules.Main.main(Main.java:291) Failure while testing domain %1$s. Details: %2$s: One of the parameters for this error is null and no default message to show
Any thoughts on what might be going wrong?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On 01/20/2014 11:33 PM, Yair Zaslavsky wrote:
Hi Adam, Looks like you have problems in running the Root DSE query. I would like you to try and troubleshoot by comparing this to the execution of -
ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base
I think the problem is that your LDAP server is configured with a minimum security strength factor that triggers a bug in the Kerberos support in the Java virtual machine. This is a know issue. See here for details: http://gerrit.ovirt.org/21505
----- Original Message -----
From: "Adam Litke" <alitke@redhat.com> To: users@ovirt.org Sent: Tuesday, January 21, 2014 12:12:03 AM Subject: [Users] Problem adding an IPA server to oVirt
Hi,
I am trying to set up an oVirt environment with an IPA provider and am hitting a GeneralException that I am unsure how to debug. I have configured freeIPA in a Fedora VM using the supplied configuration script and I can 'kinit admin' from the ovirt-engine machine. When I run the manage-domains command I get the following exception:
I didn't realize it, but I had to add _kerberos srv records to my dnsmasq.conf in order for the script to even find my KDC.
./engine-manage-domains -action=add -provider=IPA -domain=alitke.net -user=admin -interactive -ldapServers=directory.alitke.net Enter password: General error has occurednull java.lang.NegativeArraySizeException at sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367) at sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722) at sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200) at sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861) at sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385) at com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104) at com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52) at org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254) at org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135) at org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739) at org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909) at org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531) at org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308) at org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:260) at org.jboss.modules.Main.main(Main.java:291) Failure while testing domain %1$s. Details: %2$s: One of the parameters for this error is null and no default message to show
Any thoughts on what might be going wrong?
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On 21/01/14 12:49 +0100, Juan Hernandez wrote:
On 01/20/2014 11:33 PM, Yair Zaslavsky wrote:
Hi Adam, Looks like you have problems in running the Root DSE query. I would like you to try and troubleshoot by comparing this to the execution of -
ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base
I think the problem is that your LDAP server is configured with a minimum security strength factor that triggers a bug in the Kerberos support in the Java virtual machine. This is a know issue. See here for details:
Thanks. Does this affect openIPA as well?
----- Original Message -----
From: "Adam Litke" <alitke@redhat.com> To: users@ovirt.org Sent: Tuesday, January 21, 2014 12:12:03 AM Subject: [Users] Problem adding an IPA server to oVirt
Hi,
I am trying to set up an oVirt environment with an IPA provider and am hitting a GeneralException that I am unsure how to debug. I have configured freeIPA in a Fedora VM using the supplied configuration script and I can 'kinit admin' from the ovirt-engine machine. When I run the manage-domains command I get the following exception:
I didn't realize it, but I had to add _kerberos srv records to my dnsmasq.conf in order for the script to even find my KDC.
./engine-manage-domains -action=add -provider=IPA -domain=alitke.net -user=admin -interactive -ldapServers=directory.alitke.net Enter password: General error has occurednull java.lang.NegativeArraySizeException at sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367) at sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722) at sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200) at sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861) at sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385) at com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104) at com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52) at org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254) at org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135) at org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739) at org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909) at org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531) at org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308) at org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:260) at org.jboss.modules.Main.main(Main.java:291) Failure while testing domain %1$s. Details: %2$s: One of the parameters for this error is null and no default message to show
Any thoughts on what might be going wrong?
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On 01/21/2014 02:26 PM, Adam Litke wrote:
On 21/01/14 12:49 +0100, Juan Hernandez wrote:
On 01/20/2014 11:33 PM, Yair Zaslavsky wrote:
Hi Adam, Looks like you have problems in running the Root DSE query. I would like you to try and troubleshoot by comparing this to the execution of -
ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base
I think the problem is that your LDAP server is configured with a minimum security strength factor that triggers a bug in the Kerberos support in the Java virtual machine. This is a know issue. See here for details:
Thanks. Does this affect openIPA as well?
I guess you mean FreeIPA. Yes, it affects any LDAP server that sets missf to 0 by default, including the the 389-ds used by FreeIPA.
----- Original Message -----
From: "Adam Litke" <alitke@redhat.com> To: users@ovirt.org Sent: Tuesday, January 21, 2014 12:12:03 AM Subject: [Users] Problem adding an IPA server to oVirt
Hi,
I am trying to set up an oVirt environment with an IPA provider and am hitting a GeneralException that I am unsure how to debug. I have configured freeIPA in a Fedora VM using the supplied configuration script and I can 'kinit admin' from the ovirt-engine machine. When I run the manage-domains command I get the following exception:
I didn't realize it, but I had to add _kerberos srv records to my dnsmasq.conf in order for the script to even find my KDC.
./engine-manage-domains -action=add -provider=IPA -domain=alitke.net -user=admin -interactive -ldapServers=directory.alitke.net Enter password: General error has occurednull java.lang.NegativeArraySizeException at sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367) at sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722) at sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200) at sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861) at sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385) at com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104) at com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52) at org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254) at org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150) at org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135) at org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739) at org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909) at org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531) at org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308) at org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:260) at org.jboss.modules.Main.main(Main.java:291) Failure while testing domain %1$s. Details: %2$s: One of the parameters for this error is null and no default message to show
Any thoughts on what might be going wrong?
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
Hi, just a little OT: I think it would be awesome if "known issues" would be documented somewhere else, not just in source code. Am 21.01.2014 12:49, schrieb Juan Hernandez:
I think the problem is that your LDAP server is configured with a minimum security strength factor that triggers a bug in the Kerberos support in the Java virtual machine. This is a know issue. See here for details:
-- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
On 01/22/2014 10:06 AM, Sven Kieske wrote:
Hi,
just a little OT:
I think it would be awesome if "known issues" would be documented somewhere else, not just in source code.
its not documented in code - its a specific check for this specific error case to give a detailed error feedback to the admin.
Am 21.01.2014 12:49, schrieb Juan Hernandez:
I think the problem is that your LDAP server is configured with a minimum security strength factor that triggers a bug in the Kerberos support in the Java virtual machine. This is a know issue. See here for details:
On 20/01/14 17:33 -0500, Yair Zaslavsky wrote:
Hi Adam, Looks like you have problems in running the Root DSE query. I would like you to try and troubleshoot by comparing this to the execution of -
ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base
Thanks for taking a look. Here is the result: [alitke:~] $ ldapsearch -x -h 192.168.2.106 -s base # extended LDIF # # LDAPv3 # base <dc=alitke,dc=net> (default) with scope baseObject # filter: (objectclass=*) # requesting: ALL # # alitke.net dn: dc=alitke,dc=net objectClass: top objectClass: domain objectClass: pilotObject objectClass: domainRelatedObject objectClass: nisDomainObject dc: alitke info: IPA V2.0 nisDomain: alitke.net associatedDomain: alitke.net # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
participants (5)
-
Adam Litke -
Itamar Heim -
Juan Hernandez -
Sven Kieske -
Yair Zaslavsky