AAA/ldap/3.6 Issues - WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization.
--_000_BLUPR0301MB1971508F542C791B4C489813E9CD0BLUPR0301MB1971_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hey, I'm running into an issue which I'm not sure where to go from here. I'm try= ing to use LDAP authentication and am following the setup guide from here https://gerrit.ovirt.org/gitweb?p=3Dovirt-engine-extension-aaa-ldap.git;a= =3Dblob;f=3DREADME;hb=3DHEAD I have tested the ldap credentials manually using ldapsearch, and I get res= ults as expected with the user I'm binding with - but when I use ovirt I ru= n into problems. I hope someone can provide me some guidance, or other things to try! DNS resolves; Can manually do ldap lookups using ldapsearch Can telnet to hostname 389 successfully Below are the steps taken; # ovirt-engine-extension-aaa-ldap-setup [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup= .conf.d/10-packaging.conf'] Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-201601151512= 31-o0d7hp.log Version: otopi-1.4.0 (otopi-1.4.0-1.el7.centos) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment customization Welcome to LDAP extension configuration program Please specify profile name that will be visible to users: LDAP Available LDAP implementations: 1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IPA 5 - Novell eDirectory RFC-2307 Schema 6 - OpenLDAP RFC-2307 Schema 7 - OpenLDAP Standard Schema 8 - Oracle Unified Directory RFC-2307 Schema 9 - RFC-2307 Schema (Generic) 10 - RHDS 11 - RHDS RFC-2307 Schema 12 - iPlanet Please select: 1 NOTE: It is highly recommended to use DNS resolution for LDAP server. If for some reason you intend to use hosts or plain address disab= le DNS usage. Use DNS (Yes, No) [Yes]: Available policy method: 1 - Single server 2 - DNS domain LDAP SRV record 3 - Round-robin between multiple hosts 4 - Failover between multiple hosts Please select: 1 Please enter host address: ldap-test-server [ INFO ] Trying to resolve host 'ldap-test-server' NOTE: It is highly recommended to use secure protocol to access the LDA= P server. Protocol startTLS is the standard recommended method to do so. Only in cases in which the startTLS is not supported, fallback to= non standard ldaps protocol. Use plain for test environments only. Please select protocol to use (startTLS, ldaps, plain) [startTLS]= : plain [ INFO ] Connecting to LDAP using 'ldap://ldap-test-server:389' [ INFO ] Connection succeeded Enter search user DN (empty for anonymous): uid=3Dovirt-test,ou= =3DSpecial Users,dc=3Dtest Enter search user password: [ INFO ] Attempting to bind using 'uid=3Dovirt-test,ou=3DSpecial Users,dc= =3Dtest' [ INFO ] Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before a= pplying it into engine. Perform at least one Login sequence and one Search sequence. Select test sequence to execute (Done, Abort, Login, Search) [Abo= rt]: Login Enter search user name: uid=3Dovirt-test,ou=3DSpecial Users,dc=3D= test Enter search user password: [ INFO ] Executing login sequence... Login output: 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Initialization =3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 2016-01-15 15:13:25 INFO Loading extension 'LDAP-authn' 2016-01-15 15:13:25 INFO Extension 'LDAP-authn' loaded 2016-01-15 15:13:25 INFO Loading extension 'LDAP-authz' 2016-01-15 15:13:25 INFO Extension 'LDAP-authz' loaded 2016-01-15 15:13:25 INFO Initializing extension 'LDAP-authn' 2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.auth= n::LDAP-authn] Creating LDAP pool 'authz' 2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.auth= n::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. = Error: An error occurred while attempting to connect to server ldap-test-se= rver:389: java.io.IOException: LDAPException(resultCode=3D91 (connect erro= r), errorMessage=3D'An error occurred while attempting to establish a conne= ction to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: ja= va.net.UnknownHostException: ldap-test-server') caused by LDAPException(res= ultCode=3D91 (connect error), errorMessage=3D'An error occurred while attem= pting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:= xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LD= APException(resultCode=3D91 (connect error), errorMessage=3D'An error occur= red while attempting to establish a connection to server ldap-test-server/x= xxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-= test-server') caused by java.net.UnknownHostException: ldap-test-server 2016-01-15 15:13:25 INFO Extension 'LDAP-authn' initialized 2016-01-15 15:13:25 INFO Initializing extension 'LDAP-authz' 2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.auth= z::LDAP-authz] Creating LDAP pool 'authz' 2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.auth= z::LDAP-authz] Cannot initialize LDAP framework, deferring initialization. = Error: An error occurred while attempting to connect to server ldap-test-se= rver:389: java.io.IOException: LDAPException(resultCode=3D91 (connect erro= r), errorMessage=3D'An error occurred while attempting to establish a conne= ction to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: ja= va.net.UnknownHostException: ldap-test-server') caused by LDAPException(res= ultCode=3D91 (connect error), errorMessage=3D'An error occurred while attem= pting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:= xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LD= APException(resultCode=3D91 (connect error), errorMessage=3D'An error occur= red while attempting to establish a connection to server ldap-test-server/x= xxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-= test-server') caused by java.net.UnknownHostException: ldap-test-server 2016-01-15 15:13:25 INFO Extension 'LDAP-authz' initialized 2016-01-15 15:13:25 INFO Start of enabled extensions list 2016-01-15 15:13:25 INFO Instance name: 'LDAP-authn', Extensio= n name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.1.2', Notes: '= Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License:= 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build= interface Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authn.pro= perties', Initialized: 'true' 2016-01-15 15:13:25 INFO Instance name: 'LDAP-authz', Extensio= n name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.1.2', Notes: '= Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License:= 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build= interface Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authz.pro= perties', Initialized: 'true' 2016-01-15 15:13:25 INFO End of enabled extensions list 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Execution =3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 2016-01-15 15:13:25 INFO Profile=3D'LDAP' authn=3D'LDAP-authn'= authz=3D'LDAP-authz' mapping=3D'null' 2016-01-15 15:13:25 INFO API: -->Authn.InvokeCommands.AUTHENTI= CATE_CREDENTIALS user=3D'uid=3Dovirt-test,ou=3DSpecial Users,dc=3Dtest' 2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.auth= n::LDAP-authn] Creating LDAP pool 'authz' 2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.auth= n::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. = Error: An error occurred while attempting to connect to server ldap-test-se= rver:389: java.io.IOException: LDAPException(resultCode=3D91 (connect erro= r), errorMessage=3D'An error occurred while attempting to establish a conne= ction to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: ja= va.net.UnknownHostException: ldap-test-server') caused by LDAPException(res= ultCode=3D91 (connect error), errorMessage=3D'An error occurred while attem= pting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:= xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LD= APException(resultCode=3D91 (connect error), errorMessage=3D'An error occur= red while attempting to establish a connection to server ldap-test-server/x= xxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-= test-server') caused by java.net.UnknownHostException: ldap-test-server 2016-01-15 15:13:25 SEVERE An error occurred while attempting to= connect to server ldap-test-server:389: java.io.IOException: LDAPExceptio= n(resultCode=3D91 (connect error), errorMessage=3D'An error occurred while = attempting to establish a connection to server ldap-test-server/xxxx:xxxx:x= xx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-serve= r') caused by LDAPException(resultCode=3D91 (connect error), errorMessage= =3D'An error occurred while attempting to establish a connection to server = ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHo= stException: ldap-test-server')LDAPException(resultCode=3D91 (connect error= ), errorMessage=3D'An error occurred while attempting to establish a connec= tion to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: jav= a.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHo= stException: ldap-test-server [ ERROR ] Sequence failed Select test sequence to execute (Done, Abort, Login, Search) [Abo= rt]: [ ERROR ] Failed to execute stage 'Setup validation': Aborted by user [ INFO ] Stage: Clean up Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-set= up-20160115151231-o0d7hp.log: [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination This email and any attachments may contain confidential and proprietary inf= ormation of Blackboard that is for the sole use of the intended recipient. = If you are not the intended recipient, disclosure, copying, re-distribution= or other use of any of this information is strictly prohibited. Please imm= ediately notify the sender and delete this transmission if you received thi= s email in error. --_000_BLUPR0301MB1971508F542C791B4C489813E9CD0BLUPR0301MB1971_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
</o:p></p> <p class=3D"MsoNormal">[ INFO ] Stage: Programs detection<o:p></o:p><= /p> <p class=3D"MsoNormal">[ INFO ] Stage: Environment customization<o:p>= </o:p></p> <p class=3D"MsoNormal"> &nbs=
</p> <p class=3D"MsoNormal"> &nbs=
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri",sans-serif; mso-fareast-language:EN-US;} a:link, span.MsoHyperlink {mso-style-priority:99; color:#0563C1; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:#954F72; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri",sans-serif; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri",sans-serif; mso-fareast-language:EN-US;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"EN-AU" link=3D"#0563C1" vlink=3D"#954F72"> <div class=3D"WordSection1"> <p class=3D"MsoNormal">Hey,<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">I’m running into an issue which I’m not = sure where to go from here. I’m trying to use LDAP authentication and= am following the setup guide from here <o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"><a href=3D"https://gerrit.ovirt.org/gitweb?p=3Dovirt= -engine-extension-aaa-ldap.git;a=3Dblob;f=3DREADME;hb=3DHEAD">https://gerri= t.ovirt.org/gitweb?p=3Dovirt-engine-extension-aaa-ldap.git;a=3Dblob;f=3DREA= DME;hb=3DHEAD</a><o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">I have tested the ldap credentials manually using ld= apsearch, and I get results as expected with the user I’m binding wit= h - but when I use ovirt I run into problems.<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">I hope someone can provide me some guidance, or othe= r things to try!<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">DNS resolves;<o:p></o:p></p> <p class=3D"MsoNormal">Can manually do ldap lookups using ldapsearch<= o:p></o:p></p> <p class=3D"MsoNormal">Can telnet to hostname 389 successfully<o:p></o:p></= p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Below are the steps taken;<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"># ovirt-engine-extension-aaa-ldap-setup<o:p></o:p></= p> <p class=3D"MsoNormal">[ INFO ] Stage: Initializing<o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Stage: Environment setup<o:p></o:p></= p> <p class=3D"MsoNormal"> &nbs= p; Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d= /10-packaging.conf']<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7= hp.log<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Version: otopi-1.4.0 (otopi-1.4.0-1.el7.centos)<o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Stage: Environment packages setup<o:p= p; Welcome to LDAP extension configuration program<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Please specify profile name that will be visible to users: LDAP<o:p></o:= p></p> <p class=3D"MsoNormal"> &nbs= p; Available LDAP implementations:<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 1 - 389ds<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2 - 389ds RFC-2307 Schema<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 3 - Active Directory<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 4 - IPA<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 5 - Novell eDirectory RFC-2307 Schema<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 6 - OpenLDAP RFC-2307 Schema<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 7 - OpenLDAP Standard Schema<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 8 - Oracle Unified Directory RFC-2307 Schema<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 9 - RFC-2307 Schema (Generic)<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 10 - RHDS<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 11 - RHDS RFC-2307 Schema<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 12 - iPlanet<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Please select: 1<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; NOTE:<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; It is highly recommended to use DNS resolution for LDAP server.<o:p></o:= p></p> <p class=3D"MsoNormal"> &nbs= p; If for some reason you intend to use hosts or plain address disable DNS = usage.<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Use DNS (Yes, No) [Yes]:<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Available policy method:<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 1 - Single server<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2 - DNS domain LDAP SRV record<o:p></o:p></p> <p class=3D"MsoNormal"> &nb= sp; 3 - Round-robin between multiple hosts<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 4 - Failover between multiple hosts<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Please select: 1<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Please enter host address: ldap-test-server<o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Trying to resolve host 'ldap-test-ser= ver'<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; NOTE:<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; It is highly recommended to use secure protocol to access the LDAP serve= r.<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Protocol startTLS is the standard recommended method to do so.<o:p></o:p= p; Only in cases in which the startTLS is not supported, fallback to non st= andard ldaps protocol.<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Use plain for test environments only.<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain= <o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Connecting to LDAP using 'ldap://ldap= -test-server:389'<o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Connection succeeded<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Enter search user DN (empty for anonymous): uid=3Dovirt-test,ou=3DSpecia= l Users,dc=3Dtest<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Enter search user password:<o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Attempting to bind using 'uid=3Dovirt= -test,ou=3DSpecial Users,dc=3Dtest'<o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Stage: Setup validation<o:p></o:p></p=
</p> <p class=3D"MsoNormal"> &nbs=
<p class=3D"MsoNormal"> &nbs= p; NOTE:<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; It is highly recommended to test drive the configuration before applying= it into engine.<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Perform at least one Login sequence and one Search sequence.<o:p></o:p><= /p> <p class=3D"MsoNormal"> &nbs= p; Select test sequence to execute (Done, Abort, Login, Search) [Abort]: Lo= gin<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Enter search user name: uid=3Dovirt-test,ou=3DSpecial Users,dc=3Dtest<o:= p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Enter search user password:<o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Executing login sequence...<o:p></o:p= p; Login output:<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Initialization = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Loading extension 'LDAP-authn= '<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Extension 'LDAP-authn' loaded= <o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Loading extension 'LDAP-authz= '<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Extension 'LDAP-authz' loaded= <o:p></o:p></p> <p class=3D"MsoNormal"> &nb= sp;2016-01-15 15:13:25 INFO Initializing extension 'LDAP-= authn'<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-l= dap.authn::LDAP-authn] Creating LDAP pool 'authz'<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP= -authn] Cannot initialize LDAP framework, deferring initialization. Error: = An error occurred while attempting to connect to server ldap-test-server:38= 9: java.io.IOException: LDAPException(resultCode=3D91 (connect error), errorM= essage=3D'An error occurred while attempting to establish a connection to s= erver ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.ne= t.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=3D91 (connect error), errorMessage=3D'A= n error occurred while attempting to establish a connection to server ldap-= test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHo= stException: ldap-test-server')LDAPException(resultCode=3D91 (connect error), errorMessage=3D'An error occurred while attempting to est= ablish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48= :dcc0:389: java.net.UnknownHostException: ldap-test-server') caused b= y java.net.UnknownHostException: ldap-test-server<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Extension 'LDAP-authn' initia= lized<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Initializing extension 'LDAP-= authz'<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-l= dap.authz::LDAP-authz] Creating LDAP pool 'authz'<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authz::LDAP= -authz] Cannot initialize LDAP framework, deferring initialization. Error: = An error occurred while attempting to connect to server ldap-test-server:38= 9: java.io.IOException: LDAPException(resultCode=3D91 (connect error), errorM= essage=3D'An error occurred while attempting to establish a connection to s= erver ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.ne= t.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=3D91 (connect error), errorMessage=3D'A= n error occurred while attempting to establish a connection to server ldap-= test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHo= stException: ldap-test-server')LDAPException(resultCode=3D91 (connect error), errorMessage=3D'An error occurred while attempting to est= ablish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48= :dcc0:389: java.net.UnknownHostException: ldap-test-server') caused b= y java.net.UnknownHostException: ldap-test-server<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Extension 'LDAP-authz' initia= lized<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Start of enabled extensions l= ist<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Instance name: 'LDAP-authn', = Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.1.2', = Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', = License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface = Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authn.propertie= s', Initialized: 'true'<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Instance name: 'LDAP-authz', = Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.1.2', = Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', = License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface = Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authz.propertie= s', Initialized: 'true'<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO End of enabled extensions lis= t<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Execution = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D<o:p></o:p></p> <p class=3D"MsoNormal"> &nb= sp;2016-01-15 15:13:25 INFO =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO Profile=3D'LDAP' authn=3D'LDA= P-authn' authz=3D'LDAP-authz' mapping=3D'null'<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO API: -->Authn.InvokeComman= ds.AUTHENTICATE_CREDENTIALS user=3D'uid=3Dovirt-test,ou=3DSpecial Users,dc= =3Dtest'<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-l= dap.authn::LDAP-authn] Creating LDAP pool 'authz'<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP= -authn] Cannot initialize LDAP framework, deferring initialization. Error: = An error occurred while attempting to connect to server ldap-test-server:38= 9: java.io.IOException: LDAPException(resultCode=3D91 (connect error), errorM= essage=3D'An error occurred while attempting to establish a connection to s= erver ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.ne= t.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=3D91 (connect error), errorMessage=3D'A= n error occurred while attempting to establish a connection to server ldap-= test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHo= stException: ldap-test-server')LDAPException(resultCode=3D91 (connect error), errorMessage=3D'An error occurred while attempting to est= ablish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48= :dcc0:389: java.net.UnknownHostException: ldap-test-server') caused b= y java.net.UnknownHostException: ldap-test-server<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; 2016-01-15 15:13:25 SEVERE An error occurred while attempting to c= onnect to server ldap-test-server:389: java.io.IOException: LDAPExcep= tion(resultCode=3D91 (connect error), errorMessage=3D'An error occurred whi= le attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:= 389: java.net.UnknownHostException: ldap-test-server') caused by LDAP= Exception(resultCode=3D91 (connect error), errorMessage=3D'An error occurre= d while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: ja= va.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=3D9= 1 (connect error), errorMessage=3D'An error occurred while attempting to es= tablish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx4= 8:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.Unkno= wnHostException: ldap-test-server<o:p></o:p></p> <p class=3D"MsoNormal">[ ERROR ] Sequence failed<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Select test sequence to execute (Done, Abort, Login, Search) [Abort]:<o:= p></o:p></p> <p class=3D"MsoNormal">[ ERROR ] Failed to execute stage 'Setup validation'= : Aborted by user<o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Stage: Clean up<o:p></o:p></p> <p class=3D"MsoNormal"> &nbs= p; Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-2016= 0115151231-o0d7hp.log:<o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Stage: Pre-termination<o:p></o:p></p> <p class=3D"MsoNormal">[ INFO ] Stage: Termination<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> </div> This email and any attachments may contain confidential and proprietary inf= ormation of Blackboard that is for the sole use of the intended recipient. = If you are not the intended recipient, disclosure, copying, re-distribution= or other use of any of this information is strictly prohibited. Please immediately notify the sender and delete th= is transmission if you received this email in error. </body> </html> --_000_BLUPR0301MB1971508F542C791B4C489813E9CD0BLUPR0301MB1971_--
Hi, if I read your logs correctly than you are using IPv6 and no IPv4, right? ovirt-engine-extension-aaa-ldap-setup was designed to be easy and support only very basic setups, so there is not support to properly configure it. If the above is true, you have two options, which should help you. 1) Do what you did below, and apply the configuration, then add to file: /etc/ovirt-engine/aaa/ldap-test-server.properties this line: pool.default.socketfactory.resolver.supportIPv6 = true 2) In question: "Use DNS (Yes, No) [Yes]:" answer "no" Hope it will help you, Ondra On 01/15/2016 05:50 AM, David LeVene wrote:
Hey,
I’m running into an issue which I’m not sure where to go from here. I’m trying to use LDAP authentication and am following the setup guide from here
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob...
I have tested the ldap credentials manually using ldapsearch, and I get results as expected with the user I’m binding with - but when I use ovirt I run into problems.
I hope someone can provide me some guidance, or other things to try!
DNS resolves;
Can manually do ldap lookups using ldapsearch
Can telnet to hostname 389 successfully
Below are the steps taken;
# ovirt-engine-extension-aaa-ldap-setup
[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log
Version: otopi-1.4.0 (otopi-1.4.0-1.el7.centos)
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment customization
Welcome to LDAP extension configuration program
Please specify profile name that will be visible to users: LDAP
Available LDAP implementations:
1 - 389ds
2 - 389ds RFC-2307 Schema
3 - Active Directory
4 - IPA
5 - Novell eDirectory RFC-2307 Schema
6 - OpenLDAP RFC-2307 Schema
7 - OpenLDAP Standard Schema
8 - Oracle Unified Directory RFC-2307 Schema
9 - RFC-2307 Schema (Generic)
10 - RHDS
11 - RHDS RFC-2307 Schema
12 - iPlanet
Please select: 1
NOTE:
It is highly recommended to use DNS resolution for LDAP server.
If for some reason you intend to use hosts or plain address disable DNS usage.
Use DNS (Yes, No) [Yes]:
Available policy method:
1 - Single server
2 - DNS domain LDAP SRV record
3 - Round-robin between multiple hosts
4 - Failover between multiple hosts
Please select: 1
Please enter host address: ldap-test-server
[ INFO ] Trying to resolve host 'ldap-test-server'
NOTE:
It is highly recommended to use secure protocol to access the LDAP server.
Protocol startTLS is the standard recommended method to do so.
Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol.
Use plain for test environments only.
Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain
[ INFO ] Connecting to LDAP using 'ldap://ldap-test-server:389'
[ INFO ] Connection succeeded
Enter search user DN (empty for anonymous): uid=ovirt-test,ou=Special Users,dc=test
Enter search user password:
[ INFO ] Attempting to bind using 'uid=ovirt-test,ou=Special Users,dc=test'
[ INFO ] Stage: Setup validation
NOTE:
It is highly recommended to test drive the configuration before applying it into engine.
Perform at least one Login sequence and one Search sequence.
Select test sequence to execute (Done, Abort, Login, Search) [Abort]: Login
Enter search user name: uid=ovirt-test,ou=Special Users,dc=test
Enter search user password:
[ INFO ] Executing login sequence...
Login output:
2016-01-15 15:13:25 INFO ========================================================================
2016-01-15 15:13:25 INFO ============================ Initialization ============================
2016-01-15 15:13:25 INFO ========================================================================
2016-01-15 15:13:25 INFO Loading extension 'LDAP-authn'
2016-01-15 15:13:25 INFO Extension 'LDAP-authn' loaded
2016-01-15 15:13:25 INFO Loading extension 'LDAP-authz'
2016-01-15 15:13:25 INFO Extension 'LDAP-authz' loaded
2016-01-15 15:13:25 INFO Initializing extension 'LDAP-authn'
2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool 'authz'
2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
2016-01-15 15:13:25 INFO Extension 'LDAP-authn' initialized
2016-01-15 15:13:25 INFO Initializing extension 'LDAP-authz'
2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Creating LDAP pool 'authz'
2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
2016-01-15 15:13:25 INFO Extension 'LDAP-authz' initialized
2016-01-15 15:13:25 INFO Start of enabled extensions list
2016-01-15 15:13:25 INFO Instance name: 'LDAP-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authn.properties', Initialized: 'true'
2016-01-15 15:13:25 INFO Instance name: 'LDAP-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authz.properties', Initialized: 'true'
2016-01-15 15:13:25 INFO End of enabled extensions list
2016-01-15 15:13:25 INFO ========================================================================
2016-01-15 15:13:25 INFO ============================== Execution ===============================
2016-01-15 15:13:25 INFO ========================================================================
2016-01-15 15:13:25 INFO Profile='LDAP' authn='LDAP-authn' authz='LDAP-authz' mapping='null'
2016-01-15 15:13:25 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS user='uid=ovirt-test,ou=Special Users,dc=test'
2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool 'authz'
2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
2016-01-15 15:13:25 SEVERE An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
[ ERROR ] Sequence failed
Select test sequence to execute (Done, Abort, Login, Search) [Abort]:
[ ERROR ] Failed to execute stage 'Setup validation': Aborted by user
[ INFO ] Stage: Clean up
Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log:
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
This email and any attachments may contain confidential and proprietary information of Blackboard that is for the sole use of the intended recipient. If you are not the intended recipient, disclosure, copying, re-distribution or other use of any of this information is strictly prohibited. Please immediately notify the sender and delete this transmission if you received this email in error.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi, Thanks for this information - I have managed to get further now. The missing key was IPv6 & using pool.default.socketfactory.resolver.supportIPv6 = true Regards David -----Original Message----- From: Ondra Machacek [mailto:omachace@redhat.com] Sent: Friday, January 15, 2016 19:57 To: David LeVene <David.LeVene@blackboard.com>; users@ovirt.org Subject: Re: [ovirt-users] AAA/ldap/3.6 Issues - WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Hi, if I read your logs correctly than you are using IPv6 and no IPv4, right? ovirt-engine-extension-aaa-ldap-setup was designed to be easy and support only very basic setups, so there is not support to properly configure it. If the above is true, you have two options, which should help you. 1) Do what you did below, and apply the configuration, then add to file: /etc/ovirt-engine/aaa/ldap-test-server.properties this line: pool.default.socketfactory.resolver.supportIPv6 = true 2) In question: "Use DNS (Yes, No) [Yes]:" answer "no" Hope it will help you, Ondra On 01/15/2016 05:50 AM, David LeVene wrote:
Hey,
I'm running into an issue which I'm not sure where to go from here. I'm trying to use LDAP authentication and am following the setup guide from here
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git; a=blob;f=README;hb=HEAD
I have tested the ldap credentials manually using ldapsearch, and I get results as expected with the user I'm binding with - but when I use ovirt I run into problems.
I hope someone can provide me some guidance, or other things to try!
DNS resolves;
Can manually do ldap lookups using ldapsearch
Can telnet to hostname 389 successfully
Below are the steps taken;
# ovirt-engine-extension-aaa-ldap-setup
[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf' ]
Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log
Version: otopi-1.4.0 (otopi-1.4.0-1.el7.centos)
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment customization
Welcome to LDAP extension configuration program
Please specify profile name that will be visible to users: LDAP
Available LDAP implementations:
1 - 389ds
2 - 389ds RFC-2307 Schema
3 - Active Directory
4 - IPA
5 - Novell eDirectory RFC-2307 Schema
6 - OpenLDAP RFC-2307 Schema
7 - OpenLDAP Standard Schema
8 - Oracle Unified Directory RFC-2307 Schema
9 - RFC-2307 Schema (Generic)
10 - RHDS
11 - RHDS RFC-2307 Schema
12 - iPlanet
Please select: 1
NOTE:
It is highly recommended to use DNS resolution for LDAP server.
If for some reason you intend to use hosts or plain address disable DNS usage.
Use DNS (Yes, No) [Yes]:
Available policy method:
1 - Single server
2 - DNS domain LDAP SRV record
3 - Round-robin between multiple hosts
4 - Failover between multiple hosts
Please select: 1
Please enter host address: ldap-test-server
[ INFO ] Trying to resolve host 'ldap-test-server'
NOTE:
It is highly recommended to use secure protocol to access the LDAP server.
Protocol startTLS is the standard recommended method to do so.
Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol.
Use plain for test environments only.
Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain
[ INFO ] Connecting to LDAP using 'ldap://ldap-test-server:389'
[ INFO ] Connection succeeded
Enter search user DN (empty for anonymous): uid=ovirt-test,ou=Special Users,dc=test
Enter search user password:
[ INFO ] Attempting to bind using 'uid=ovirt-test,ou=Special Users,dc=test'
[ INFO ] Stage: Setup validation
NOTE:
It is highly recommended to test drive the configuration before applying it into engine.
Perform at least one Login sequence and one Search sequence.
Select test sequence to execute (Done, Abort, Login, Search) [Abort]: Login
Enter search user name: uid=ovirt-test,ou=Special Users,dc=test
Enter search user password:
[ INFO ] Executing login sequence...
Login output:
2016-01-15 15:13:25 INFO ====================================================================== ==
2016-01-15 15:13:25 INFO ============================ Initialization ============================
2016-01-15 15:13:25 INFO ====================================================================== ==
2016-01-15 15:13:25 INFO Loading extension 'LDAP-authn'
2016-01-15 15:13:25 INFO Extension 'LDAP-authn' loaded
2016-01-15 15:13:25 INFO Loading extension 'LDAP-authz'
2016-01-15 15:13:25 INFO Extension 'LDAP-authz' loaded
2016-01-15 15:13:25 INFO Initializing extension 'LDAP-authn'
2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool 'authz'
2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
2016-01-15 15:13:25 INFO Extension 'LDAP-authn' initialized
2016-01-15 15:13:25 INFO Initializing extension 'LDAP-authz'
2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Creating LDAP pool 'authz'
2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
2016-01-15 15:13:25 INFO Extension 'LDAP-authz' initialized
2016-01-15 15:13:25 INFO Start of enabled extensions list
2016-01-15 15:13:25 INFO Instance name: 'LDAP-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authn.properties', Initialized: 'true'
2016-01-15 15:13:25 INFO Instance name: 'LDAP-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authz.properties', Initialized: 'true'
2016-01-15 15:13:25 INFO End of enabled extensions list
2016-01-15 15:13:25 INFO ====================================================================== ==
2016-01-15 15:13:25 INFO ============================== Execution ===============================
2016-01-15 15:13:25 INFO ====================================================================== ==
2016-01-15 15:13:25 INFO Profile='LDAP' authn='LDAP-authn' authz='LDAP-authz' mapping='null'
2016-01-15 15:13:25 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS user='uid=ovirt-test,ou=Special Users,dc=test'
2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool 'authz'
2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
2016-01-15 15:13:25 SEVERE An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
[ ERROR ] Sequence failed
Select test sequence to execute (Done, Abort, Login, Search) [Abort]:
[ ERROR ] Failed to execute stage 'Setup validation': Aborted by user
[ INFO ] Stage: Clean up
Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log:
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
This email and any attachments may contain confidential and proprietary information of Blackboard that is for the sole use of the intended recipient. If you are not the intended recipient, disclosure, copying, re-distribution or other use of any of this information is strictly prohibited. Please immediately notify the sender and delete this transmission if you received this email in error.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This email and any attachments may contain confidential and proprietary information of Blackboard that is for the sole use of the intended recipient. If you are not the intended recipient, disclosure, copying, re-distribution or other use of any of this information is strictly prohibited. Please immediately notify the sender and delete this transmission if you received this email in error.
participants (2)
-
David LeVene -
Ondra Machacek