[Users] ActiveDirectory problems
Hi List, I have been reading the list for quite sometime and I have a question because I can't find the problem myself. I have an oVirt-3.1 setup with 3 nodes (Fed17 install from LiveCD + vdsm) and an engine install. Sofar this all works. Can create VM's, can migrate them, no problems ( well one but thats for another post, vdsmd doesn't start at system start). Version of oVirt thats installed: Installed Packages ovirt-engine.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-backend.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-cli.noarch 3.1.0.6-1.fc17 @ovirt-beta ovirt-engine-config.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-dbscripts.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-genericapi.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-notification-service.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-restapi.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-sdk.noarch 3.1.0.4-1.fc17 @ovirt-beta ovirt-engine-setup.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-tools-common.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-userportal.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-webadmin-portal.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-image-uploader.noarch 3.1.0-0.git9c42c8.fc17 @ovirt-beta ovirt-iso-uploader.noarch 3.1.0-0.git1841d9.fc17 @ovirt-beta ovirt-log-collector.noarch 3.1.0-0.git10d719.fc17 @ovirt-beta Next step is integrating with our AD setup. Ran engine-manage-domains -action=add -provider=ActiveDirectory -domain=nieuwland.local -user=admin -interactive Message is: WARNING: No permissions were added to the Engine. Login either with the internal admin user or with another configured user Successfully added domain nieuwland.local. oVirt Engine restart is required in order for the changes to take place (service Manage Domains completed successfully The specified admin is an DomainAdministrator. The logfile in /var/log/engine/engine-manage-domains also says OK. The resulting krb5.conf in /etc/ovirt-engine looks also OK. The AD servers are resolvable forward and backward. Then I'm lost because when I log into the Admin portal with the internal admin account and goto the Users tab and want to add a user from the nieuwland.local, myself (jvandewege) realm it won't work and I get the following in engine.log 2012-09-14 12:55:26,104 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--0.0.0.0-8009-12) Failed ldap search server LDAP://digit.nieuwland.local:389 due to java.lang.NullPointerException. We should try the next server: java.lang.NullPointerException at org.ovirt.engine.core.bll.adbroker.ADRootDSE.<init>(ADRootDSE.java:26) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.RootDSEFactory.get(RootDSEFactory.java:14) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.setRootDSE(GetRootDSETask.java:97) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.find(DirectorySearcher.java:91) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.FindOne(DirectorySearcher.java:39) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand.executeQuery(LdapAuthenticateUserCommand.java:44) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase.Execute(LdapBrokerCommandBase.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapBrokerBase.RunAdAction(LdapBrokerBase.java:18) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginUserCommand.authenticateUser(LoginUserCommand.java:30) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:177) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:14) [engine-bll.jar:] at org.ovirt.engine.core.bll.CommandBase.InternalCanDoAction(CommandBase.java:486) [engine-bll.jar:] at org.ovirt.engine.core.bll.CommandBase.ExecuteAction(CommandBase.java:261) [engine-bll.jar:] at org.ovirt.engine.core.bll.Backend.Login(Backend.java:481) [engine-bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05-icedtea] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05-icedtea] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05-icedtea] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05-icedtea] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation.jar:1.1.1.Final] at org.ovirt.engine.core.utils.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:11) [engine-utils.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05-icedtea] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05-icedtea] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05-icedtea] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05-icedtea] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view9.Login(Unknown Source) [engine-common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.Login(GenericApiGWTServiceImpl.java:157) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05-icedtea] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05-icedtea] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05-icedtea] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05-icedtea] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:161) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:222) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-3.0-api.jar:1.0.1.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-3.0-api.jar:1.0.1.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_05-icedtea] 2012-09-14 12:55:26,124 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (ajp--0.0.0.0-8009-12) Failed authenticating user: admin to domain nieuwland.local. Ldap Query Type is getUserByName 2012-09-14 12:55:26,125 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-12) USER_FAILED_TO_AUTHENTICATE : admin 2012-09-14 12:55:26,125 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-12) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE 2012-09-14 12:57:07,027 INFO [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-5) Checking if user admin@internal is an admin, result true 2012-09-14 12:57:07,029 INFO [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-5) Running command: LoginAdminUserCommand internal: false. Using Wireshark I don't see what I expected namely a well formed ldap search and a result. Can provide the dmp if needed. Anyone had any luck and is willing to help me out? Thanks in advance, Joop
<top posting> Hey, According to the call stack, it looks like something is wrong in the root DSE attributes (whether due to a bug in the engine, or some configuration that can be done in AD). Please provide us this information by using the following commands: ldapsearch -LLL -D user@example.com -h <AD-SERVER> -b "" -s base objectClass=* Oved ----- Original Message -----
From: "Joop" <jvdwege@xs4all.nl> To: "<users@ovirt.org>" <users@ovirt.org> Sent: Saturday, September 15, 2012 1:07:06 AM Subject: [Users] ActiveDirectory problems
Hi List,
I have been reading the list for quite sometime and I have a question because I can't find the problem myself. I have an oVirt-3.1 setup with 3 nodes (Fed17 install from LiveCD + vdsm) and an engine install. Sofar this all works. Can create VM's, can migrate them, no problems ( well one but thats for another post, vdsmd doesn't start at system start). Version of oVirt thats installed: Installed Packages ovirt-engine.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-backend.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-cli.noarch 3.1.0.6-1.fc17 @ovirt-beta ovirt-engine-config.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-dbscripts.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-genericapi.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-notification-service.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-restapi.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-sdk.noarch 3.1.0.4-1.fc17 @ovirt-beta ovirt-engine-setup.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-tools-common.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-userportal.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-webadmin-portal.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-image-uploader.noarch 3.1.0-0.git9c42c8.fc17 @ovirt-beta ovirt-iso-uploader.noarch 3.1.0-0.git1841d9.fc17 @ovirt-beta ovirt-log-collector.noarch 3.1.0-0.git10d719.fc17 @ovirt-beta
Next step is integrating with our AD setup. Ran engine-manage-domains -action=add -provider=ActiveDirectory -domain=nieuwland.local -user=admin -interactive Message is: WARNING: No permissions were added to the Engine. Login either with the internal admin user or with another configured user Successfully added domain nieuwland.local. oVirt Engine restart is required in order for the changes to take place (service Manage Domains completed successfully
The specified admin is an DomainAdministrator.
The logfile in /var/log/engine/engine-manage-domains also says OK. The resulting krb5.conf in /etc/ovirt-engine looks also OK. The AD servers are resolvable forward and backward. Then I'm lost because when I log into the Admin portal with the internal admin account and goto the Users tab and want to add a user from the nieuwland.local, myself (jvandewege) realm it won't work and I get the following in engine.log
2012-09-14 12:55:26,104 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--0.0.0.0-8009-12) Failed ldap search server LDAP://digit.nieuwland.local:389 due to java.lang.NullPointerException. We should try the next server: java.lang.NullPointerException at org.ovirt.engine.core.bll.adbroker.ADRootDSE.<init>(ADRootDSE.java:26) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.RootDSEFactory.get(RootDSEFactory.java:14) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.setRootDSE(GetRootDSETask.java:97) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.find(DirectorySearcher.java:91) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.FindOne(DirectorySearcher.java:39) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand.executeQuery(LdapAuthenticateUserCommand.java:44) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase.Execute(LdapBrokerCommandBase.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapBrokerBase.RunAdAction(LdapBrokerBase.java:18) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginUserCommand.authenticateUser(LoginUserCommand.java:30) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:177) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:14) [engine-bll.jar:] at org.ovirt.engine.core.bll.CommandBase.InternalCanDoAction(CommandBase.java:486) [engine-bll.jar:] at org.ovirt.engine.core.bll.CommandBase.ExecuteAction(CommandBase.java:261) [engine-bll.jar:] at org.ovirt.engine.core.bll.Backend.Login(Backend.java:481) [engine-bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05-icedtea] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05-icedtea] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05-icedtea] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05-icedtea] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation.jar:1.1.1.Final] at org.ovirt.engine.core.utils.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:11) [engine-utils.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05-icedtea] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05-icedtea] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05-icedtea] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05-icedtea] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view9.Login(Unknown Source) [engine-common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.Login(GenericApiGWTServiceImpl.java:157)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05-icedtea] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05-icedtea] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05-icedtea] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05-icedtea] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:161) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:222) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-3.0-api.jar:1.0.1.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-3.0-api.jar:1.0.1.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_05-icedtea]
2012-09-14 12:55:26,124 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (ajp--0.0.0.0-8009-12) Failed authenticating user: admin to domain nieuwland.local. Ldap Query Type is getUserByName 2012-09-14 12:55:26,125 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-12) USER_FAILED_TO_AUTHENTICATE : admin 2012-09-14 12:55:26,125 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-12) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE 2012-09-14 12:57:07,027 INFO [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-5) Checking if user admin@internal is an admin, result true 2012-09-14 12:57:07,029 INFO [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-5) Running command: LoginAdminUserCommand internal: false.
Using Wireshark I don't see what I expected namely a well formed ldap search and a result. Can provide the dmp if needed.
Anyone had any luck and is willing to help me out?
Thanks in advance,
Joop
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On 09/16/2012 09:01 AM, Oved Ourfalli wrote:
<top posting>
Hey,
According to the call stack, it looks like something is wrong in the root DSE attributes (whether due to a bug in the engine, or some configuration that can be done in AD).
Please provide us this information by using the following commands:
ldapsearch -LLL -D user@example.com -h <AD-SERVER> -b "" -s base objectClass=*
Oved
In addition to Oved's words - When looking at history of ADRootDSE I see it's probably something with the domainControllerFunctionality attribute (the attributes that we're checking are domainControllerFunctionality, domainFunctionality and defaultNamingContext) However - the best approach is indeed to run the ldapsearch and provide its output Yair
----- Original Message -----
From: "Joop" <jvdwege@xs4all.nl> To: "<users@ovirt.org>" <users@ovirt.org> Sent: Saturday, September 15, 2012 1:07:06 AM Subject: [Users] ActiveDirectory problems
Hi List,
I have been reading the list for quite sometime and I have a question because I can't find the problem myself. I have an oVirt-3.1 setup with 3 nodes (Fed17 install from LiveCD + vdsm) and an engine install. Sofar this all works. Can create VM's, can migrate them, no problems ( well one but thats for another post, vdsmd doesn't start at system start). Version of oVirt thats installed: Installed Packages ovirt-engine.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-backend.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-cli.noarch 3.1.0.6-1.fc17 @ovirt-beta ovirt-engine-config.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-dbscripts.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-genericapi.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-notification-service.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-restapi.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-sdk.noarch 3.1.0.4-1.fc17 @ovirt-beta ovirt-engine-setup.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-tools-common.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-userportal.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-engine-webadmin-portal.noarch 3.1.0-2.fc17 @ovirt-beta ovirt-image-uploader.noarch 3.1.0-0.git9c42c8.fc17 @ovirt-beta ovirt-iso-uploader.noarch 3.1.0-0.git1841d9.fc17 @ovirt-beta ovirt-log-collector.noarch 3.1.0-0.git10d719.fc17 @ovirt-beta
Next step is integrating with our AD setup. Ran engine-manage-domains -action=add -provider=ActiveDirectory -domain=nieuwland.local -user=admin -interactive Message is: WARNING: No permissions were added to the Engine. Login either with the internal admin user or with another configured user Successfully added domain nieuwland.local. oVirt Engine restart is required in order for the changes to take place (service Manage Domains completed successfully
The specified admin is an DomainAdministrator.
The logfile in /var/log/engine/engine-manage-domains also says OK. The resulting krb5.conf in /etc/ovirt-engine looks also OK. The AD servers are resolvable forward and backward. Then I'm lost because when I log into the Admin portal with the internal admin account and goto the Users tab and want to add a user from the nieuwland.local, myself (jvandewege) realm it won't work and I get the following in engine.log
2012-09-14 12:55:26,104 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp--0.0.0.0-8009-12) Failed ldap search server LDAP://digit.nieuwland.local:389 due to java.lang.NullPointerException. We should try the next server: java.lang.NullPointerException at org.ovirt.engine.core.bll.adbroker.ADRootDSE.<init>(ADRootDSE.java:26) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.RootDSEFactory.get(RootDSEFactory.java:14) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.setRootDSE(GetRootDSETask.java:97) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.find(DirectorySearcher.java:91) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.FindOne(DirectorySearcher.java:39) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand.executeQuery(LdapAuthenticateUserCommand.java:44) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase.Execute(LdapBrokerCommandBase.java:68) [engine-bll.jar:] at org.ovirt.engine.core.bll.adbroker.LdapBrokerBase.RunAdAction(LdapBrokerBase.java:18) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginUserCommand.authenticateUser(LoginUserCommand.java:30) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:177) [engine-bll.jar:] at org.ovirt.engine.core.bll.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:14) [engine-bll.jar:] at org.ovirt.engine.core.bll.CommandBase.InternalCanDoAction(CommandBase.java:486) [engine-bll.jar:] at org.ovirt.engine.core.bll.CommandBase.ExecuteAction(CommandBase.java:261) [engine-bll.jar:] at org.ovirt.engine.core.bll.Backend.Login(Backend.java:481) [engine-bll.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05-icedtea] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05-icedtea] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05-icedtea] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05-icedtea] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation.jar:1.1.1.Final] at org.ovirt.engine.core.utils.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:11) [engine-utils.jar:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05-icedtea] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05-icedtea] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05-icedtea] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05-icedtea] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view9.Login(Unknown Source) [engine-common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.Login(GenericApiGWTServiceImpl.java:157)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_05-icedtea] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_05-icedtea] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_05-icedtea] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_05-icedtea] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:161) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:222) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-3.0-api.jar:1.0.1.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-3.0-api.jar:1.0.1.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_05-icedtea]
2012-09-14 12:55:26,124 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (ajp--0.0.0.0-8009-12) Failed authenticating user: admin to domain nieuwland.local. Ldap Query Type is getUserByName 2012-09-14 12:55:26,125 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-12) USER_FAILED_TO_AUTHENTICATE : admin 2012-09-14 12:55:26,125 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-12) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE 2012-09-14 12:57:07,027 INFO [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-5) Checking if user admin@internal is an admin, result true 2012-09-14 12:57:07,029 INFO [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-5) Running command: LoginAdminUserCommand internal: false.
Using Wireshark I don't see what I expected namely a well formed ldap search and a result. Can provide the dmp if needed.
Anyone had any luck and is willing to help me out?
Thanks in advance,
Joop
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
<top posting>
Hey,
According to the call stack, it looks like something is wrong in the root DSE attributes (whether due to a bug in the engine, or some configuration that can be done in AD).
Please provide us this information by using the following commands:
ldapsearch -LLL -D user@example.com -h <AD-SERVER> -b "" -s base objectClass=* dn: currentTime: 20120917125426.0Z subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=nieuwland,DC=loc al dsServiceName: CN=NTDS Settings,CN=BUFFY,CN=Servers,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=nieuwland,DC=local namingContexts: CN=Schema,CN=Configuration,DC=nieuwland,DC=local namingContexts: CN=Configuration,DC=nieuwland,DC=local namingContexts: DC=nieuwland,DC=local defaultNamingContext: DC=nieuwland,DC=local schemaNamingContext: CN=Schema,CN=Configuration,DC=nieuwland,DC=local configurationNamingContext: CN=Configuration,DC=nieuwland,DC=local rootDomainNamingContext: DC=nieuwland,DC=local supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.840.113556.1.4.801 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 1.2.840.113556.1.4.528 supportedControl: 1.2.840.113556.1.4.417 supportedControl: 1.2.840.113556.1.4.619 supportedControl: 1.2.840.113556.1.4.841 supportedControl: 1.2.840.113556.1.4.529 supportedControl: 1.2.840.113556.1.4.805 supportedControl: 1.2.840.113556.1.4.521 supportedControl: 1.2.840.113556.1.4.970 supportedControl: 1.2.840.113556.1.4.1338 supportedControl: 1.2.840.113556.1.4.474 supportedControl: 1.2.840.113556.1.4.1339 supportedControl: 1.2.840.113556.1.4.1340 supportedControl: 1.2.840.113556.1.4.1413 supportedLDAPVersion: 3 supportedLDAPVersion: 2 supportedLDAPPolicies: MaxPoolThreads supportedLDAPPolicies: MaxDatagramRecv supportedLDAPPolicies: MaxReceiveBuffer supportedLDAPPolicies: InitRecvTimeout supportedLDAPPolicies: MaxConnections supportedLDAPPolicies: MaxConnIdleTime supportedLDAPPolicies: MaxActiveQueries supportedLDAPPolicies: MaxPageSize supportedLDAPPolicies: MaxQueryDuration supportedLDAPPolicies: MaxTempTableSize supportedLDAPPolicies: MaxResultSetSize supportedLDAPPolicies: MaxNotificationPerConn highestCommittedUSN: 5271165 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO dnsHostName: buffy.nieuwland.local ldapServiceName: nieuwland.local:buffy$@NIEUWLAND.LOCAL serverName: CN=BUFFY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu ration,DC=nieuwland,DC=local supportedCapabilities: 1.2.840.113556.1.4.800 supportedCapabilities: 1.2.840.113556.1.4.1791 isSynchronized: TRUE isGlobalCatalogReady: FALSE
And the requested tcpdump of%2
The problem is you don't have domainFunctionality and domainControllerFunctionality returned by querying the rootDSE. I am kinda surprised you don't have domainControllerFunctionality in your ldap schema. What windows are you running on the AD machine? On 09/17/2012 04:05 PM, Joop wrote:
<top posting>
Hey,
According to the call stack, it looks like something is wrong in the root DSE attributes (whether due to a bug in the engine, or some configuration that can be done in AD).
Please provide us this information by using the following commands:
ldapsearch -LLL -D user@example.com -h <AD-SERVER> -b "" -s base objectClass=* dn: currentTime: 20120917125426.0Z subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=nieuwland,DC=loc al dsServiceName: CN=NTDS Settings,CN=BUFFY,CN=Servers,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=nieuwland,DC=local namingContexts: CN=Schema,CN=Configuration,DC=nieuwland,DC=local namingContexts: CN=Configuration,DC=nieuwland,DC=local namingContexts: DC=nieuwland,DC=local defaultNamingContext: DC=nieuwland,DC=local schemaNamingContext: CN=Schema,CN=Configuration,DC=nieuwland,DC=local configurationNamingContext: CN=Configuration,DC=nieuwland,DC=local rootDomainNamingContext: DC=nieuwland,DC=local supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.840.113556.1.4.801 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 1.2.840.113556.1.4.528 supportedControl: 1.2.840.113556.1.4.417 supportedControl: 1.2.840.113556.1.4.619 supportedControl: 1.2.840.113556.1.4.841 supportedControl: 1.2.840.113556.1.4.529 supportedControl: 1.2.840.113556.1.4.805 supportedControl: 1.2.840.113556.1.4.521 supportedControl: 1.2.840.113556.1.4.970 supportedControl: 1.2.840.113556.1.4.1338 supportedControl: 1.2.840.113556.1.4.474 supportedControl: 1.2.840.113556.1.4.1339 supportedControl: 1.2.840.113556.1.4.1340 supportedControl: 1.2.840.113556.1.4.1413 supportedLDAPVersion: 3 supportedLDAPVersion: 2 supportedLDAPPolicies: MaxPoolThreads supportedLDAPPolicies: MaxDatagramRecv supportedLDAPPolicies: MaxReceiveBuffer supportedLDAPPolicies: InitRecvTimeout supportedLDAPPolicies: MaxConnections supportedLDAPPolicies: MaxConnIdleTime supportedLDAPPolicies: MaxActiveQueries supportedLDAPPolicies: MaxPageSize supportedLDAPPolicies: MaxQueryDuration supportedLDAPPolicies: MaxTempTableSize supportedLDAPPolicies: MaxResultSetSize supportedLDAPPolicies: MaxNotificationPerConn highestCommittedUSN: 5271165 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO dnsHostName: buffy.nieuwland.local ldapServiceName: nieuwland.local:buffy$@NIEUWLAND.LOCAL serverName: CN=BUFFY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu ration,DC=nieuwland,DC=local supportedCapabilities: 1.2.840.113556.1.4.800 supportedCapabilities: 1.2.840.113556.1.4.1791 isSynchronized: TRUE isGlobalCatalogReady: FALSE
And the requested tcpdump of%2
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Yair Zaslavsky wrote:
The problem is you don't have domainFunctionality and domainControllerFunctionality returned by querying the rootDSE.
I am kinda surprised you don't have domainControllerFunctionality in your ldap schema. What windows are you running on the AD machine? Windows 2000
Joop
On 09/19/2012 09:58 AM, Joop wrote:
Yair Zaslavsky wrote:
The problem is you don't have domainFunctionality and domainControllerFunctionality returned by querying the rootDSE.
I am kinda surprised you don't have domainControllerFunctionality in your ldap schema. What windows are you running on the AD machine? Windows 2000
that's ancient. they only invented domainControllerFunctionality in windows 2003, as 2000 was V1... can you use a newer AD?
On 09/19/2012 10:10 AM, Itamar Heim wrote:
On 09/19/2012 09:58 AM, Joop wrote:
Yair Zaslavsky wrote:
The problem is you don't have domainFunctionality and domainControllerFunctionality returned by querying the rootDSE.
I am kinda surprised you don't have domainControllerFunctionality in your ldap schema. What windows are you running on the AD machine? Windows 2000
that's ancient. they only invented domainControllerFunctionality in windows 2003, as 2000 was V1...
can you use a newer AD?
domainConteollerFunctionality is used at oVirt code in order to determined "mixed-mode" scenario. Can we assume mixed-mode is false in case we're lacking this RootDSE attribute?
On 09/19/2012 10:14 AM, Yair Zaslavsky wrote:
On 09/19/2012 10:10 AM, Itamar Heim wrote:
On 09/19/2012 09:58 AM, Joop wrote:
Yair Zaslavsky wrote:
The problem is you don't have domainFunctionality and domainControllerFunctionality returned by querying the rootDSE.
I am kinda surprised you don't have domainControllerFunctionality in your ldap schema. What windows are you running on the AD machine? Windows 2000
that's ancient. they only invented domainControllerFunctionality in windows 2003, as 2000 was V1...
can you use a newer AD?
domainConteollerFunctionality is used at oVirt code in order to determined "mixed-mode" scenario. Can we assume mixed-mode is false in case we're lacking this RootDSE attribute?
remind me why we care between native and mixed mode?
Itamar Heim wrote:
On 09/19/2012 09:58 AM, Joop wrote:
Yair Zaslavsky wrote:
The problem is you don't have domainFunctionality and domainControllerFunctionality returned by querying the rootDSE.
I am kinda surprised you don't have domainControllerFunctionality in your ldap schema. What windows are you running on the AD machine? Windows 2000
that's ancient. they only invented domainControllerFunctionality in windows 2003, as 2000 was V1... can you use a newer AD?
I installed a Windows2003 AD server and can add its domain to oVirt and use the users and groups in the userportal. So Windows2003 AD works and Windows2000 AD doesn't. Joop
participants (4)
-
Itamar Heim -
Joop -
Oved Ourfalli -
Yair Zaslavsky