oVirt LDAP user authentication troubleshooting

7 Aug 2017

      --_000_de4cb7680af64919af7be187e7761b68DENU01MS0077phoenixloc_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I've two oVirt 4.1.4.2-1 pods used for labs.

These two pods are configured in the same way (three node with gluster)

Trying to setup LDAP auth, towards the same OpenLDAP server, setup ends cor=
rectly in both engine VM.
When I try to perform system permission modification, only one of these is =
recognizing the LDAP groups and allow setup and next users belonging to def=
ined groups to log-in and perform assigned level tasks.

On the second engine, system permissions, even if it recognize the LDAP dom=
ain (it appear in the selection box for search base) do not find nothing, g=
roups or individuals.
How to analyze this ? I wasn't able to find logs useful for troubleshooting=
.

Setup ended correctly with both Login and Search tasks complete successful.
Thanks

Roberto

________________________________

Questo messaggio e' indirizzato esclusivamente al destinatario indicato e p=
otrebbe contenere informazioni confidenziali, riservate o proprietarie. Qua=
lora la presente venisse ricevuta per errore, si prega di segnalarlo immedi=
atamente al mittente, cancellando l'originale e ogni sua copia e distruggen=
do eventuali copie cartacee. Ogni altro uso e' strettamente proibito e potr=
ebbe essere fonte di violazione di legge.

This message is for the designated recipient only and may contain privilege=
d, proprietary, or otherwise private information. If you have received it i=
n error, please notify the sender immediately, deleting the original and al=
l copies and destroying any hard copies. Any other use is strictly prohibit=
ed and may be unlawful.

--_000_de4cb7680af64919af7be187e7761b68DENU01MS0077phoenixloc_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
...
...
</p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif">How to analyze this ? I wasn’t a=
ble to find logs useful for troubleshooting.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif">Setup ended correctly with both Login =
and Search tasks complete successful.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif">Thanks<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif">Roberto<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ar=
ial",sans-serif"><o:p> </o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ar=
ial",sans-serif"><o:p> </o:p></span></p>
<p class=3D"MsoNormal" style=3D"line-height:12.05pt;text-autospace:none"><s=
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
span.StileMessaggioDiPostaElettronica17
	{mso-style-type:personal-compose;
	font-family:"Arial",sans-serif;
	color:windowtext;
	font-weight:normal;
	font-style:normal;
	text-decoration:none none;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:70.85pt 2.0cm 2.0cm 2.0cm;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"IT" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif">I’ve two oVirt 4.1.4.2-1 pods us=
ed for labs.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif">These two pods are configured in the s=
ame way (three node with gluster)<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif">Trying to setup LDAP auth, towards the=
 same OpenLDAP server, setup ends correctly in both engine VM.<o:p></o:p></=
span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif">When I try to perform system permissio=
n modification, only one of these is recognizing the LDAP groups and allow =
setup and next users belonging to defined groups
 to log-in and perform assigned level tasks.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:10.0pt;font-=
family:"Arial",sans-serif">On the second engine, system permissio=
ns, even if it recognize the LDAP domain (it appear in the selection box fo=
r search base) do not find nothing, groups or individuals.<o:p></o:p></span=
pan style=3D"font-family:"Arial",sans-serif;mso-fareast-language:=
IT"><o:p> </o:p></span></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<br>
<hr>
<font face=3D"Courier New" color=3D"Black" size=3D"2"><br>
Questo messaggio e' indirizzato esclusivamente al destinatario indicato e p=
otrebbe contenere informazioni confidenziali, riservate o proprietarie. Qua=
lora la presente venisse ricevuta per errore, si prega di segnalarlo immedi=
atamente al mittente, cancellando
 l'originale e ogni sua copia e distruggendo eventuali copie cartacee. Ogni=
 altro uso e' strettamente proibito e potrebbe essere fonte di violazione d=
i legge.<br>
<br>
This message is for the designated recipient only and may contain privilege=
d, proprietary, or otherwise private information. If you have received it i=
n error, please notify the sender immediately, deleting the original and al=
l copies and destroying any hard
 copies. Any other use is strictly prohibited and may be unlawful.<br>
</font>
</body>
</html>

--_000_de4cb7680af64919af7be187e7761b68DENU01MS0077phoenixloc_--

NUNIN Roberto

Ondra Machacek

tags

participants (2)