[Users] Testing LDAP support.

Sharad Mishra snmishra at linux.vnet.ibm.com
Tue Apr 10 01:51:12 UTC 2012


On Mon, 2012-04-09 at 12:38 -0700, Sharad Mishra wrote:
> On Mon, 2012-04-09 at 14:10 -0400, Oved Ourfalli wrote:
> > 
> > ----- Original Message -----
> > > From: "Oved Ourfalli" <ovedo at redhat.com>
> > > To: "Sharad Mishra" <snmishra at linux.vnet.ibm.com>
> > > Cc: users at ovirt.org
> > > Sent: Monday, April 9, 2012 8:36:49 PM
> > > Subject: Re: [Users] Testing LDAP support.
> > > 
> > > 
> > > 
> > > ----- Original Message -----
> > > > From: "Sharad Mishra" <snmishra at linux.vnet.ibm.com>
> > > > To: users at ovirt.org
> > > > Sent: Monday, April 9, 2012 8:19:23 PM
> > > > Subject: [Users] Testing LDAP support.
> > > > 
> > > > Hi,
> > > > 
> > > > 	I was able to successfully test simple authentication support of
> > > > 	IBM
> > > > Directory Server (IDS) in ovirt. Next step is to test "DIGEST-MD5"
> > > > support. This protocol is currently supported by my test IDS. But I
> > > > get
> > > > -
> > > > 
> > > > javax.naming.CommunicationException: [LDAP: error code 2 - Protocol
> > > > Error]
> > > > 
> > > >  When a call is made to construct InitialDirContext with following
> > > > settings -
> > > > 
> > > >  {java.naming.provider.url=ldap://ldapserver.ibm.com:389,
> > > >  java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
> > > > java.naming.security.principal=uid=1234567,c=us,ou=ldapserver,o=ibm.com,
> > > >  java.naming.security.authentication=DIGEST-MD5 GSSAPI,
> > > >  java.naming.security.credentials=password,
> > > >  java.naming.referral=follow,
> > > >  java.naming.ldap.attributes.binary=objectGUID}
> > > >
> > 
> > Can you also attach the jboss log and engine log? (assuming you are testing it in the ovirt-engine environment).
> > They can be helpful, as it might be related to some class loading issue or something similar, and the log might shed light on that.
> > 
> 
I think its my setup that is the issue here. I am unable to run
ldapsearch CLI with DIGEST-MD5 protocol. I am not sure how to setup/use
secret key with sasl. I am running my queries against a production ldap
server on which I have user access. I tried to look around on internet
but did not get a good hit.

-Sharad

> there is nothing much in jboss and engine logs.
> 
> 2012-04-09 10:03:19,203 INFO
> [org.ovirt.engine.core.bll.DbUserCacheManager]
> (QuartzScheduler_Worker-56) DbUserCacheManager::refreshAllUserData() -
> entered
> 2012-04-09 11:03:19,205 INFO
> [org.ovirt.engine.core.bll.DbUserCacheManager]
> (QuartzScheduler_Worker-11) DbUserCacheManager::refreshAllUserData() -
> entered
> 2012-04-09 12:03:19,207 INFO
> [org.ovirt.engine.core.bll.DbUserCacheManager]
> (QuartzScheduler_Worker-84) DbUserCacheManager::refreshAllUserData() -
> entered
> 
> Output of both, server.log and engine.log for this time period looks
> exactly same. Do I need to enable more logging?
> 
> -Sharad
> 
> 
> > > > 	Do you know what could be going wrong here? I think its something
> > > > 	wrong
> > > > with my usage and not in code.
> > > > 
> > > > 	What test cases were run to verify RedHat DS support? I can try to
> > > > 	run
> > > > the same for IBM DS before posting the patch.
> > > > 
> > > Hard to tell what went wrong there. I'll try to take a look a bit on
> > > the web (as I assume you did but I guess it can't hurt).
> > > As for RHDS, most tests were done manually:
> > > 
> > > * Adding users/groups
> > > * Authentication
> > > * Group membership
> > > * Adding / removing / editing RHDS domain with the
> > > engine-manage-domains utility.
> > > * Refresh users/groups.
> > > * Search for users/groups
> > > That's basically the main scenarios.
> > > We have an LdapTester as well. The problem there was to setup the
> > > environment needed for the testing.
> > > It contains test cases for AD/IPA.
> > > 
> > > Oved
> > > > Thanks
> > > > Sharad Mishra
> > > > IBM
> > > > 
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at ovirt.org
> > > > http://lists.ovirt.org/mailman/listinfo/users
> > > > 
> > > _______________________________________________
> > > Users mailing list
> > > Users at ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > > 
> > 
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 





More information about the Users mailing list