[Users] LDAP
Nathan Stratton
nathan at robotics.net
Sun Feb 19 14:02:16 EST 2012
I am working on getting ovirt working with our LDAP enviornment and have
run into a few issues. Based on my googling my understanding is that ovirt
should query DNS for a ldap SRV record. However based on my wireshark
captures I never see such a request.
I ended up installing phpPgAdmin and found the vdc_options table and
someting called DomainName. I figured that was a good place to start so I
put our domain there and now I see the DNS SRV queries.
In the logs I see:
2012-02-19 12:58:26,532 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSETask] (pool-5-thread-47) Couldnt deduce provider type for domain blinkmind.net
2012-02-19 12:58:26,533 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8080-10) Failed ldap search server LDAP://ldap-master.dal.blinkmind.net:389 due to org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: Failed to get rootDSE record for server LDAP://ldap-master.dal.blinkmind.net:389. We should try the next server: org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: Failed to get rootDSE record for server LDAP://ldap-master.dal.blinkmind.net:389
at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) [engine-bll.jar:]
at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:101) [engine-bll.jar:]
at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97) [engine-bll.jar:]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22]
at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22]
at org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57) [utils-3.0.0-0001.jar:]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.6.0_22]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22]
at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.6.0_22]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.6.0_22]
at java.lang.Thread.run(Thread.java:679) [:1.6.0_22]
2012-02-19 12:58:26,537 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-10) Failed authenticating user: nathan to domain blinkmind.net. Ldap Query Type is getUserByName
2012-02-19 12:58:26,538 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-10) USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR : nathan
2012-02-19 12:58:26,539 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-10) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR
All our linux boxes use the same LDAP server without issue, so I know that
part is working.
P.S. What is LDAPSecurityAuthentication (option_id 2) and what should it
be set to?
><>
Nathan Stratton CTO, BlinkMind, Inc.
nathan at robotics.net nathan at blinkmind.com
http://www.robotics.net http://www.blinkmind.com
More information about the Users
mailing list