[Users] LDAP

Yaniv Kaul ykaul at redhat.com
Sun Feb 19 14:27:46 EST 2012


On 02/19/2012 09:02 PM, Nathan Stratton wrote:
>
> I am working on getting ovirt working with our LDAP enviornment and 
> have run into a few issues. Based on my googling my understanding is 
> that ovirt should query DNS for a ldap SRV record. However based on my 
> wireshark captures I never see such a request.
>
> I ended up installing phpPgAdmin and found the vdc_options table and 
> someting called DomainName. I figured that was a good place to start 
> so I put our domain there and now I see the DNS SRV queries.

I'd try with wireshark to capture ports 88, 53 and 389 (something like 
'-s 1500 -w /tmp/file.pcap port 53 or port 88 or port 389' if you are 
using tcpdump).
Then check that indeed the responses from DNS correlate well with what 
we are trying to connect to.
(BTW, there was a regression in the code not so long ago in that area - 
are you using latest code?).
Y.

>
> In the logs I see:
>
> 2012-02-19 12:58:26,532 ERROR 
> [org.ovirt.engine.core.bll.adbroker.GetRootDSETask] (pool-5-thread-47) 
> Couldnt deduce provider type for domain blinkmind.net
> 2012-02-19 12:58:26,533 ERROR 
> [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] 
> (http--0.0.0.0-8080-10) Failed ldap search server 
> LDAP://ldap-master.dal.blinkmind.net:389 due to 
> org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: 
> Failed to get rootDSE record for server 
> LDAP://ldap-master.dal.blinkmind.net:389. We should try the next 
> server: 
> org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: 
> Failed to get rootDSE record for server 
> LDAP://ldap-master.dal.blinkmind.net:389
>     at 
> org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) 
> [engine-bll.jar:]
>     at 
> org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:101) 
> [engine-bll.jar:]
>     at 
> org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97) 
> [engine-bll.jar:]
>     at 
> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) 
> [:1.6.0_22]
>     at java.util.concurrent.FutureTask.run(FutureTask.java:166) 
> [:1.6.0_22]
>     at 
> org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57) 
> [utils-3.0.0-0001.jar:]
>     at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.6.0_22] 
>
>     at 
> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) 
> [:1.6.0_22]
>     at java.util.concurrent.FutureTask.run(FutureTask.java:166) 
> [:1.6.0_22]
>     at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) 
> [:1.6.0_22]
>     at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) 
> [:1.6.0_22]
>     at java.lang.Thread.run(Thread.java:679) [:1.6.0_22]
>
> 2012-02-19 12:58:26,537 ERROR 
> [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] 
> (http--0.0.0.0-8080-10) Failed authenticating user: nathan to domain 
> blinkmind.net. Ldap Query Type is getUserByName
> 2012-02-19 12:58:26,538 ERROR 
> [org.ovirt.engine.core.bll.LoginAdminUserCommand] 
> (http--0.0.0.0-8080-10) USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR : 
> nathan
> 2012-02-19 12:58:26,539 WARN  
> [org.ovirt.engine.core.bll.LoginAdminUserCommand] 
> (http--0.0.0.0-8080-10) CanDoAction of action LoginAdminUser failed. 
> Reasons:USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR
>
> All our linux boxes use the same LDAP server without issue, so I know 
> that part is working.
>
> P.S. What is LDAPSecurityAuthentication (option_id 2) and what should 
> it be set to?
>
>
>
>> <>
> Nathan Stratton                                CTO, BlinkMind, Inc.
> nathan at robotics.net                         nathan at blinkmind.com
> http://www.robotics.net                        http://www.blinkmind.com
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users




More information about the Users mailing list