[Users] LDAP

[Nathan Stratton]

I am working on getting ovirt working with our LDAP enviornment and have 
run into a few issues. Based on my googling my understanding is that ovirt 
should query DNS for a ldap SRV record. However based on my wireshark 
captures I never see such a request.

I ended up installing phpPgAdmin and found the vdc_options table and 
someting called DomainName. I figured that was a good place to start so I 
put our domain there and now I see the DNS SRV queries.

In the logs I see:

2012-02-19 12:58:26,532 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSETask] (pool-5-thread-47) Couldnt deduce provider type for domain blinkmind.net
2012-02-19 12:58:26,533 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8080-10) Failed ldap search server LDAP://ldap-master.dal.blinkmind.net:389 due to org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: Failed to get rootDSE record for server LDAP://ldap-master.dal.blinkmind.net:389. We should try the next server: org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: Failed to get rootDSE record for server LDAP://ldap-master.dal.blinkmind.net:389
 	at org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) [engine-bll.jar:]
 	at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:101) [engine-bll.jar:]
 	at org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97) [engine-bll.jar:]
 	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22]
 	at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22]
 	at org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57) [utils-3.0.0-0001.jar:]
 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.6.0_22]
 	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) [:1.6.0_22]
 	at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22]
 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [:1.6.0_22]
 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [:1.6.0_22]
 	at java.lang.Thread.run(Thread.java:679) [:1.6.0_22]

2012-02-19 12:58:26,537 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-10) Failed authenticating user: nathan to domain blinkmind.net. Ldap Query Type is getUserByName
2012-02-19 12:58:26,538 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-10) USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR : nathan
2012-02-19 12:58:26,539 WARN  [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-10) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR

All our linux boxes use the same LDAP server without issue, so I know that 
part is working.

P.S. What is LDAPSecurityAuthentication (option_id 2) and what should it 
be set to?



><>
Nathan Stratton                                CTO, BlinkMind, Inc.
nathan at robotics.net                         nathan at blinkmind.com
http://www.robotics.net                        http://www.blinkmind.com