[Users] LDAP
Yaniv Kaul
ykaul at redhat.com
Sun Feb 19 19:27:46 UTC 2012
On 02/19/2012 09:02 PM, Nathan Stratton wrote:
>
> I am working on getting ovirt working with our LDAP enviornment and
> have run into a few issues. Based on my googling my understanding is
> that ovirt should query DNS for a ldap SRV record. However based on my
> wireshark captures I never see such a request.
>
> I ended up installing phpPgAdmin and found the vdc_options table and
> someting called DomainName. I figured that was a good place to start
> so I put our domain there and now I see the DNS SRV queries.
I'd try with wireshark to capture ports 88, 53 and 389 (something like
'-s 1500 -w /tmp/file.pcap port 53 or port 88 or port 389' if you are
using tcpdump).
Then check that indeed the responses from DNS correlate well with what
we are trying to connect to.
(BTW, there was a regression in the code not so long ago in that area -
are you using latest code?).
Y.
>
> In the logs I see:
>
> 2012-02-19 12:58:26,532 ERROR
> [org.ovirt.engine.core.bll.adbroker.GetRootDSETask] (pool-5-thread-47)
> Couldnt deduce provider type for domain blinkmind.net
> 2012-02-19 12:58:26,533 ERROR
> [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> (http--0.0.0.0-8080-10) Failed ldap search server
> LDAP://ldap-master.dal.blinkmind.net:389 due to
> org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException:
> Failed to get rootDSE record for server
> LDAP://ldap-master.dal.blinkmind.net:389. We should try the next
> server:
> org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException:
> Failed to get rootDSE record for server
> LDAP://ldap-master.dal.blinkmind.net:389
> at
> org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68)
> [engine-bll.jar:]
> at
> org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:101)
> [engine-bll.jar:]
> at
> org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97)
> [engine-bll.jar:]
> at
> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> [:1.6.0_22]
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> [:1.6.0_22]
> at
> org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57)
> [utils-3.0.0-0001.jar:]
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [:1.6.0_22]
>
> at
> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> [:1.6.0_22]
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> [:1.6.0_22]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> [:1.6.0_22]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> [:1.6.0_22]
> at java.lang.Thread.run(Thread.java:679) [:1.6.0_22]
>
> 2012-02-19 12:58:26,537 ERROR
> [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand]
> (http--0.0.0.0-8080-10) Failed authenticating user: nathan to domain
> blinkmind.net. Ldap Query Type is getUserByName
> 2012-02-19 12:58:26,538 ERROR
> [org.ovirt.engine.core.bll.LoginAdminUserCommand]
> (http--0.0.0.0-8080-10) USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR :
> nathan
> 2012-02-19 12:58:26,539 WARN
> [org.ovirt.engine.core.bll.LoginAdminUserCommand]
> (http--0.0.0.0-8080-10) CanDoAction of action LoginAdminUser failed.
> Reasons:USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR
>
> All our linux boxes use the same LDAP server without issue, so I know
> that part is working.
>
> P.S. What is LDAPSecurityAuthentication (option_id 2) and what should
> it be set to?
>
>
>
>> <>
> Nathan Stratton CTO, BlinkMind, Inc.
> nathan at robotics.net nathan at blinkmind.com
> http://www.robotics.net http://www.blinkmind.com
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
More information about the Users
mailing list