[Users] ActiveDirectory problems

Joop jvdwege at xs4all.nl
Fri Sep 14 22:07:06 UTC 2012


Hi List,

I have been reading the list for quite sometime and I have a question 
because I can't find the problem myself.
I have an oVirt-3.1 setup with 3 nodes (Fed17 install from LiveCD + 
vdsm) and an engine install. Sofar this all works. Can create VM's, can 
migrate them, no problems ( well one but thats for another post, vdsmd 
doesn't start at system start).
Version of oVirt thats installed:
Installed Packages
ovirt-engine.noarch 3.1.0-2.fc17                          @ovirt-beta
ovirt-engine-backend.noarch 3.1.0-2.fc17                          
@ovirt-beta
ovirt-engine-cli.noarch 3.1.0.6-1.fc17                        @ovirt-beta
ovirt-engine-config.noarch 3.1.0-2.fc17                          
@ovirt-beta
ovirt-engine-dbscripts.noarch 3.1.0-2.fc17                          
@ovirt-beta
ovirt-engine-genericapi.noarch 3.1.0-2.fc17                          
@ovirt-beta
ovirt-engine-notification-service.noarch 
3.1.0-2.fc17                          @ovirt-beta
ovirt-engine-restapi.noarch 3.1.0-2.fc17                          
@ovirt-beta
ovirt-engine-sdk.noarch 3.1.0.4-1.fc17                        @ovirt-beta
ovirt-engine-setup.noarch 3.1.0-2.fc17                          @ovirt-beta
ovirt-engine-tools-common.noarch 3.1.0-2.fc17                          
@ovirt-beta
ovirt-engine-userportal.noarch 3.1.0-2.fc17                          
@ovirt-beta
ovirt-engine-webadmin-portal.noarch 
3.1.0-2.fc17                          @ovirt-beta
ovirt-image-uploader.noarch 3.1.0-0.git9c42c8.fc17                
@ovirt-beta
ovirt-iso-uploader.noarch 3.1.0-0.git1841d9.fc17                @ovirt-beta
ovirt-log-collector.noarch 3.1.0-0.git10d719.fc17                
@ovirt-beta

Next step is integrating with our AD setup. Ran engine-manage-domains 
-action=add -provider=ActiveDirectory -domain=nieuwland.local 
-user=admin -interactive
Message is:
WARNING: No permissions were added to the Engine. Login either with the 
internal admin user or with another configured user
Successfully added domain nieuwland.local. oVirt Engine restart is 
required in order for the changes to take place (service
Manage Domains completed successfully

The specified admin is an DomainAdministrator.

The logfile in /var/log/engine/engine-manage-domains also says OK. The 
resulting krb5.conf in /etc/ovirt-engine looks also OK. The AD servers 
are resolvable forward and backward.
Then I'm lost because when I log into the Admin portal with the internal 
admin account and goto the Users tab and want to add a user from the 
nieuwland.local, myself (jvandewege) realm it won't work and I get the 
following in engine.log

2012-09-14 12:55:26,104 ERROR 
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher] 
(ajp--0.0.0.0-8009-12) Failed ldap search server 
LDAP://digit.nieuwland.local:389 due to java.lang.NullPointerException. 
We should try the next server: java.lang.NullPointerException
    at 
org.ovirt.engine.core.bll.adbroker.ADRootDSE.<init>(ADRootDSE.java:26) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.adbroker.RootDSEFactory.get(RootDSEFactory.java:14) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.adbroker.GetRootDSETask.setRootDSE(GetRootDSETask.java:97) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.adbroker.DirectorySearcher.find(DirectorySearcher.java:91) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.adbroker.DirectorySearcher.FindOne(DirectorySearcher.java:39) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand.executeQuery(LdapAuthenticateUserCommand.java:44) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase.Execute(LdapBrokerCommandBase.java:68) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.adbroker.LdapBrokerBase.RunAdAction(LdapBrokerBase.java:18) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.LoginUserCommand.authenticateUser(LoginUserCommand.java:30) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:177) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:14) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.CommandBase.InternalCanDoAction(CommandBase.java:486) 
[engine-bll.jar:]
    at 
org.ovirt.engine.core.bll.CommandBase.ExecuteAction(CommandBase.java:261) 
[engine-bll.jar:]
    at org.ovirt.engine.core.bll.Backend.Login(Backend.java:481) 
[engine-bll.jar:]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
[rt.jar:1.7.0_05-icedtea]
    at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
[rt.jar:1.7.0_05-icedtea]
    at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
[rt.jar:1.7.0_05-icedtea]
    at java.lang.reflect.Method.invoke(Method.java:601) 
[rt.jar:1.7.0_05-icedtea]
    at 
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) 
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.ovirt.engine.core.utils.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:11) 
[engine-utils.jar:]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
[rt.jar:1.7.0_05-icedtea]
    at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
[rt.jar:1.7.0_05-icedtea]
    at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
[rt.jar:1.7.0_05-icedtea]
    at java.lang.reflect.Method.invoke(Method.java:601) 
[rt.jar:1.7.0_05-icedtea]
    at 
org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) 
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) 
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) 
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) 
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) 
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) 
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) 
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) 
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) 
[jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) 
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) 
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) 
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) 
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
    at 
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) 
[jboss-invocation.jar:1.1.1.Final]
    at 
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) 
[jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
    at 
org.ovirt.engine.core.common.interfaces.BackendLocal$$$view9.Login(Unknown 
Source) [engine-common.jar:]
    at 
org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.Login(GenericApiGWTServiceImpl.java:157) 

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
[rt.jar:1.7.0_05-icedtea]
    at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
[rt.jar:1.7.0_05-icedtea]
    at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
[rt.jar:1.7.0_05-icedtea]
    at java.lang.reflect.Method.invoke(Method.java:601) 
[rt.jar:1.7.0_05-icedtea]
    at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196)
    at 
com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:161)
    at 
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:222)
    at 
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) 

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) 
[jboss-servlet-3.0-api.jar:1.0.1.Final]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) 
[jboss-servlet-3.0-api.jar:1.0.1.Final]
    at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) 

    at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) 

    at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) 

    at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) 

    at 
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) 

    at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) 

    at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 

    at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466)
    at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 

    at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
    at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505)
    at 
org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) 

    at 
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
    at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_05-icedtea]

2012-09-14 12:55:26,124 ERROR 
[org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] 
(ajp--0.0.0.0-8009-12) Failed authenticating user: admin to domain 
nieuwland.local. Ldap Query Type is getUserByName
2012-09-14 12:55:26,125 ERROR 
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-12) 
USER_FAILED_TO_AUTHENTICATE : admin
2012-09-14 12:55:26,125 WARN 
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-12) 
CanDoAction of action LoginAdminUser failed. 
Reasons:USER_FAILED_TO_AUTHENTICATE
2012-09-14 12:57:07,027 INFO 
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-5) 
Checking if user admin at internal is an admin, result true
2012-09-14 12:57:07,029 INFO 
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--0.0.0.0-8009-5) 
Running command: LoginAdminUserCommand internal: false.

Using Wireshark I don't see what I expected namely a well formed ldap 
search and a result. Can provide the dmp if needed.

Anyone had any luck and is willing to help me out?

Thanks in advance,

Joop




More information about the Users mailing list