[Users] Problem running engine-manage-domain on oVirt 3.1.0-4
Trevor Galloway
trevgall at googlemail.com
Fri Jul 26 06:55:01 EDT 2013
Thanks Yair,
I made the changes to the engine-manage-domains script as suggested in the
gerrit link - that now works just fine, and also confirms what I thought
the problem was all along - namely that the configured username returned on
a `engine-manage-domains --action=list` is that of the previous admin.
The problem being that their account is no longer valid within the active
directory, hence validation fails.
I've trawled the various ovirt config directories but can't find a resource
that holds the username to use on the LDAP query. Presumably this is
something that gets setup at install time?
Is there a way to re-configure the underlying username?
Many thanks,
Trevor
On 25 July 2013 22:29, Yair Zaslavsky <yzaslavs at redhat.com> wrote:
>
>
> ----- Original Message -----
> > From: "Trevor Galloway" <trevgall at googlemail.com>
> > To: users at ovirt.org
> > Sent: Thursday, July 25, 2013 7:51:56 PM
> > Subject: [Users] Problem running engine-manage-domain on oVirt 3.1.0-4
> >
> > Hello oVirt Users,
> >
> >
> >
> > Just signed up to the user mailing list and have a question regarding an
> > error being reported to stdout when running engine-manage-domains.
> >
> >
> >
> > When running the `engine-manage-domains` utility from the command line I
> > see the following error reported:
> >
> >
> >
> > *[root at hive ovirt-engine]# engine-manage-domains -action=list*
> >
> > *Failed reading current configuration. Details: Error "Key for add
> > operation must be defined!" while reading configuration value
> AdUserName.*
> >
> >
> >
> > A quick Google on this leads directly to Bugzilla – Bug 883846 – which
> > looks like it’s fixed in the 3.2 version. Can anyone confirm that? I’ve
> > inherited a DL580 running oVirt Manager and a bunch of VM’s, and don’t
> > really want to undertake an upgrade just now if I don’t have to.
>
> This is indeed the issue.
>
> >
> >
> >
> >
> >
> > The real problem seems to be that I can’t assign a user with any roles
> > since the ldap lookup to the active server fails – due, I think, to the
> > fact that the query is configured to authenticate with the previous
> admins
> > credentials – they left and the account is now disabled. J
> >
> >
> >
> > From the /var/log/ovirt-engine/engine.log
> >
> > *2013-07-25 11:32:15,574 ERROR
> >
> [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
> > (ajp--0.0.0.0-8009-1) Authentication failed. The user is either locked or
> > disabled*
> >
> > *2013-07-25 11:32:15,575 ERROR
> > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> > (ajp--0.0.0.0-8009-1) Failed ldap search server
> > LDAP://<my_active_directory>:389 due to
> > org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException. We
> > should not try the next server:
> > org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException*
> >
> > * *
> >
> > The above gets written out as soon as I hit the Go button in the Add
> System
> > Permission to User dialogue window.
>
> engine-manage-domains uses engine-config and provides its a configuration
> (after the above bug fix) with keys in form of "key=".
> If you really don't want to upgrade, maybe you should consider editing the
> engine-manage-domains script, as in
>
>
> http://gerrit.ovirt.org/#/c/9743/3/backend/manager/conf/kerberos/engine-manage-domains?
>
> You will have to do that for any altering operations on domains and their
> associated users.
>
> Please let us know if it worked for you
>
> Many thanks,
> Yair
>
>
> >
> >
> >
> > Thanks in advance for any advice!
> >
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20130726/512159b6/attachment-0001.html>
More information about the Users
mailing list