[Users] Problem running engine-manage-domain on oVirt 3.1.0-4

Itamar Heim iheim at redhat.com
Fri Jul 26 07:01:53 EDT 2013


On 07/26/2013 01:55 PM, Trevor Galloway wrote:
> Thanks Yair,
> I made the changes to the engine-manage-domains script as suggested in
> the gerrit link - that now works just fine, and also confirms what I
> thought the problem was all along - namely that the configured username
> returned on a `engine-manage-domains --action=list` is that of the
> previous admin.
> The problem being that their account is no longer valid within the
> active directory, hence validation fails.
> I've trawled the various ovirt config directories but can't find a
> resource that holds the username to use on the LDAP query. Presumably
> this is something that gets setup at install time?
> Is there a way to re-configure the underlying username?

engine-manage-domains should allow you to set the user used in the ldap 
query via -action=list.
then you can use -action=edit to update it

> Many thanks,
> Trevor
>
>
> On 25 July 2013 22:29, Yair Zaslavsky <yzaslavs at redhat.com
> <mailto:yzaslavs at redhat.com>> wrote:
>
>
>
>     ----- Original Message -----
>      > From: "Trevor Galloway" <trevgall at googlemail.com
>     <mailto:trevgall at googlemail.com>>
>      > To: users at ovirt.org <mailto:users at ovirt.org>
>      > Sent: Thursday, July 25, 2013 7:51:56 PM
>      > Subject: [Users] Problem running engine-manage-domain on oVirt
>     3.1.0-4
>      >
>      > Hello oVirt Users,
>      >
>      >
>      >
>      > Just signed up to the user mailing list and have a question
>     regarding an
>      > error being reported to stdout when running engine-manage-domains.
>      >
>      >
>      >
>      > When running the `engine-manage-domains` utility from the command
>     line I
>      > see the following error reported:
>      >
>      >
>      >
>      > *[root at hive ovirt-engine]# engine-manage-domains -action=list*
>      >
>      > *Failed reading current configuration. Details: Error "Key for add
>      > operation must be defined!" while reading configuration value
>     AdUserName.*
>      >
>      >
>      >
>      > A quick Google on this leads directly to Bugzilla – Bug 883846 –
>     which
>      > looks like it’s fixed in the 3.2 version. Can anyone confirm
>     that? I’ve
>      > inherited a DL580 running oVirt Manager and a bunch of VM’s, and
>     don’t
>      > really want to undertake an upgrade just now if I don’t have to.
>
>     This is indeed the issue.
>
>      >
>      >
>      >
>      >
>      >
>      > The real problem seems to be that I can’t assign a user with any
>     roles
>      > since the ldap lookup to the active server fails – due, I think,
>     to the
>      > fact that the query is configured to authenticate with the
>     previous admins
>      > credentials – they left and the account is now disabled. J
>      >
>      >
>      >
>      > From the /var/log/ovirt-engine/engine.log
>      >
>      >  *2013-07-25 11:32:15,574 ERROR
>      >
>     [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
>      > (ajp--0.0.0.0-8009-1) Authentication failed. The user is either
>     locked or
>      > disabled*
>      >
>      > *2013-07-25 11:32:15,575 ERROR
>      > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
>      > (ajp--0.0.0.0-8009-1) Failed ldap search server
>      > LDAP://<my_active_directory>:389 due to
>      >
>     org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException. We
>      > should not try the next server:
>      > org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException*
>      >
>      > * *
>      >
>      > The above gets written out as soon as I hit the Go button in the
>     Add System
>      > Permission to User dialogue window.
>
>     engine-manage-domains uses engine-config and provides its a
>     configuration (after the above bug fix) with keys in form of "key=".
>     If you really don't want to upgrade, maybe you should consider
>     editing the engine-manage-domains script, as in
>
>     http://gerrit.ovirt.org/#/c/9743/3/backend/manager/conf/kerberos/engine-manage-domains
>     ?
>
>     You will have to do that for any altering operations on domains and
>     their associated users.
>
>     Please let us know if it worked for you
>
>     Many thanks,
>     Yair
>
>
>      >
>      >
>      >
>      > Thanks in advance for any advice!
>      >
>      > _______________________________________________
>      > Users mailing list
>      > Users at ovirt.org <mailto:Users at ovirt.org>
>      > http://lists.ovirt.org/mailman/listinfo/users
>      >
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>



More information about the Users mailing list