[Users] Problem running engine-manage-domain on oVirt 3.1.0-4

Yair Zaslavsky yzaslavs at redhat.com
Thu Jul 25 21:29:35 UTC 2013 


----- Original Message -----
> From: "Trevor Galloway" <trevgall at googlemail.com>
> To: users at ovirt.org
> Sent: Thursday, July 25, 2013 7:51:56 PM
> Subject: [Users] Problem running engine-manage-domain on oVirt 3.1.0-4
> 
> Hello oVirt Users,
> 
> 
> 
> Just signed up to the user mailing list and have a question regarding an
> error being reported to stdout when running engine-manage-domains.
> 
> 
> 
> When running the `engine-manage-domains` utility from the command line I
> see the following error reported:
> 
> 
> 
> *[root at hive ovirt-engine]# engine-manage-domains -action=list*
> 
> *Failed reading current configuration. Details: Error "Key for add
> operation must be defined!" while reading configuration value AdUserName.*
> 
> 
> 
> A quick Google on this leads directly to Bugzilla – Bug 883846 – which
> looks like it’s fixed in the 3.2 version. Can anyone confirm that? I’ve
> inherited a DL580 running oVirt Manager and a bunch of VM’s, and don’t
> really want to undertake an upgrade just now if I don’t have to.

This is indeed the issue.

> 
> 
> 
> 
> 
> The real problem seems to be that I can’t assign a user with any roles
> since the ldap lookup to the active server fails – due, I think, to the
> fact that the query is configured to authenticate with the previous admins
> credentials – they left and the account is now disabled. J
> 
> 
> 
> From the /var/log/ovirt-engine/engine.log
> 
>  *2013-07-25 11:32:15,574 ERROR
> [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
> (ajp--0.0.0.0-8009-1) Authentication failed. The user is either locked or
> disabled*
> 
> *2013-07-25 11:32:15,575 ERROR
> [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> (ajp--0.0.0.0-8009-1) Failed ldap search server
> LDAP://<my_active_directory>:389 due to
> org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException. We
> should not try the next server:
> org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException*
> 
> * *
> 
> The above gets written out as soon as I hit the Go button in the Add System
> Permission to User dialogue window.

engine-manage-domains uses engine-config and provides its a configuration (after the above bug fix) with keys in form of "key=".
If you really don't want to upgrade, maybe you should consider editing the engine-manage-domains script, as in

http://gerrit.ovirt.org/#/c/9743/3/backend/manager/conf/kerberos/engine-manage-domains ?

You will have to do that for any altering operations on domains and their associated users.

Please let us know if it worked for you

Many thanks,
Yair


> 
> 
> 
> Thanks in advance for any advice!
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list