[Users] Problem running engine-manage-domain on oVirt 3.1.0-4
Itamar Heim
iheim at redhat.com
Fri Jul 26 13:29:28 UTC 2013
On 07/26/2013 03:54 PM, Trevor Galloway wrote:
> Thanks Itamar for the suggestion - however the `-action=edit` fails
> since the currently configured user account is inactive within the
> active directory - it looks as if there is an initial authentication
> that needs to validate before the edit can proceed ... :(
> Hence my query about being able to reset the underlying username that
> engine-manage-domains uses?
you can delete the domain, then add it.
(and i'd expect edit allows you to set the new user and use it, strange
it will fail you)
> Thanks
> Trevor
>
>
> On 26 July 2013 12:01, Itamar Heim <iheim at redhat.com
> <mailto:iheim at redhat.com>> wrote:
>
> On 07/26/2013 01:55 PM, Trevor Galloway wrote:
>
> Thanks Yair,
> I made the changes to the engine-manage-domains script as
> suggested in
> the gerrit link - that now works just fine, and also confirms what I
> thought the problem was all along - namely that the configured
> username
> returned on a `engine-manage-domains --action=list` is that of the
> previous admin.
> The problem being that their account is no longer valid within the
> active directory, hence validation fails.
> I've trawled the various ovirt config directories but can't find a
> resource that holds the username to use on the LDAP query.
> Presumably
> this is something that gets setup at install time?
> Is there a way to re-configure the underlying username?
>
>
> engine-manage-domains should allow you to set the user used in the
> ldap query via -action=list.
> then you can use -action=edit to update it
>
> Many thanks,
> Trevor
>
>
> On 25 July 2013 22:29, Yair Zaslavsky <yzaslavs at redhat.com
> <mailto:yzaslavs at redhat.com>
> <mailto:yzaslavs at redhat.com <mailto:yzaslavs at redhat.com>>> wrote:
>
>
>
> ----- Original Message -----
> > From: "Trevor Galloway" <trevgall at googlemail.com
> <mailto:trevgall at googlemail.com>
> <mailto:trevgall at googlemail.__com
> <mailto:trevgall at googlemail.com>>>
> > To: users at ovirt.org <mailto:users at ovirt.org>
> <mailto:users at ovirt.org <mailto:users at ovirt.org>>
> > Sent: Thursday, July 25, 2013 7:51:56 PM
> > Subject: [Users] Problem running engine-manage-domain on
> oVirt
> 3.1.0-4
> >
> > Hello oVirt Users,
> >
> >
> >
> > Just signed up to the user mailing list and have a question
> regarding an
> > error being reported to stdout when running
> engine-manage-domains.
> >
> >
> >
> > When running the `engine-manage-domains` utility from
> the command
> line I
> > see the following error reported:
> >
> >
> >
> > *[root at hive ovirt-engine]# engine-manage-domains
> -action=list*
> >
> > *Failed reading current configuration. Details: Error
> "Key for add
> > operation must be defined!" while reading configuration
> value
> AdUserName.*
> >
> >
> >
> > A quick Google on this leads directly to Bugzilla – Bug
> 883846 –
> which
> > looks like it’s fixed in the 3.2 version. Can anyone confirm
> that? I’ve
> > inherited a DL580 running oVirt Manager and a bunch of
> VM’s, and
> don’t
> > really want to undertake an upgrade just now if I don’t
> have to.
>
> This is indeed the issue.
>
> >
> >
> >
> >
> >
> > The real problem seems to be that I can’t assign a user
> with any
> roles
> > since the ldap lookup to the active server fails – due,
> I think,
> to the
> > fact that the query is configured to authenticate with the
> previous admins
> > credentials – they left and the account is now disabled. J
> >
> >
> >
> > From the /var/log/ovirt-engine/engine.__log
> >
> > *2013-07-25 11:32:15,574 ERROR
> >
>
> [org.ovirt.engine.core.bll.__adbroker.__GSSAPIDirContextAuthentication__Strategy]
> > (ajp--0.0.0.0-8009-1) Authentication failed. The user is
> either
> locked or
> > disabled*
> >
> > *2013-07-25 11:32:15,575 ERROR
> > [org.ovirt.engine.core.bll.__adbroker.DirectorySearcher]
> > (ajp--0.0.0.0-8009-1) Failed ldap search server
> > LDAP://<my_active_directory>:__389 due to
> >
>
> org.ovirt.engine.core.bll.__adbroker.__EngineDirectoryServiceExceptio__n.
> We
> > should not try the next server:
> >
> org.ovirt.engine.core.bll.__adbroker.__EngineDirectoryServiceExceptio__n*
> >
> > * *
> >
> > The above gets written out as soon as I hit the Go
> button in the
> Add System
> > Permission to User dialogue window.
>
> engine-manage-domains uses engine-config and provides its a
> configuration (after the above bug fix) with keys in form
> of "key=".
> If you really don't want to upgrade, maybe you should consider
> editing the engine-manage-domains script, as in
>
> http://gerrit.ovirt.org/#/c/__9743/3/backend/manager/conf/__kerberos/engine-manage-domains
> <http://gerrit.ovirt.org/#/c/9743/3/backend/manager/conf/kerberos/engine-manage-domains>
> ?
>
> You will have to do that for any altering operations on
> domains and
> their associated users.
>
> Please let us know if it worked for you
>
> Many thanks,
> Yair
>
>
> >
> >
> >
> > Thanks in advance for any advice!
> >
> > _________________________________________________
> > Users mailing list
> > Users at ovirt.org <mailto:Users at ovirt.org>
> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
> > http://lists.ovirt.org/__mailman/listinfo/users
> <http://lists.ovirt.org/mailman/listinfo/users>
>
> >
>
>
>
>
> _________________________________________________
> Users mailing list
> Users at ovirt.org <mailto:Users at ovirt.org>
> http://lists.ovirt.org/__mailman/listinfo/users
> <http://lists.ovirt.org/mailman/listinfo/users>
>
>
>
More information about the Users
mailing list