[Users] unable to use ad authentication

david van zeebroeck david at analytics.brusselsairport.be
Tue Nov 5 08:59:43 UTC 2013 

hello i'm trying to use ad authentication in my ovirt setup
however i can't seem to get it to work.

i can browse the ad and select users & groups but logging in does not work

output of engine-manage-domains
engine-manage-domains -report -action=validate
Domain mydomain.com is valid.
The configured user for domain mydomain.com is sync at MYDOMAIN.COM
Manage Domains completed successfully

in the egine.log i see following info :
2013-11-05 09:53:45,088 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
v1db1]; remaining name ''
2013-11-05 09:53:45,100 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc06.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
name, data 0, v1db1]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1];
remaining name ''. We should try the next server
2013-11-05 09:53:45,179 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
v1db1]; remaining name ''
2013-11-05 09:53:45,189 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc04.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
name, data 0, v1db1]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1];
remaining name ''. We should try the next server
2013-11-05 09:53:45,253 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
v1db1]; remaining name ''
2013-11-05 09:53:45,262 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc05.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
name, data 0, v1db1]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1];
remaining name ''. We should try the next server
2013-11-05 09:53:45,335 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0,
v23f0]; remaining name ''
2013-11-05 09:53:45,353 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc08.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing
name, data 0, v23f0]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0];
remaining name ''. We should try the next server
2013-11-05 09:53:45,433 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0,
v23f0]; remaining name ''
2013-11-05 09:53:45,451 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc07.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing
name, data 0, v23f0]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C09074B, comment: Error processing name, data 0, v23f0];
remaining name ''. We should try the next server
2013-11-05 09:53:45,523 ERROR
[org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
(ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
(cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
v1db1]; remaining name ''
2013-11-05 09:53:45,540 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
srvdc03.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
name, data 0, v1db1]; nested exception is
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F:
LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1];
remaining name ''. We should try the next server
2013-11-05 09:53:45,987 WARN
 [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--127.0.0.1-8702-11)
CanDoAction of action LoginAdminUser failed.
Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION

when i try to get a kerberos ticket on the server i'm able to get a correct
ticket
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20131105/e78ccde9/attachment-0001.html>

More information about the Users mailing list