[Users] unable to use ad authentication

Eli Mesika emesika at redhat.com
Tue Nov 5 09:45:17 UTC 2013 


----- Original Message -----
> From: "david van zeebroeck" <david at analytics.brusselsairport.be>
> To: users at ovirt.org
> Sent: Tuesday, November 5, 2013 10:59:43 AM
> Subject: [Users] unable to use ad authentication
> 
> hello i'm trying to use ad authentication in my ovirt setup
> however i can't seem to get it to work.
> 
> i can browse the ad and select users & groups but logging in does not work
> 
> output of engine-manage-domains
> engine-manage-domains -report -action=validate
> Domain mydomain.com is valid.
> The configured user for domain mydomain.com is sync at MYDOMAIN.COM
> Manage Domains completed successfully
> 
> in the egine.log i see following info :
> 2013-11-05 09:53:45,088 ERROR
> [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
> (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
> (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
> DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
> exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
> 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
> v1db1]; remaining name ''
> 2013-11-05 09:53:45,100 ERROR
> [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
> srvdc06.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
> error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
> name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException:
> : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error
> processing name, data 0, v1db1]; remaining name ''. We should try the next
> server
> 2013-11-05 09:53:45,179 ERROR
> [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
> (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
> (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
> DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
> exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
> 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
> v1db1]; remaining name ''
> 2013-11-05 09:53:45,189 ERROR
> [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
> srvdc04.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
> error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
> name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException:
> : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error
> processing name, data 0, v1db1]; remaining name ''. We should try the next
> server
> 2013-11-05 09:53:45,253 ERROR
> [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
> (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
> (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
> DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
> exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
> 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
> v1db1]; remaining name ''
> 2013-11-05 09:53:45,262 ERROR
> [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
> srvdc05.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
> error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
> name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException:
> : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error
> processing name, data 0, v1db1]; remaining name ''. We should try the next
> server
> 2013-11-05 09:53:45,335 ERROR
> [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
> (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
> (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
> DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested
> exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
> 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0,
> v23f0]; remaining name ''
> 2013-11-05 09:53:45,353 ERROR
> [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
> srvdc08.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
> error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing
> name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException:
> : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error
> processing name, data 0, v23f0]; remaining name ''. We should try the next
> server
> 2013-11-05 09:53:45,433 ERROR
> [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
> (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
> (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
> DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested
> exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
> 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0,
> v23f0]; remaining name ''
> 2013-11-05 09:53:45,451 ERROR
> [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
> srvdc07.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
> error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing
> name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException:
> : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error
> processing name, data 0, v23f0]; remaining name ''. We should try the next
> server
> 2013-11-05 09:53:45,523 ERROR
> [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper]
> (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is
> (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr:
> DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested
> exception is javax.naming.InvalidNameException: : [LDAP: error code 34 -
> 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0,
> v1db1]; remaining name ''
> 2013-11-05 09:53:45,540 ERROR
> [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP://
> srvdc03.mydomain.com:389 using user vzeebrod at MYDOMAIN.COM due to : [LDAP:
> error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing
> name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException:
> : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error
> processing name, data 0, v1db1]; remaining name ''. We should try the next
> server
> 2013-11-05 09:53:45,987 WARN
> [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--127.0.0.1-8702-11)
> CanDoAction of action LoginAdminUser failed.
> Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION

Hi

It seems that you had added a user using AD but didn't assign him any role.
Please note that you should assign entities permissions (shown on the permission TAB when you select an entity instance)


> 
> when i try to get a kerberos ticket on the server i'm able to get a correct
> ticket
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list