[ovirt-users] Adding domain to oVirt to 3.5 issue
Alon Bar-Lev
alonbl at redhat.com
Fri Dec 5 13:01:34 UTC 2014
Hi!
I tested the configuration and it worked properly.
----- Original Message -----
> From: "Juan Jose" <jj197005 at gmail.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "Ondra Machacek" <omachace at redhat.com>, "Yair Zaslavsky" <yzaslavs at redhat.com>, users at ovirt.org
> Sent: Friday, December 5, 2014 1:10:06 PM
> Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue
>
> Hello Alon,
>
> I have deleted Legacy domain with engine-manage-domain, and I have changed
> configuration to absolute file name as you can see:
>
> /etc/ovirt-engine/extensions.d/siee-local-authn.properties:
>
> ovirt.engine.extension.name = siee-local-authn
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthnExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
> ovirt.engine.aaa.authn.profile.name = siee
> ovirt.engine.aaa.authn.authz.plugin = siee-local-authz
> config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties
Please move this file to /etc/ovirt-engine/aaa/siee.properties, it should not reside within the extensions.d
>
> /etc/ovirt-engine/extensions.d/siee-local-authz.properties:
>
> ovirt.engine.extension.name = siee-local-authz
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module =
> org.ovirt.engine-extensions.aaa.ldap
> ovirt.engine.extension.binding.jbossmodule.class =
> org.ovirt.engineextensions.aaa.ldap.AuthzExtension
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
> config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties
Same.
>
> I had configured relative file name because the example
> /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties
> has a relative file name.
Yes, as I wrote, this relative is coming int 3.5.1.
> I have done the same: delete engine.log, restart ovirt-engine and try log
> in and the same error is showed, "General command validation failure."
Please first refer the startup errors, there is no much sense to try login if startup fails... :)
In your case:
2014-12-05 11:25:05,575 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-2) [ovirt-engine-extension-aaa-ldap.authz::siee-local-authz] Cannot initialize LDAP framework, deferring initialization. Error: null
Which is as if something missing.
I took your configuration as-is and it does work, in the exception of moving /etc/ovirt-engine/extensions.d/aaa to /etc/ovirt-engine/aaa as it should be, please perform this change and modify the file locations within extension properties file.
I need to figure out what is happening, so from README[1], please follow the following instructions and restart engine so we get more verbose logs.
Update:
/usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in
Make sure handle level name is ALL for ENGINE, if not set like I am unsure if in 3.5.0 this was the case:
---
<file-handler name="ENGINE" autoflush="true">
<level name="ALL"/>
---
Add the following before the <root-logger> line:
---
<logger category="org.ovirt.engineextensions.aaa.ldap">
<level name="ALL"/>
</logger>
---
Restart the engine and send the engine.log, this way I can see what happening during initialization.
Thanks for checking it out, hopefully something trivial is missing,
Alon
[1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l230
More information about the Users
mailing list