[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Yair Zaslavsky yzaslavs at redhat.com
Sat Nov 22 13:54:58 UTC 2014



----- Original Message -----
> From: "Ondra Machacek" <omachace at redhat.com>
> To: "Yair Zaslavsky" <yzaslavs at redhat.com>
> Cc: "cameron christensen" <cameron.christensen at uk2group.com>, "Alon Bar-Lev" <alonbl at redhat.com>, users at ovirt.org
> Sent: Thursday, November 20, 2014 6:09:53 PM
> Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
> 
> Hi,
> 
> just tried it too.
> I was not successfull to reproduce, but the problem is that
> the domain part of LDAPSecurityAuthentication is uppercase
> as Cameron wrote.
> 
> In 3.4 it is OK when it's upper case - everything works OK,
> but in 3.5 it's not.
> 
> I checked differences and something like this would be enough, Yair?
> 
> diff --git
> a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
> b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExte
> index f5ab28d..ccaf04a 100644
> ---
> a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
> +++
> b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
> @@ -240,7 +240,7 @@ public class EngineExtensionsManager extends
> ExtensionsManager {
>                              )
>                      );
>                  }
> -                if (nameValue[0].equals(domain)) {
> +                if (nameValue[0].equalsIgnoreCase(domain)) {
>                      result = nameValue[1];
>                      break;
>                  }
> 
> 
> Ondra

Looks fine, but please email me in private a testing environment where I can check that.

Thanks!

P.S:
Another option worth trying is simply remove and add the domain, but hey, if you're already in 3.5, and removed the domain, why not use he generic ldap provider?

> 
> 
> ----- Original Message -----
> > From: "Alon Bar-Lev" <alonbl at redhat.com>
> > To: "Cameron Christensen" <cameron.christensen at uk2group.com>, "Yair
> > Zaslavsky" <yzaslavs at redhat.com>
> > Cc: users at ovirt.org
> > Sent: Monday, November 17, 2014 11:48:15 PM
> > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > IPA
> > 
> > 
> > 
> > ----- Original Message -----
> > > From: "Cameron Christensen" <cameron.christensen at uk2group.com>
> > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > Cc: users at ovirt.org
> > > Sent: Monday, November 17, 2014 11:43:34 PM
> > > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > > IPA
> > > 
> > > 
> > > 
> > > On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
> > > > 
> > > > ----- Original Message -----
> > > > > From: "Cameron Christensen" <cameron.christensen at uk2group.com>
> > > > > To: users at ovirt.org
> > > > > Sent: Friday, November 14, 2014 5:39:54 PM
> > > > > Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > > > > IPA
> > > > > 
> > > > > Hello,
> > > > > 
> > > > > I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> > > > > Starting up ovrit-engine the extension manager fails to properly load
> > > > > the service that handles Kerberos/LDAP.
> > > > 
> > > > This is probably a bug, can you please execute the following and paste
> > > > result:
> > > > 
> > > > # PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from
> > > > vdc_options where option_name='LDAPSecurityAuthentication'"
> > > > 
> > > 
> > >  option_id |        option_name         |   option_value    | version
> > > -----------+----------------------------+-------------------+---------
> > >        165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
> > > 
> > > I replaced my domain name with 'example.org'
> > > 
> > 
> > I thought it will be empty... and it contains valid value. Yair?
> 
> No, this is fine actually.
> 
> > 
> > Any I truly suggest you try out the new provider... Much easier to resolve
> > any issue, current and future, including easier to debug.
> > 
> > Alon
> > 
> 



More information about the Users mailing list