[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
Yair Zaslavsky
yzaslavs at redhat.com
Sat Nov 22 13:54:58 UTC 2014
----- Original Message -----
> From: "Ondra Machacek" <omachace at redhat.com>
> To: "Yair Zaslavsky" <yzaslavs at redhat.com>
> Cc: "cameron christensen" <cameron.christensen at uk2group.com>, "Alon Bar-Lev" <alonbl at redhat.com>, users at ovirt.org
> Sent: Thursday, November 20, 2014 6:09:53 PM
> Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
>
> Hi,
>
> just tried it too.
> I was not successfull to reproduce, but the problem is that
> the domain part of LDAPSecurityAuthentication is uppercase
> as Cameron wrote.
>
> In 3.4 it is OK when it's upper case - everything works OK,
> but in 3.5 it's not.
>
> I checked differences and something like this would be enough, Yair?
>
> diff --git
> a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
> b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExte
> index f5ab28d..ccaf04a 100644
> ---
> a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
> +++
> b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
> @@ -240,7 +240,7 @@ public class EngineExtensionsManager extends
> ExtensionsManager {
> )
> );
> }
> - if (nameValue[0].equals(domain)) {
> + if (nameValue[0].equalsIgnoreCase(domain)) {
> result = nameValue[1];
> break;
> }
>
>
> Ondra
Looks fine, but please email me in private a testing environment where I can check that.
Thanks!
P.S:
Another option worth trying is simply remove and add the domain, but hey, if you're already in 3.5, and removed the domain, why not use he generic ldap provider?
>
>
> ----- Original Message -----
> > From: "Alon Bar-Lev" <alonbl at redhat.com>
> > To: "Cameron Christensen" <cameron.christensen at uk2group.com>, "Yair
> > Zaslavsky" <yzaslavs at redhat.com>
> > Cc: users at ovirt.org
> > Sent: Monday, November 17, 2014 11:48:15 PM
> > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > IPA
> >
> >
> >
> > ----- Original Message -----
> > > From: "Cameron Christensen" <cameron.christensen at uk2group.com>
> > > To: "Alon Bar-Lev" <alonbl at redhat.com>
> > > Cc: users at ovirt.org
> > > Sent: Monday, November 17, 2014 11:43:34 PM
> > > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > > IPA
> > >
> > >
> > >
> > > On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
> > > >
> > > > ----- Original Message -----
> > > > > From: "Cameron Christensen" <cameron.christensen at uk2group.com>
> > > > > To: users at ovirt.org
> > > > > Sent: Friday, November 14, 2014 5:39:54 PM
> > > > > Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > > > > IPA
> > > > >
> > > > > Hello,
> > > > >
> > > > > I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> > > > > Starting up ovrit-engine the extension manager fails to properly load
> > > > > the service that handles Kerberos/LDAP.
> > > >
> > > > This is probably a bug, can you please execute the following and paste
> > > > result:
> > > >
> > > > # PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from
> > > > vdc_options where option_name='LDAPSecurityAuthentication'"
> > > >
> > >
> > > option_id | option_name | option_value | version
> > > -----------+----------------------------+-------------------+---------
> > > 165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
> > >
> > > I replaced my domain name with 'example.org'
> > >
> >
> > I thought it will be empty... and it contains valid value. Yair?
>
> No, this is fine actually.
>
> >
> > Any I truly suggest you try out the new provider... Much easier to resolve
> > any issue, current and future, including easier to debug.
> >
> > Alon
> >
>
More information about the Users
mailing list