[ovirt-users] Can not configure with simple LDAP.

Alon Bar-Lev alonbl at redhat.com
Mon Oct 6 15:50:20 UTC 2014 


----- Original Message -----
> From: "Fumihide Tani" <RXC05271 at nifty.com>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Monday, October 6, 2014 6:47:15 PM
> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> 
> Alon,
> 
> Sorry, I forgetted to start my DNS server.
> After that everything goes well.
> I can add LDAP account and login to the Web Portal by LDAP account
> successfully!

great, now try this sequence:
1. define a group X in ldap.
2. define a group Y in ldap which is member of group X.
3. define user U that is member of group Y.
4. add group X into ovirt-engine as superuser.
5. try to login with user U.

it should work unless we have an issue.

> 
> (2014/10/07 0:33), Alon Bar-Lev wrote:
> > 2014-10-07 00:27:59,829 DEBUG
> > [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-14)
> > Exception during sequence: LDAPException(resultCode=91 (connect error),
> > errorMessage='An error occurred while attempting to connect to server
> > ldap.rxc05271.com:389:  java.io.IOException: An error occurred while
> > attempting to establish a connection to server
> > ldap.rxc05271.com/111.64.166.75:389:  java.net.ConnectException:
> > Connection refused')
> >
> >
> > ----- Original Message -----
> >> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >> Cc: users at ovirt.org
> >> Sent: Monday, October 6, 2014 6:31:17 PM
> >> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> >>
> >> engine.log attached.
> >>
> >> Regards
> >>
> >> (2014/10/06 23:57), Alon Bar-Lev wrote:
> >>> ----- Original Message -----
> >>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>> Cc: users at ovirt.org
> >>>> Sent: Monday, October 6, 2014 3:40:05 PM
> >>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> >>>>
> >>>> Alon,
> >>>>
> >>>> Thanks, the ovirt-engine-extension-aaa-ldap was updated successfully.
> >>>> and then I restarted my ovirt-engine.
> >>>>
> >>>> I tried the following:
> >>>>
> >>>> 1) Login to the User Portal using LDAP account "tani".
> >>>> Failed. (it was able to login before doing update.)
> >>>>
> >>>> 2) Then deleting the LDAP account "tani" from admin portal.
> >>>>
> >>>> 3) Tried to add new account "tani" again.
> >>>> I selected "rxc05271.com (authz-company)" instead of "internal
> >>>> (internal)"
> >>>> but "Go" bottun is hidden.
> >>>>
> >>>> What should I do next?
> >>> it probably means that the engine cannot interact with the ldap.
> >>> can you see any error message during engine startup that related?
> >>> can you stop engine remove engine.log start engine and send me the
> >>> engine.log?
> >>>
> >>>> Regards,
> >>>> Fumihide Tani
> >>>>
> >>>> (2014/10/06 20:39), Alon Bar-Lev wrote:
> >>>>> ----- Original Message -----
> >>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>>>> Cc: users at ovirt.org
> >>>>>> Sent: Monday, October 6, 2014 2:36:38 PM
> >>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> >>>>>>
> >>>>>> Hi, Alon
> >>>>>>
> >>>>>> I can not update the ovirt-engine-extension-aaa-ldap.noarch
> >>>>>> 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the one you
> >>>>>> specified.
> >>>>>> Is it still not exist in ovirt-3.5-pre repo?
> >>>>> right, they are at snapshots.
> >>>>> you can take the extension rpm and only update it.
> >>>>>
> >>>>> yum localupdate
> >>>>> http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d.el6.noarch.rpm
> >>>>>
> >>>>>> Regards,
> >>>>>> Fumihide Tani
> >>>>>>
> >>>>>> (2014/10/06 17:07), Alon Bar-Lev wrote:
> >>>>>>> Hello Fumihide,
> >>>>>>>
> >>>>>>> I pushed a significant change into ldap package, in some cases it
> >>>>>>> will
> >>>>>>> provide better response times.
> >>>>>>> The change is within group resolution.
> >>>>>>> I wounder if you can test it, should be at least
> >>>>>>> ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d.
> >>>>>>>
> >>>>>>> Regards,
> >>>>>>> Alon Bar-Lev.
> >>>>>>>
> >>>>>>> ----- Original Message -----
> >>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>>>>>> Cc: users at ovirt.org
> >>>>>>>> Sent: Thursday, September 25, 2014 4:41:09 PM
> >>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> >>>>>>>>
> >>>>>>>> Hi, Alon,
> >>>>>>>>
> >>>>>>>> Without waiting until the weekend,
> >>>>>>>> I have finished the flesh install of the oVirt 3.5 RC3 today.
> >>>>>>>> As a result, with same AAA settings,
> >>>>>>>> My OpenLDAP's users became possible to login to the Web User Portal
> >>>>>>>> now.
> >>>>>>>> Yes, RC3 is good for integrating with newest OpenLDAP 2.4.23, RC2 is
> >>>>>>>> not.
> >>>>>>>>
> >>>>>>>> Very much thanks,
> >>>>>>>> Fumihide Tani
> >>>>>>>>
> >>>>>>>> (2014/09/25 7:27), Alon Bar-Lev wrote:
> >>>>>>>>> This is severe, the upgrade is not working properly you have issues
> >>>>>>>>> with
> >>>>>>>>> accessing database.
> >>>>>>>>> If database is not important I suggest a fresh install, run
> >>>>>>>>> engine-cleanup
> >>>>>>>>> then engine-setup.
> >>>>>>>>> If database is important please forward this to devel mailing list
> >>>>>>>>> for
> >>>>>>>>> someone to help, regardless of LDAP.
> >>>>>>>>> Regards,
> >>>>>>>>> Alon
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> 4-09-25 00:36:08,389 ERROR
> >>>>>>>>> [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo]
> >>>>>>>>> (DefaultQuartzScheduler_Worker-7) ArrayIndexOutOfBoundsException:
> >>>>>>>>> 1:
> >>>>>>>>> java.lang.ArrayIndexOutOfBoundsException: 1
> >>>>>>>>> 	at
> >>>>>>>>> 	org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208)
> >>>>>>>>> 	[dal.jar:]
> >>>>>>>>> 	at
> >>>>>>>>> 	org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20)
> >>>>>>>>> 	[dal.jar:]
> >>>>>>>>> 	at
> >>>>>>>>> 	org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184)
> >>>>>>>>> 	[dal.jar:]
> >>>>>>>>> 	at
> >>>>>>>>> 	org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168)
> >>>>>>>>> 	[dal.jar:]
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> ----- Original Message -----
> >>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>>>>>>>> Sent: Wednesday, September 24, 2014 6:40:58 PM
> >>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> >>>>>>>>>>
> >>>>>>>>>> Result of running engine-setup:
> >>>>>>>>>> [root at ovirt ~]# yum list installed|grep ovirt-engine
> >>>>>>>>>> ovirt-engine.noarch 3.5.0-0.0.master.20140923231936.git42065cc.el6
> >>>>>>>>>>
> >>>>>>>>>> Yes, engine is updated to newest one.!
> >>>>>>>>>>
> >>>>>>>>>> But I still continued failing to login.
> >>>>>>>>>> engine.log attached.
> >>>>>>>>>>
> >>>>>>>>>> Very thanks,
> >>>>>>>>>>
> >>>>>>>>>> (2014/09/24 23:59), Alon Bar-Lev wrote:
> >>>>>>>>>>> you probably need to run engine-setup
> >>>>>>>>>>>
> >>>>>>>>>>> ----- Original Message -----
> >>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:59:22 PM
> >>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Oops!
> >>>>>>>>>>>> # yum list installed | grep ovirt-engine
> >>>>>>>>>>>> ovirt-engine.noarch
> >>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6
> >>>>>>>>>>>> (snip)
> >>>>>>>>>>>> .....
> >>>>>>>>>>>>
> >>>>>>>>>>>> Many ovirt-3.5-* modules are updated by yum today but engine is
> >>>>>>>>>>>> not.
> >>>>>>>>>>>> Why not updated to RC3??
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> (2014/09/24 22:42), Alon Bar-Lev wrote:
> >>>>>>>>>>>>> Unless I am missing something, you run old engine:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> 2014-09-24 22:16:24,136 INFO
> >>>>>>>>>>>>> [org.ovirt.engine.core.bll.Backend]
> >>>>>>>>>>>>> (MSC
> >>>>>>>>>>>>> service thread 1-12) Running ovirt-engine
> >>>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> ----- Original Message -----
> >>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:21:09 PM
> >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Attached engine.log with "FINEST"
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> (2014/09/24 21:32), Alon Bar-Lev wrote:
> >>>>>>>>>>>>>>> ----- Original Message -----
> >>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>>>>>>>>>>>>>> Cc: users at ovirt.org
> >>>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 3:24:23 PM
> >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
> >>>>>>>>>>>>>>>> LDAP.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Hi, Alon,
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> I have updated the oVirt 3.5 RC2 to the newest RC3 today.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>          From my CentOS6.5 based oVirt Engine server and the
> >>>>>>>>>>>>>>>>          oVirt
> >>>>>>>>>>>>>>>>          Host
> >>>>>>>>>>>>>>>>          server,
> >>>>>>>>>>>>>>>> # yum clean all
> >>>>>>>>>>>>>>>> # yum update
> >>>>>>>>>>>>>>>> Then rebooted these servers.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> But my LDAP problem is continued and same result as before.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> When I login to the oVirt User Portal,
> >>>>>>>>>>>>>>>> User Name: tani
> >>>>>>>>>>>>>>>> Password: (OpenLDAP's userPassword)
> >>>>>>>>>>>>>>>> Domain: rxc05271.com
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> UI displays "General command validation failure."
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Please advice.
> >>>>>>>>>>>>>>> Hopefully I can if you provide log... :)
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>>> Fumihide Tani
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> (2014/09/22 22:20), Alon Bar-Lev wrote:
> >>>>>>>>>>>>>>>>> The version of engine you are using is probably out of date
> >>>>>>>>>>>>>>>>> and
> >>>>>>>>>>>>>>>>> unsynced
> >>>>>>>>>>>>>>>>> with latest ldap package (20140821064931).
> >>>>>>>>>>>>>>>>> Please make sure you take latest from[1]
> >>>>>>>>>>>>>>>>> Thanks!
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> ----- Original Message -----
> >>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>>>>>>>>>>>>>>>> Cc: users at ovirt.org
> >>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:42:52 PM
> >>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
> >>>>>>>>>>>>>>>>>> LDAP.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Hi, Alon,
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Your requested engine.log attached.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Also, I tried to login to web user portal by "tani"
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> User Name: tani
> >>>>>>>>>>>>>>>>>> Password:    (OpenLDAP userPassword)
> >>>>>>>>>>>>>>>>>> Domain: rxc05271.com
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> cause: "General command validation failure."
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Attated log includes login by "Fumihide" first, "tani"
> >>>>>>>>>>>>>>>>>> second.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Very thanks,
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> (2014/09/22 21:24), Alon Bar-Lev wrote:
> >>>>>>>>>>>>>>>>>>> ----- Original Message -----
> >>>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
> >>>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
> >>>>>>>>>>>>>>>>>>>> Cc: users at ovirt.org
> >>>>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:06:39 PM
> >>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
> >>>>>>>>>>>>>>>>>>>> LDAP.
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Sorry, I misunderstood.
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> This is outputs after LDAP user logged in.
> >>>>>>>>>>>>>>>>>>> Please attach log as files, not inline, easier to handle.
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,638 DEBUG
> >>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework]
> >>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4)
> >>>>>>>>>>>>>>>>>>> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com',
> >>>>>>>>>>>>>>>>>>> scope=SUB,
> >>>>>>>>>>>>>>>>>>> deref=NEVER, sizeLimit=0, timeLimit=0,
> >>>>>>>>>>>>>>>>>>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)',
> >>>>>>>>>>>>>>>>>>> attrs={entryUUID,
> >>>>>>>>>>>>>>>>>>> uid, displayName, memberOf, department, givenName, sn,
> >>>>>>>>>>>>>>>>>>> title,
> >>>>>>>>>>>>>>>>>>> mail},
> >>>>>>>>>>>>>>>>>>> controls={SimplePagedResultsControl(pageSize=100,
> >>>>>>>>>>>>>>>>>>> isCritical=false)})
> >>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,640 DEBUG
> >>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework]
> >>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4)
> >>>>>>>>>>>>>>>>>>> SearchResult: SearchResult(resultCode=0 (success),
> >>>>>>>>>>>>>>>>>>> messageID=3,
> >>>>>>>>>>>>>>>>>>> entriesReturned=0, referencesReturned=0,
> >>>>>>>>>>>>>>>>>>> responseControls={SimplePagedResultsControl(pageSize=0,
> >>>>>>>>>>>>>>>>>>> isCritical=false)})
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> >From the above I see that a search was issued:
> >>>>>>>>>>>>>>>>>>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide)
> >>>>>>>>>>>>>>>>>>> And no result returned.
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Per previous output:
> >>>>>>>>>>>>>>>>>>> ---
> >>>>>>>>>>>>>>>>>>> # tani, Users, rxc05271.com
> >>>>>>>>>>>>>>>>>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
> >>>>>>>>>>>>>>>>>>> objectClass: inetOrgPerson
> >>>>>>>>>>>>>>>>>>> objectClass: uidObject
> >>>>>>>>>>>>>>>>>>> uid: tani
> >>>>>>>>>>>>>>>>>>> cn: Fumihide Tani
> >>>>>>>>>>>>>>>>>>> givenName: Fumihide
> >>>>>>>>>>>>>>>>>>> mail: tani at rxc05271.com
> >>>>>>>>>>>>>>>>>>> sn: Tani
> >>>>>>>>>>>>>>>>>>> userPassword:: a3VtaXRhbg==
> >>>>>>>>>>>>>>>>>>> ---
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Your user name is tani and not Fumihide.
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Alon
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>
> >>
> >
> 
> 
>

More information about the Users mailing list