[ovirt-users] Can not configure with simple LDAP.
Fumihide Tani
RXC05271 at nifty.com
Mon Oct 6 16:46:05 UTC 2014
(2014/10/07 0:50), Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>> Cc: users at ovirt.org
>> Sent: Monday, October 6, 2014 6:47:15 PM
>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>
>> Alon,
>>
>> Sorry, I forgetted to start my DNS server.
>> After that everything goes well.
>> I can add LDAP account and login to the Web Portal by LDAP account
>> successfully!
> great, now try this sequence:
> 1. define a group X in ldap.
> 2. define a group Y in ldap which is member of group X.
> 3. define user U that is member of group Y.
> 4. add group X into ovirt-engine as superuser.
> 5. try to login with user U.
>
> it should work unless we have an issue.
I have done sequence 1 to 4.
I can successflly login to the User Portal using ldap's user U.
But my VMs which I have added permission to the group X as superuser
are not displayed on the screen.
Why not? something wrong?
>
>> (2014/10/07 0:33), Alon Bar-Lev wrote:
>>> 2014-10-07 00:27:59,829 DEBUG
>>> [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-14)
>>> Exception during sequence: LDAPException(resultCode=91 (connect error),
>>> errorMessage='An error occurred while attempting to connect to server
>>> ldap.rxc05271.com:389: java.io.IOException: An error occurred while
>>> attempting to establish a connection to server
>>> ldap.rxc05271.com/111.64.166.75:389: java.net.ConnectException:
>>> Connection refused')
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>> Cc: users at ovirt.org
>>>> Sent: Monday, October 6, 2014 6:31:17 PM
>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>
>>>> engine.log attached.
>>>>
>>>> Regards
>>>>
>>>> (2014/10/06 23:57), Alon Bar-Lev wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>>>> Cc: users at ovirt.org
>>>>>> Sent: Monday, October 6, 2014 3:40:05 PM
>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>
>>>>>> Alon,
>>>>>>
>>>>>> Thanks, the ovirt-engine-extension-aaa-ldap was updated successfully.
>>>>>> and then I restarted my ovirt-engine.
>>>>>>
>>>>>> I tried the following:
>>>>>>
>>>>>> 1) Login to the User Portal using LDAP account "tani".
>>>>>> Failed. (it was able to login before doing update.)
>>>>>>
>>>>>> 2) Then deleting the LDAP account "tani" from admin portal.
>>>>>>
>>>>>> 3) Tried to add new account "tani" again.
>>>>>> I selected "rxc05271.com (authz-company)" instead of "internal
>>>>>> (internal)"
>>>>>> but "Go" bottun is hidden.
>>>>>>
>>>>>> What should I do next?
>>>>> it probably means that the engine cannot interact with the ldap.
>>>>> can you see any error message during engine startup that related?
>>>>> can you stop engine remove engine.log start engine and send me the
>>>>> engine.log?
>>>>>
>>>>>> Regards,
>>>>>> Fumihide Tani
>>>>>>
>>>>>> (2014/10/06 20:39), Alon Bar-Lev wrote:
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>>>>>> Cc: users at ovirt.org
>>>>>>>> Sent: Monday, October 6, 2014 2:36:38 PM
>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>>>
>>>>>>>> Hi, Alon
>>>>>>>>
>>>>>>>> I can not update the ovirt-engine-extension-aaa-ldap.noarch
>>>>>>>> 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the one you
>>>>>>>> specified.
>>>>>>>> Is it still not exist in ovirt-3.5-pre repo?
>>>>>>> right, they are at snapshots.
>>>>>>> you can take the extension rpm and only update it.
>>>>>>>
>>>>>>> yum localupdate
>>>>>>> http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d.el6.noarch.rpm
>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Fumihide Tani
>>>>>>>>
>>>>>>>> (2014/10/06 17:07), Alon Bar-Lev wrote:
>>>>>>>>> Hello Fumihide,
>>>>>>>>>
>>>>>>>>> I pushed a significant change into ldap package, in some cases it
>>>>>>>>> will
>>>>>>>>> provide better response times.
>>>>>>>>> The change is within group resolution.
>>>>>>>>> I wounder if you can test it, should be at least
>>>>>>>>> ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d.
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Alon Bar-Lev.
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>>>>>>>> Cc: users at ovirt.org
>>>>>>>>>> Sent: Thursday, September 25, 2014 4:41:09 PM
>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>>>>>
>>>>>>>>>> Hi, Alon,
>>>>>>>>>>
>>>>>>>>>> Without waiting until the weekend,
>>>>>>>>>> I have finished the flesh install of the oVirt 3.5 RC3 today.
>>>>>>>>>> As a result, with same AAA settings,
>>>>>>>>>> My OpenLDAP's users became possible to login to the Web User Portal
>>>>>>>>>> now.
>>>>>>>>>> Yes, RC3 is good for integrating with newest OpenLDAP 2.4.23, RC2 is
>>>>>>>>>> not.
>>>>>>>>>>
>>>>>>>>>> Very much thanks,
>>>>>>>>>> Fumihide Tani
>>>>>>>>>>
>>>>>>>>>> (2014/09/25 7:27), Alon Bar-Lev wrote:
>>>>>>>>>>> This is severe, the upgrade is not working properly you have issues
>>>>>>>>>>> with
>>>>>>>>>>> accessing database.
>>>>>>>>>>> If database is not important I suggest a fresh install, run
>>>>>>>>>>> engine-cleanup
>>>>>>>>>>> then engine-setup.
>>>>>>>>>>> If database is important please forward this to devel mailing list
>>>>>>>>>>> for
>>>>>>>>>>> someone to help, regardless of LDAP.
>>>>>>>>>>> Regards,
>>>>>>>>>>> Alon
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 4-09-25 00:36:08,389 ERROR
>>>>>>>>>>> [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo]
>>>>>>>>>>> (DefaultQuartzScheduler_Worker-7) ArrayIndexOutOfBoundsException:
>>>>>>>>>>> 1:
>>>>>>>>>>> java.lang.ArrayIndexOutOfBoundsException: 1
>>>>>>>>>>> at
>>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208)
>>>>>>>>>>> [dal.jar:]
>>>>>>>>>>> at
>>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20)
>>>>>>>>>>> [dal.jar:]
>>>>>>>>>>> at
>>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184)
>>>>>>>>>>> [dal.jar:]
>>>>>>>>>>> at
>>>>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168)
>>>>>>>>>>> [dal.jar:]
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 6:40:58 PM
>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>>>>>>>
>>>>>>>>>>>> Result of running engine-setup:
>>>>>>>>>>>> [root at ovirt ~]# yum list installed|grep ovirt-engine
>>>>>>>>>>>> ovirt-engine.noarch 3.5.0-0.0.master.20140923231936.git42065cc.el6
>>>>>>>>>>>>
>>>>>>>>>>>> Yes, engine is updated to newest one.!
>>>>>>>>>>>>
>>>>>>>>>>>> But I still continued failing to login.
>>>>>>>>>>>> engine.log attached.
>>>>>>>>>>>>
>>>>>>>>>>>> Very thanks,
>>>>>>>>>>>>
>>>>>>>>>>>> (2014/09/24 23:59), Alon Bar-Lev wrote:
>>>>>>>>>>>>> you probably need to run engine-setup
>>>>>>>>>>>>>
>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:59:22 PM
>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Oops!
>>>>>>>>>>>>>> # yum list installed | grep ovirt-engine
>>>>>>>>>>>>>> ovirt-engine.noarch
>>>>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6
>>>>>>>>>>>>>> (snip)
>>>>>>>>>>>>>> .....
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Many ovirt-3.5-* modules are updated by yum today but engine is
>>>>>>>>>>>>>> not.
>>>>>>>>>>>>>> Why not updated to RC3??
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> (2014/09/24 22:42), Alon Bar-Lev wrote:
>>>>>>>>>>>>>>> Unless I am missing something, you run old engine:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 2014-09-24 22:16:24,136 INFO
>>>>>>>>>>>>>>> [org.ovirt.engine.core.bll.Backend]
>>>>>>>>>>>>>>> (MSC
>>>>>>>>>>>>>>> service thread 1-12) Running ovirt-engine
>>>>>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:21:09 PM
>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Attached engine.log with "FINEST"
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> (2014/09/24 21:32), Alon Bar-Lev wrote:
>>>>>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>>>>>>>>>>>>>>>> Cc: users at ovirt.org
>>>>>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 3:24:23 PM
>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
>>>>>>>>>>>>>>>>>> LDAP.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi, Alon,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> I have updated the oVirt 3.5 RC2 to the newest RC3 today.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> From my CentOS6.5 based oVirt Engine server and the
>>>>>>>>>>>>>>>>>> oVirt
>>>>>>>>>>>>>>>>>> Host
>>>>>>>>>>>>>>>>>> server,
>>>>>>>>>>>>>>>>>> # yum clean all
>>>>>>>>>>>>>>>>>> # yum update
>>>>>>>>>>>>>>>>>> Then rebooted these servers.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> But my LDAP problem is continued and same result as before.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> When I login to the oVirt User Portal,
>>>>>>>>>>>>>>>>>> User Name: tani
>>>>>>>>>>>>>>>>>> Password: (OpenLDAP's userPassword)
>>>>>>>>>>>>>>>>>> Domain: rxc05271.com
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> UI displays "General command validation failure."
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Please advice.
>>>>>>>>>>>>>>>>> Hopefully I can if you provide log... :)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>> Fumihide Tani
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> (2014/09/22 22:20), Alon Bar-Lev wrote:
>>>>>>>>>>>>>>>>>>> The version of engine you are using is probably out of date
>>>>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>>>> unsynced
>>>>>>>>>>>>>>>>>>> with latest ldap package (20140821064931).
>>>>>>>>>>>>>>>>>>> Please make sure you take latest from[1]
>>>>>>>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>>>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>>>>>>>>>>>>>>>>>> Cc: users at ovirt.org
>>>>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:42:52 PM
>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
>>>>>>>>>>>>>>>>>>>> LDAP.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi, Alon,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Your requested engine.log attached.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Also, I tried to login to web user portal by "tani"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> User Name: tani
>>>>>>>>>>>>>>>>>>>> Password: (OpenLDAP userPassword)
>>>>>>>>>>>>>>>>>>>> Domain: rxc05271.com
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> cause: "General command validation failure."
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Attated log includes login by "Fumihide" first, "tani"
>>>>>>>>>>>>>>>>>>>> second.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Very thanks,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> (2014/09/22 21:24), Alon Bar-Lev wrote:
>>>>>>>>>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <RXC05271 at nifty.com>
>>>>>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <alonbl at redhat.com>
>>>>>>>>>>>>>>>>>>>>>> Cc: users at ovirt.org
>>>>>>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:06:39 PM
>>>>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple
>>>>>>>>>>>>>>>>>>>>>> LDAP.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Sorry, I misunderstood.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> This is outputs after LDAP user logged in.
>>>>>>>>>>>>>>>>>>>>> Please attach log as files, not inline, easier to handle.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,638 DEBUG
>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework]
>>>>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4)
>>>>>>>>>>>>>>>>>>>>> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com',
>>>>>>>>>>>>>>>>>>>>> scope=SUB,
>>>>>>>>>>>>>>>>>>>>> deref=NEVER, sizeLimit=0, timeLimit=0,
>>>>>>>>>>>>>>>>>>>>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)',
>>>>>>>>>>>>>>>>>>>>> attrs={entryUUID,
>>>>>>>>>>>>>>>>>>>>> uid, displayName, memberOf, department, givenName, sn,
>>>>>>>>>>>>>>>>>>>>> title,
>>>>>>>>>>>>>>>>>>>>> mail},
>>>>>>>>>>>>>>>>>>>>> controls={SimplePagedResultsControl(pageSize=100,
>>>>>>>>>>>>>>>>>>>>> isCritical=false)})
>>>>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,640 DEBUG
>>>>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework]
>>>>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4)
>>>>>>>>>>>>>>>>>>>>> SearchResult: SearchResult(resultCode=0 (success),
>>>>>>>>>>>>>>>>>>>>> messageID=3,
>>>>>>>>>>>>>>>>>>>>> entriesReturned=0, referencesReturned=0,
>>>>>>>>>>>>>>>>>>>>> responseControls={SimplePagedResultsControl(pageSize=0,
>>>>>>>>>>>>>>>>>>>>> isCritical=false)})
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> >From the above I see that a search was issued:
>>>>>>>>>>>>>>>>>>>>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide)
>>>>>>>>>>>>>>>>>>>>> And no result returned.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Per previous output:
>>>>>>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>>>>>>> # tani, Users, rxc05271.com
>>>>>>>>>>>>>>>>>>>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com
>>>>>>>>>>>>>>>>>>>>> objectClass: inetOrgPerson
>>>>>>>>>>>>>>>>>>>>> objectClass: uidObject
>>>>>>>>>>>>>>>>>>>>> uid: tani
>>>>>>>>>>>>>>>>>>>>> cn: Fumihide Tani
>>>>>>>>>>>>>>>>>>>>> givenName: Fumihide
>>>>>>>>>>>>>>>>>>>>> mail: tani at rxc05271.com
>>>>>>>>>>>>>>>>>>>>> sn: Tani
>>>>>>>>>>>>>>>>>>>>> userPassword:: a3VtaXRhbg==
>>>>>>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Your user name is tani and not Fumihide.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Alon
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>
>>
>
More information about the Users
mailing list