[ovirt-users] Error authenticating bind using the AAA OpenLDAP module

Thu Jan 15 10:03:39 UTC 2015

Thanks ! Now it's working!

The problem was the absence of the line:

pool.default.auth.type = simple

It's strange, I thought that the default auth type was set to simple and I
didn't check it twice. After setting that the problem has to do about a
user/password incorrect, which is our problem because of the schema we are
using (migrated from a NIS some time ago).

The openldap_example.properties actually was a copy of openldap.properties,
I did it that way to customize it to our  schema, but in a first instance
it was a carbon copy of the original.

Thanks again !

Bruno

On Thu, Jan 15, 2015 at 10:43 AM, Ondra Machacek <omachace at redhat.com>
wrote:

> On 01/15/2015 10:36 AM, Alon Bar-Lev wrote:
>
>>
>>
>> ----- Original Message -----
>>
>>> From: "Bruno Rodriguez" <bruno at pic.es>
>>> To: "Ondra Machacek" <omachace at redhat.com>
>>> Cc: "Esther Accion" <esthera at pic.es>, users at ovirt.org
>>> Sent: Thursday, January 15, 2015 11:20:57 AM
>>> Subject: Re: [ovirt-users] Error authenticating bind using the AAA
>>> OpenLDAP     module
>>>
>>> Thank you very much,
>>>
>>> using the following ldap.example.org file:
>>>
>>> ---------------------
>>>
>>> include = <openldap_example.properties>
>>> include = <rfc2307.properties>
>>>
>>
>> what do you have in openldap_example.properties?
>>
>
> It seems you have specified anonymous bind in openldap_example.properties.
> You should probably try it with original one (openldap.properties).
>
>
>
>>  vars.server = ldap1.example.org
>>> #vars.user = cn=authenticate,ou=System,dc=example,dc=org
>>> #vars.password = XXXXXXXXX
>>>
>>
>> why have you commented out the vars?
>> you should have just removed the quotes from vars.password and keep
>> bellow as-is.
>>
>>  pool.default.serverset.single.server = ${global:vars.server}
>>> pool.default.auth.simple.bindDN = cn=authenticate,ou=System,dc=
>>> example,dc=org
>>> pool.default.auth.simple.password = XXXXXXXXX
>>>
>>> pool.default.ssl.startTLS = true
>>> pool.default.ssl.truststore.file =
>>> /etc/ovirt-engine/extensions.d/ldap.example.org_keystore.jks
>>> pool.default.ssl.truststore.password = XXXXXXXXX
>>>
>>> ---------------------
>>>
>>> Then I get the following in the engine log:
>>>
>>>
>>> 2015-01-15 10:04:15,250 ERROR
>>> [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand]
>>> (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class
>>> org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedEx
>>> ception
>>> Input:
>>> {Extkey[name=AAA_AUTHN_CREDENTIALS;type=class
>>> java.lang.String;uuid=AAA_AUTHN_CREDENTIALS[03b96485-
>>> 4bb5-4592-8167-810a5c909706];]=***,
>>> Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class
>>> org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[
>>> 886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=
>>> EXTENSION_INTERFACE_VERSION_MAX;type=class
>>> java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_
>>> MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0,
>>> Extkey[name=EXTENSION_LICENSE;type=class
>>> java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-
>>> 054c-4e31-9c6d-1ca4d60a4c18];]=ASL
>>> 2.0, Extkey[name=EXTENSION_NOTES;type=class
>>> java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-
>>> 4584-aaff-97f66978e4ea];]=Display
>>> name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6,
>>> Extkey[name=EXTENSION_HOME_URL;type=class
>>> java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-
>>> f969-42d4-b399-72d192e18304];]=
>>> http://www.ovirt.org ,Extkey[name=EXTENSION_LOCALE;type=class
>>> java.lang.String;uuid=EXTENSION_LOCALE[0780b112-
>>> 0ce0-404a-b85e-8765d778bb29];]=en_US,
>>> Extkey[name=EXTENSION_NAME;type=class
>>> java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-
>>> 4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authn,
>>> Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class
>>> java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_
>>> MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0,
>>> Extkey[name=EXTENSION_CONFIGURATION;type=class
>>> java.util.Properties;uuid=EXTENSION_CONFIGURATION[
>>> 2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***,
>>> Extkey[name=EXTENSION_AUTHOR;type=class
>>> java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-
>>> 2dad-4bc5-9aad-e07018b7fbcc];]=The
>>> oVirt Project, Extkey[name=EXTENSION_INSTANCE_NAME;type=class
>>> java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-
>>> 8674327f011b];]=
>>> authn-ldap.example.org ,
>>> Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class
>>> java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_
>>> VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0,
>>> Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface
>>> java.util.Collection;uuid=EXTENSION_CONFIGURATION_
>>> SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[],
>>> Extkey[name=AAA_AUTHN_CAPABILITIES;type=class
>>> java.lang.Long;uuid=AAA_AUTHN_CAPABILITIES[9d16bee3-10fd-
>>> 46f2-83f9-3d3c54cf258d];]=12,
>>> Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class
>>> org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[
>>> 9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*,
>>> Extkey[name=EXTENSION_VERSION;type=class
>>> java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-
>>> 8239-4bdb-ab1a-af9f779ce68c];]=1.0.0,
>>> Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface
>>> org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[
>>> 863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger(
>>> org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-
>>> engine-extension-aaa-ldap.authn.authn-ldap.example.org
>>> ), Extkey[name=EXTENSION_PROVIDES;type=interface
>>> java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-
>>> 65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.
>>> extensions.aaa.Authn]},
>>> Extkey[name=AAA_AUTHN_USER;type=class
>>> java.lang.String;uuid=AAA_AUTHN_USER[1ceaba26-1bdc-4663-
>>> a3c6-5d926f9dd8f0];]=bruno,
>>> Extkey[name=EXTENSION_INVOKE_COMMAND;type=class
>>> org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[
>>> 485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHN_
>>> AUTHENTICATE_CREDENTIALS[d9605c75-6b43-4b00-b32c-06bdfa80244c]}
>>> Output:
>>> {Extkey[name=EXTENSION_INVOKE_RESULT;type=class
>>> java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-
>>> 099c772ddd4e];]=2,
>>> Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class
>>> java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-
>>> b8bdb72f5893];]=anonymous
>>> bind disallowed}
>>>
>>
>> error: anonymous bind disallowed
>>
>> can you please enable debug per what I instructed last time and send a
>> complete log?
>>
>>
>>> -----------------------------------
>>>
>>> And this is the ldap connection log:
>>>
>>> /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 fd=114
>>> ACCEPT from IP=192.168.XX.XX:41469 (IP= 0.0.0.0:389 )
>>> /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 op=0
>>> EXT
>>> oid=1.3.6.1.4.1.1466.20037
>>> /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 op=0
>>> STARTTLS
>>> /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 op=0
>>> RESULT
>>> oid= err=0 text=
>>> /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 fd=114
>>> TLS
>>> established tls_ssf=128 ssf=128
>>> /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 op=1
>>> BIND
>>> dn="cn=authenticate,ou=System,dc=example,dc=org" method=128
>>> /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 op=1
>>> BIND
>>> dn="cn=authenticate,ou=System,dc=example,dc=org" mech=SIMPLE ssf=0
>>> /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 op=1
>>> RESULT
>>> tag=97 err=0 text=
>>>
>>> -----------------------------------
>>>
>>> It looks like it got the dn correctly but it's unable to bind anyway ...
>>>
>>> Thank you,
>>>
>>> Bruno
>>>
>>>
>>> On Wed, Jan 14, 2015 at 5:50 PM, Ondra Machacek < omachace at redhat.com >
>>> wrote:
>>>
>>>
>>> Hi,
>>>
>>> On 01/14/2015 04:53 PM, Bruno Rodriguez wrote:
>>>
>>>
>>> Good afternoon,
>>>
>>> We cannot access to Ovirt using LDAP authentication against our openldap
>>> server. We created the following files in /etc/ovirt-engine/extensions.d
>>> (the organization name is not example.org < http://example.org > and the
>>> passwords are not XXXXXXXX, obviously) :
>>>
>>> ----------- /etc/ovirt-engine/extensions. d/ ldap.example.org
>>> < http://ldap.example.org > -----------
>>>
>>> include = <openldap_example.properties>
>>>
>>> vars.server = ldap1.example.org < http://ldap1.example.org >
>>> vars.user = cn=authenticate,ou=System,dc= example,dc=org
>>> vars.password = "XXXXXXXX"
>>>
>>> pool.default.serverset.single. server = ${global:vars.server}
>>> pool.default.auth.simple. bindDN = ${global:vars.user}
>>> pool.default.auth.simple. password = ${global:vars.password}
>>>
>>> pool.default.ssl.startTLS = true
>>> pool.default.ssl.truststore. file =
>>> /etc/ovirt-engine/extensions. d/ldap.example.org_keystore. jks
>>> pool.default.ssl.truststore. password = XXXXXXXX
>>>
>>> -----------
>>> /etc/ovirt-engine/extensions. d/ authn-ldap.example.org . properties
>>> -----------
>>>
>>> ovirt.engine.extension.name < http://ovirt.engine. extension.name > =
>>> authn-ldap.example.org < http://authn-ldap.example.org >
>>> ovirt.engine.extension. bindings.method = jbossmodule
>>> ovirt.engine.extension. binding.jbossmodule.module =
>>> org.ovirt.engine-extensions. aaa.ldap
>>> ovirt.engine.extension. binding.jbossmodule.class =
>>> org.ovirt.engineextensions. aaa.ldap.AuthnExtension
>>> ovirt.engine.extension. provides = org.ovirt.engine.api.
>>> extensions.aaa.Authn
>>>
>>> ovirt.engine.aaa.authn. profile.name
>>> < http://ovirt.engine.aaa. authn.profile.name > = ldap.example.org
>>> < http://ldap.example.org >
>>> ovirt.engine.aaa.authn.authz. plugin = authz-ldap.example.org
>>> < http://authz-ldap.example.org >
>>>
>>> config.profile.file.1 = /etc/ovirt-engine/extensions. d/
>>> ldap.example.org
>>> < http://ldap.example.org >
>>>
>>> -----------
>>> /etc/ovirt-engine/extensions. d/ authz-ldap.example.org . properties
>>> -----------
>>>
>>> ovirt.engine.extension.name < http://ovirt.engine. extension.name > =
>>> authz-ldap.example.org < http://authz-ldap.example.org >
>>> ovirt.engine.extension. bindings.method = jbossmodule
>>> ovirt.engine.extension. binding.jbossmodule.module =
>>> org.ovirt.engine-extensions. aaa.ldap
>>> ovirt.engine.extension. binding.jbossmodule.class =
>>> org.ovirt.engineextensions. aaa.ldap.AuthzExtension
>>>
>>> ovirt.engine.extension. provides = org.ovirt.engine.api.
>>> extensions.aaa.Authz
>>> config.profile.file.1 = /etc/ovirt-engine/extensions. d/
>>> ldap.example.org
>>> < http://ldap.example.org >
>>>
>>> ------------------------------ ------------------
>>>
>>> After all of this we restarted the service and tried to access via the
>>> administration portal. The JKS has the right permissions and contains
>>> the TLS CA, the password is correct and the user "esthera" exists. But
>>> when we try to log in, we obtain the following error in the engine.log
>>> (we already set the verbosity to ALL):
>>>
>>> ------------------------------ ------------------
>>>
>>> 2015-01-14 16:35:25,750 ERROR
>>> [org.ovirt.engine.core.bll. aaa.LoginAdminUserCommand]
>>> (ajp--127.0.0.1-8702-6) Error during CanDoActionFailure.: Class: class
>>> org.ovirt.engine.core. extensions.mgr. ExtensionInvokeCommandFailedEx
>>> ception
>>> Input:
>>> {Extkey[name=AAA_AUTHN_ CREDENTIALS;type=class
>>> java.lang.String;uuid=AAA_ AUTHN_CREDENTIALS[03b96485-
>>> 4bb5-4592-8167-810a5c909706];] =***,
>>> Extkey[name=EXTENSION_INVOKE_ CONTEXT;type=class
>>> org.ovirt.engine.api. extensions.ExtMap;uuid= EXTENSION_INVOKE_CONTEXT[
>>> 886d2ebb-312a-49ae-9cc3- e1f849834b7d];]={Extkey[name=
>>> EXTENSION_INTERFACE_VERSION_ MAX;type=class
>>> java.lang.Integer;uuid= EXTENSION_INTERFACE_VERSION_
>>> MAX[f4cff49f-2717-4901-8ee9- df362446e3e7];]=0,
>>> Extkey[name=EXTENSION_LICENSE; type=class
>>> java.lang.String;uuid= EXTENSION_LICENSE[8a61ad65-
>>> 054c-4e31-9c6d-1ca4d60a4c18];] =ASL
>>> 2.0, Extkey[name=EXTENSION_NOTES; type=class
>>> java.lang.String;uuid= EXTENSION_NOTES[2da5ad7e-185a-
>>> 4584-aaff-97f66978e4ea];]= Display
>>> name: ovirt-engine-extension-aaa- ldap-1.0.0-1.el6,
>>> Extkey[name=EXTENSION_HOME_ URL;type=class
>>> java.lang.String;uuid= EXTENSION_HOME_URL[4ad7a2f4-
>>> f969-42d4-b399-72d192e18304];] = http://www.ovirt.org
>>> < http://www.ovirt.org/ >, Extkey[name=EXTENSION_LOCALE; type=class
>>> java.lang.String;uuid= EXTENSION_LOCALE[0780b112-
>>> 0ce0-404a-b85e-8765d778bb29];] =en_US,
>>> Extkey[name=EXTENSION_NAME; type=class
>>> java.lang.String;uuid= EXTENSION_NAME[651381d3-f54f-
>>> 4547-bf28-b0b01a103184];]= ovirt-engine-extension-aaa- ldap.authn,
>>> Extkey[name=EXTENSION_ INTERFACE_VERSION_MIN;type= class
>>> java.lang.Integer;uuid= EXTENSION_INTERFACE_VERSION_
>>> MIN[2b84fc91-305b-497b-a1d7- d961b9d2ce0b];]=0,
>>> Extkey[name=EXTENSION_ CONFIGURATION;type=class
>>> java.util.Properties;uuid= EXTENSION_CONFIGURATION[
>>> 2d48ab72-f0a1-4312-b4ae-
>>> 5068a226b0fc];]=***,
>>> Extkey[name=EXTENSION_AUTHOR; type=class
>>> java.lang.String;uuid= EXTENSION_AUTHOR[ef242f7a-
>>> 2dad-4bc5-9aad-e07018b7fbcc];] =The
>>> oVirt Project, Extkey[name=EXTENSION_ INSTANCE_NAME;type=class
>>> java.lang.String;uuid= EXTENSION_INSTANCE_NAME[ 65c67ff6-aeca-4bd5-a245-
>>> 8674327f011b];]=authn-ldap.
>>> < http://authn-ldap.pic.es/ > exa mple.org < http://example.org >,
>>> Extkey[name=EXTENSION_BUILD_ INTERFACE_VERSION;type=class
>>> java.lang.Integer;uuid= EXTENSION_BUILD_INTERFACE_
>>> VERSION[cb479e5a-4b23-46f8- aed3-56a4747a8ab7];]=0,
>>> Extkey[name=EXTENSION_ CONFIGURATION_SENSITIVE_KEYS; type=interface
>>> java.util.Collection;uuid= EXTENSION_CONFIGURATION_
>>> SENSITIVE_KEYS[a456efa1-73ff- 4204-9f9b-ebff01e35263];]=[],
>>> Extkey[name=AAA_AUTHN_ CAPABILITIES;type=class
>>> java.lang.Long;uuid=AAA_AUTHN_ CAPABILITIES[9d16bee3-10fd-
>>> 46f2-83f9-3d3c54cf258d];]=12,
>>> Extkey[name=EXTENSION_GLOBAL_ CONTEXT;type=class
>>> org.ovirt.engine.api. extensions.ExtMap;uuid= EXTENSION_GLOBAL_CONTEXT[
>>> 9799e72f-7af6-4cf1-bf08- 297bc8903676];]=*skip*,
>>> Extkey[name=EXTENSION_VERSION; type=class
>>> java.lang.String;uuid= EXTENSION_VERSION[fe35f6a8-
>>> 8239-4bdb-ab1a-af9f779ce68c];] =1.0.0,
>>> Extkey[name=EXTENSION_MANAGER_ TRACE_LOG;type=interface
>>> org.slf4j.Logger;uuid= EXTENSION_MANAGER_TRACE_LOG[
>>> 863db666-3ea7-4751-9695-
>>> 918a3197ad83];]=org.slf4j. impl.Slf4jLogger(org.ovirt.
>>> engine.core.extensions.mgr. ExtensionsManager.trace.ovirt-
>>> engine-extension-aaa-ldap. authn.authn-ldap.
>>> < http://org.ovirt.engine.core. extensions.mgr.
>>> extensionsmanager.trace.ovirt- engine-extension-aaa-ldap.
>>> authn.authn-ldap.pic.es/ > examp le.org
>>> < http://example.org >), Extkey[name=EXTENSION_ PROVIDES;type=interface
>>> java.util.Collection;uuid= EXTENSION_PROVIDES[8cf373a6-
>>> 65b5-4594-b828-0e275087de91];] =[org.ovirt.engine.api.
>>> extensions.aaa.Authn]},
>>> Extkey[name=AAA_AUTHN_USER; type=class
>>> java.lang.String;uuid=AAA_ AUTHN_USER[1ceaba26-1bdc-4663-
>>> a3c6-5d926f9dd8f0];]=esthera,
>>> Extkey[name=EXTENSION_INVOKE_ COMMAND;type=class
>>> org.ovirt.engine.api. extensions.ExtUUID;uuid= EXTENSION_INVOKE_COMMAND[
>>> 485778ab-bede-4f1a-b823- 77b262a2f28d];]=AAA_AUTHN_
>>> AUTHENTICATE_CREDENTIALS[ d9605c75-6b43-4b00-b32c- 06bdfa80244c]}
>>> Output:
>>> {Extkey[name=EXTENSION_INVOKE_ RESULT;type=class
>>> java.lang.Integer;uuid= EXTENSION_INVOKE_RESULT[ 0909d91d-8bde-40fb-b6c0-
>>> 099c772ddd4e];]=2,
>>> Extkey[name=EXTENSION_INVOKE_ MESSAGE;type=class
>>> java.lang.String;uuid= EXTENSION_INVOKE_MESSAGE[ b7b053de-dc73-4bf7-9d26-
>>> b8bdb72f5893];]=invalid
>>> credentials}
>>>
>>> ------------------------------ ------------------
>>>
>>> Having a look at the LDAP log we check that there is a "invalid
>>> credentials" error while binding, but we are sure that the bind password
>>> is the right one. We already tried to set the bind password without
>>> quotes, but then the DN user then appear as an empty string ("")
>>>
>>> I think problem is here. That's really strange, you have to use the
>>> password
>>> without quotes.
>>>
>>> Can you please try to set:
>>> pool.default.auth.simple. bindDN = cn=authenticate,ou=System,dc=
>>> example,dc=org
>>> pool.default.auth.simple. password = XXXXXX
>>>
>>> just without the variables. if the DN is not empty now.
>>>
>>>
>>>
>>>
>>> ------------------------------ ------------------
>>>
>>> [root at ldap1 ~]# grep $(grep 192.168.XX.X /var/log/ldap.log | tail -n 1 |
>>> cut -d: -f4 | cut -d\ -f2) /var/log/ldap.log
>>> Jan 14 16:35:25 ldap1 slapd[6712]: conn=1591408 fd=63 ACCEPT from
>>> IP=192.168.XX.X:39501 < http://192.168.95.2:39501/ > (IP= 0.0.0.0:389
>>> < http://0.0.0.0:389/ >)
>>>
>>> Jan 14 16:35:25 ldap1 slapd[6712]: conn=1591408 op=0 EXT
>>> oid=1.3.6.1.4.1.1466.20037
>>> Jan 14 16:35:25 ldap1 slapd[6712]: conn=1591408 op=0 STARTTLS
>>> Jan 14 16:35:25 ldap1 slapd[6712]: conn=1591408 op=0 RESULT oid= err=0
>>> text=
>>> Jan 14 16:35:25 ldap1 slapd[6712]: conn=1591408 fd=63 TLS established
>>> tls_ssf=128 ssf=128
>>> Jan 14 16:35:25 ldap1 slapd[6712]: conn=1591408 op=1 BIND
>>> dn="cn=authenticate,ou=System, dc=example,dc=org" method=128
>>> Jan 14 16:35:25 ldap1 slapd[6712]: conn=1591408 op=1 RESULT tag=97
>>> err=49 text=
>>> Jan 14 16:35:25 ldap1 slapd[6712]: conn=1591408 op=2 UNBIND
>>> Jan 14 16:35:25 ldap1 slapd[6712]: conn=1591408 fd=63 closed
>>>
>>> ------------------------------ ------------------
>>>
>>> By the way, the Ovirt manager (ovmgr) machine can query correctly the
>>> openldap server and retrieves everything OK
>>>
>>> ------------------------------ ------------------
>>>
>>> [root at ovmgr extensions.d]# ldapsearch -ZZ -D
>>> cn=authenticate,ou=System,dc= example,dc=org -W
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <dc=example,dc=org> (default) with scope subtree
>>> # filter: (objectclass=*)
>>> # requesting: ALL
>>> #
>>>
>>> # pic.es < http://pic.es/ >
>>> dn: dc=example,dc=org
>>> dc: pic
>>> objectClass: top
>>> objectClass: domain
>>>
>>> ------------------------------ ------------------
>>>
>>> Did anybody had a similar problem ? Is there anything that we didn't
>>> check ?
>>>
>>> Thanks in advance !
>>>
>>> --
>>> Bruno Rodríguez Rodríguez
>>>
>>>
>>>
>>> This body part will be downloaded on demand.
>>>
>>>
>>>
>>>
>>> --
>>> Bruno Rodríguez Rodríguez
>>>
>>> PIC (Port d'Informació Científica)
>>> Campus UAB, Edificio D
>>> E-08193 Bellaterra, Barcelona
>>> Tel: +34 93 581 33 22
>>>
>>> "Si algo me ha enseñado el tetris, es que los errores se acumulan y los
>>> triunfos desaparecen"
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>

-- 
Bruno Rodríguez Rodríguez

PIC (Port d'Informació Científica)
Campus UAB, Edificio D
E-08193 Bellaterra, Barcelona
Tel: +34 93 581 33 22

"Si algo me ha enseñado el tetris, es que los errores se acumulan y los
triunfos desaparecen"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150115/7fcf3f5e/attachment-0001.html>