[ovirt-users] AAA/ldap/3.6 Issues - WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization.

David LeVene David.LeVene at blackboard.com
Thu Jan 14 23:50:07 EST 2016


Hey,

I'm running into an issue which I'm not sure where to go from here. I'm trying to use LDAP authentication and am following the setup guide from here

https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD


I have tested the ldap credentials manually using ldapsearch, and I get results as expected with the user I'm binding with - but when I use ovirt I run into problems.

I hope someone can provide me some guidance, or other things to try!

DNS resolves;
Can manually do  ldap lookups using ldapsearch
Can telnet to hostname 389 successfully

Below are the steps taken;

# ovirt-engine-extension-aaa-ldap-setup
[ INFO  ] Stage: Initializing
[ INFO  ] Stage: Environment setup
          Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
          Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log
          Version: otopi-1.4.0 (otopi-1.4.0-1.el7.centos)
[ INFO  ] Stage: Environment packages setup
[ INFO  ] Stage: Programs detection
[ INFO  ] Stage: Environment customization
          Welcome to LDAP extension configuration program
          Please specify profile name that will be visible to users: LDAP
          Available LDAP implementations:
           1 - 389ds
           2 - 389ds RFC-2307 Schema
           3 - Active Directory
           4 - IPA
           5 - Novell eDirectory RFC-2307 Schema
           6 - OpenLDAP RFC-2307 Schema
           7 - OpenLDAP Standard Schema
           8 - Oracle Unified Directory RFC-2307 Schema
           9 - RFC-2307 Schema (Generic)
          10 - RHDS
          11 - RHDS RFC-2307 Schema
          12 - iPlanet
          Please select: 1
          NOTE:
          It is highly recommended to use DNS resolution for LDAP server.
          If for some reason you intend to use hosts or plain address disable DNS usage.
          Use DNS (Yes, No) [Yes]:
          Available policy method:
           1 - Single server
           2 - DNS domain LDAP SRV record
           3 - Round-robin between multiple hosts
           4 - Failover between multiple hosts
          Please select: 1
          Please enter host address: ldap-test-server
[ INFO  ] Trying to resolve host 'ldap-test-server'
          NOTE:
          It is highly recommended to use secure protocol to access the LDAP server.
          Protocol startTLS is the standard recommended method to do so.
          Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol.
          Use plain for test environments only.
          Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain
[ INFO  ] Connecting to LDAP using 'ldap://ldap-test-server:389'
[ INFO  ] Connection succeeded
          Enter search user DN (empty for anonymous): uid=ovirt-test,ou=Special Users,dc=test
          Enter search user password:
[ INFO  ] Attempting to bind using 'uid=ovirt-test,ou=Special Users,dc=test'
[ INFO  ] Stage: Setup validation
          NOTE:
          It is highly recommended to test drive the configuration before applying it into engine.
          Perform at least one Login sequence and one Search sequence.
          Select test sequence to execute (Done, Abort, Login, Search) [Abort]: Login
          Enter search user name: uid=ovirt-test,ou=Special Users,dc=test
          Enter search user password:
[ INFO  ] Executing login sequence...
          Login output:
          2016-01-15 15:13:25 INFO    ========================================================================
          2016-01-15 15:13:25 INFO    ============================ Initialization ============================
          2016-01-15 15:13:25 INFO    ========================================================================
          2016-01-15 15:13:25 INFO    Loading extension 'LDAP-authn'
          2016-01-15 15:13:25 INFO    Extension 'LDAP-authn' loaded
          2016-01-15 15:13:25 INFO    Loading extension 'LDAP-authz'
          2016-01-15 15:13:25 INFO    Extension 'LDAP-authz' loaded
          2016-01-15 15:13:25 INFO    Initializing extension 'LDAP-authn'
          2016-01-15 15:13:25 INFO    [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool 'authz'
          2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389:  java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
          2016-01-15 15:13:25 INFO    Extension 'LDAP-authn' initialized
          2016-01-15 15:13:25 INFO    Initializing extension 'LDAP-authz'
          2016-01-15 15:13:25 INFO    [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Creating LDAP pool 'authz'
          2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389:  java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
          2016-01-15 15:13:25 INFO    Extension 'LDAP-authz' initialized
          2016-01-15 15:13:25 INFO    Start of enabled extensions list
          2016-01-15 15:13:25 INFO    Instance name: 'LDAP-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0',  File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authn.properties', Initialized: 'true'
          2016-01-15 15:13:25 INFO    Instance name: 'LDAP-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0',  File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authz.properties', Initialized: 'true'
          2016-01-15 15:13:25 INFO    End of enabled extensions list
          2016-01-15 15:13:25 INFO    ========================================================================
          2016-01-15 15:13:25 INFO    ============================== Execution ===============================
          2016-01-15 15:13:25 INFO    ========================================================================
          2016-01-15 15:13:25 INFO    Profile='LDAP' authn='LDAP-authn' authz='LDAP-authz' mapping='null'
          2016-01-15 15:13:25 INFO    API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS user='uid=ovirt-test,ou=Special Users,dc=test'
          2016-01-15 15:13:25 INFO    [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool 'authz'
          2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389:  java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
          2016-01-15 15:13:25 SEVERE  An error occurred while attempting to connect to server ldap-test-server:389:  java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389:  java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
[ ERROR ] Sequence failed
          Select test sequence to execute (Done, Abort, Login, Search) [Abort]:
[ ERROR ] Failed to execute stage 'Setup validation': Aborted by user
[ INFO  ] Stage: Clean up
          Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log:
[ INFO  ] Stage: Pre-termination
[ INFO  ] Stage: Termination


This email and any attachments may contain confidential and proprietary information of Blackboard that is for the sole use of the intended recipient. If you are not the intended recipient, disclosure, copying, re-distribution or other use of any of this information is strictly prohibited. Please immediately notify the sender and delete this transmission if you received this email in error.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160115/64c11735/attachment-0001.html>


More information about the Users mailing list