[ovirt-users] AAA/ldap/3.6 Issues - WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization.
David LeVene
David.LeVene at blackboard.com
Thu Jan 14 23:50:07 EST 2016
Hey,
I'm running into an issue which I'm not sure where to go from here. I'm trying to use LDAP authentication and am following the setup guide from here
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
I have tested the ldap credentials manually using ldapsearch, and I get results as expected with the user I'm binding with - but when I use ovirt I run into problems.
I hope someone can provide me some guidance, or other things to try!
DNS resolves;
Can manually do ldap lookups using ldapsearch
Can telnet to hostname 389 successfully
Below are the steps taken;
# ovirt-engine-extension-aaa-ldap-setup
[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log
Version: otopi-1.4.0 (otopi-1.4.0-1.el7.centos)
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment customization
Welcome to LDAP extension configuration program
Please specify profile name that will be visible to users: LDAP
Available LDAP implementations:
1 - 389ds
2 - 389ds RFC-2307 Schema
3 - Active Directory
4 - IPA
5 - Novell eDirectory RFC-2307 Schema
6 - OpenLDAP RFC-2307 Schema
7 - OpenLDAP Standard Schema
8 - Oracle Unified Directory RFC-2307 Schema
9 - RFC-2307 Schema (Generic)
10 - RHDS
11 - RHDS RFC-2307 Schema
12 - iPlanet
Please select: 1
NOTE:
It is highly recommended to use DNS resolution for LDAP server.
If for some reason you intend to use hosts or plain address disable DNS usage.
Use DNS (Yes, No) [Yes]:
Available policy method:
1 - Single server
2 - DNS domain LDAP SRV record
3 - Round-robin between multiple hosts
4 - Failover between multiple hosts
Please select: 1
Please enter host address: ldap-test-server
[ INFO ] Trying to resolve host 'ldap-test-server'
NOTE:
It is highly recommended to use secure protocol to access the LDAP server.
Protocol startTLS is the standard recommended method to do so.
Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol.
Use plain for test environments only.
Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain
[ INFO ] Connecting to LDAP using 'ldap://ldap-test-server:389'
[ INFO ] Connection succeeded
Enter search user DN (empty for anonymous): uid=ovirt-test,ou=Special Users,dc=test
Enter search user password:
[ INFO ] Attempting to bind using 'uid=ovirt-test,ou=Special Users,dc=test'
[ INFO ] Stage: Setup validation
NOTE:
It is highly recommended to test drive the configuration before applying it into engine.
Perform at least one Login sequence and one Search sequence.
Select test sequence to execute (Done, Abort, Login, Search) [Abort]: Login
Enter search user name: uid=ovirt-test,ou=Special Users,dc=test
Enter search user password:
[ INFO ] Executing login sequence...
Login output:
2016-01-15 15:13:25 INFO ========================================================================
2016-01-15 15:13:25 INFO ============================ Initialization ============================
2016-01-15 15:13:25 INFO ========================================================================
2016-01-15 15:13:25 INFO Loading extension 'LDAP-authn'
2016-01-15 15:13:25 INFO Extension 'LDAP-authn' loaded
2016-01-15 15:13:25 INFO Loading extension 'LDAP-authz'
2016-01-15 15:13:25 INFO Extension 'LDAP-authz' loaded
2016-01-15 15:13:25 INFO Initializing extension 'LDAP-authn'
2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool 'authz'
2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
2016-01-15 15:13:25 INFO Extension 'LDAP-authn' initialized
2016-01-15 15:13:25 INFO Initializing extension 'LDAP-authz'
2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Creating LDAP pool 'authz'
2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
2016-01-15 15:13:25 INFO Extension 'LDAP-authz' initialized
2016-01-15 15:13:25 INFO Start of enabled extensions list
2016-01-15 15:13:25 INFO Instance name: 'LDAP-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authn.properties', Initialized: 'true'
2016-01-15 15:13:25 INFO Instance name: 'LDAP-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authz.properties', Initialized: 'true'
2016-01-15 15:13:25 INFO End of enabled extensions list
2016-01-15 15:13:25 INFO ========================================================================
2016-01-15 15:13:25 INFO ============================== Execution ===============================
2016-01-15 15:13:25 INFO ========================================================================
2016-01-15 15:13:25 INFO Profile='LDAP' authn='LDAP-authn' authz='LDAP-authz' mapping='null'
2016-01-15 15:13:25 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS user='uid=ovirt-test,ou=Special Users,dc=test'
2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool 'authz'
2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
2016-01-15 15:13:25 SEVERE An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server
[ ERROR ] Sequence failed
Select test sequence to execute (Done, Abort, Login, Search) [Abort]:
[ ERROR ] Failed to execute stage 'Setup validation': Aborted by user
[ INFO ] Stage: Clean up
Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log:
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
This email and any attachments may contain confidential and proprietary information of Blackboard that is for the sole use of the intended recipient. If you are not the intended recipient, disclosure, copying, re-distribution or other use of any of this information is strictly prohibited. Please immediately notify the sender and delete this transmission if you received this email in error.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160115/64c11735/attachment-0001.html>
More information about the Users
mailing list