[ovirt-users] AAA/ldap/3.6 Issues - WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization.
Ondra Machacek
omachace at redhat.com
Mon Jan 18 19:20:39 UTC 2016
Hi,
I can see that 'ovirt-engine-aaa-ldap-setup' successfully connect to
'ldap://bbgpvmas100.prozess.bbg:389', but later it says connection
refused on to 'bbgpvmas100.prozess.bbg/10.157.8.25:389'.
Don't you have more 'A' records set for 'bbgpvmas100.prozess.bbg'?
Can you please assure that you can run 'telnet 10.157.8.25 389' from
ovirt machine?
If yes, can you please send us debug log of
'ovirt-engine-extension-aaa-ldap-setup'.
It's stored in /tmp directory. It would be very helpful if you could
send us also debug log of migration tool, so we can see where is the
problem and fix.
Thanks in advance,
Ondra
On 01/18/2016 03:34 PM, rni at chef.net wrote:
> Hello,
>
> I'm also running in problemes moving to the new ldap authentification. Different to Davids issue, I'm running IPV4 and I'm using SAMBA 4 as AD server.
>
> Here we go with the output:
> ovirt-engine-extension-aaa-ldap-setup
> [ INFO ] Stage: Initializing
> [ INFO ] Stage: Environment setup
> Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
> Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20160118152213-nod1wm.log
> Version: otopi-1.4.0 (otopi-1.4.0-1.el6)
> [ INFO ] Stage: Environment packages setup
> [ INFO ] Stage: Programs detection
> [ INFO ] Stage: Environment customization
> Welcome to LDAP extension configuration program
> Please specify profile name that will be visible to users: prozess
> Available LDAP implementations:
> 1 - 389ds
> 2 - 389ds RFC-2307 Schema
> 3 - Active Directory
> 4 - IPA
> 5 - Novell eDirectory RFC-2307 Schema
> 6 - OpenLDAP RFC-2307 Schema
> 7 - OpenLDAP Standard Schema
> 8 - Oracle Unified Directory RFC-2307 Schema
> 9 - RFC-2307 Schema (Generic)
> 10 - RHDS
> 11 - RHDS RFC-2307 Schema
> 12 - iPlanet
> Please select: 3
> Please enter Active Directory Forest name: prozess.bbg
> [ INFO ] Resolving Global Catalog SRV record for prozess.bbg
> [ INFO ] Resolving LDAP SRV record for prozess.bbg
> NOTE:
> It is highly recommended to use secure protocol to access the LDAP server.
> Protocol startTLS is the standard recommended method to do so.
> Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol.
> Use plain for test environments only.
> Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain
> [ INFO ] Resolving SRV record 'prozess.bbg'
> [ INFO ] Connecting to LDAP using 'ldap://bbgpvmas100.prozess.bbg:389'
> [ INFO ] Connection succeeded
> Enter search user DN (empty for anonymous): oVirtAdmin at prozess.bbg
> Enter search user password:
> [ INFO ] Attempting to bind using 'oVirtAdmin at prozess.bbg'
> [ INFO ] Stage: Setup validation
> NOTE:
> It is highly recommended to test drive the configuration before applying it into engine.
> Perform at least one Login sequence and one Search sequence.
> Select test sequence to execute (Done, Abort, Login, Search) [Abort]: Login
> Enter search user name: oVirtAdmin at prozess.bbg
> Enter search user password:
> [ INFO ] Executing login sequence...
> Login output:
> 2016-01-18 15:23:22 INFORMATION ========================================================================
> 2016-01-18 15:23:22 INFORMATION ============================ Initialization ============================
> 2016-01-18 15:23:22 INFORMATION ========================================================================
> 2016-01-18 15:23:22 INFORMATION Loading extension 'prozess-authn'
> 2016-01-18 15:23:22 INFORMATION Extension 'prozess-authn' loaded
> 2016-01-18 15:23:22 INFORMATION Loading extension 'prozess-authz'
> 2016-01-18 15:23:22 INFORMATION Extension 'prozess-authz' loaded
> 2016-01-18 15:23:22 INFORMATION Initializing extension 'prozess-authn'
> 2016-01-18 15:23:22 INFORMATION [ovirt-engine-extension-aaa-ldap.authn::prozess-authn] Creating LDAP pool 'authz'
> 2016-01-18 15:23:26 WARNUNG [ovirt-engine-extension-aaa-ldap.authn::prozess-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server bbgpvmas100.prozess.bbg:389: java.io.IOException: An error occurred while attempting to establish a connection to server bbgpvmas100.prozess.bbg/10.157.8.25:389: java.net.ConnectException: Verbindungsaufbau abgelehnt
> 2016-01-18 15:23:26 INFORMATION Extension 'prozess-authn' initialized
> 2016-01-18 15:23:26 INFORMATION Initializing extension 'prozess-authz'
> 2016-01-18 15:23:26 INFORMATION [ovirt-engine-extension-aaa-ldap.authz::prozess-authz] Creating LDAP pool 'authz'
> 2016-01-18 15:23:26 WARNUNG [ovirt-engine-extension-aaa-ldap.authz::prozess-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server bbgpvmas100.prozess.bbg:389: java.io.IOException: An error occurred while attempting to establish a connection to server bbgpvmas100.prozess.bbg/10.157.8.25:389: java.net.ConnectException: Verbindungsaufbau abgelehnt
> 2016-01-18 15:23:26 INFORMATION Extension 'prozess-authz' initialized
> 2016-01-18 15:23:26 INFORMATION Start of enabled extensions list
> 2016-01-18 15:23:26 INFORMATION Instance name: 'prozess-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el6', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpEgSCuC/extensions.d/prozess-authn.properties', Initialized: 'true'
> 2016-01-18 15:23:26 INFORMATION Instance name: 'prozess-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el6', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpEgSCuC/extensions.d/prozess-authz.properties', Initialized: 'true'
> 2016-01-18 15:23:26 INFORMATION End of enabled extensions list
> 2016-01-18 15:23:26 INFORMATION ========================================================================
> 2016-01-18 15:23:26 INFORMATION ============================== Execution ===============================
> 2016-01-18 15:23:26 INFORMATION ========================================================================
> 2016-01-18 15:23:26 INFORMATION Profile='prozess' authn='prozess-authn' authz='prozess-authz' mapping='null'
> 2016-01-18 15:23:26 INFORMATION API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS user='oVirtAdmin at prozess.bbg'
> 2016-01-18 15:23:26 INFORMATION [ovirt-engine-extension-aaa-ldap.authn::prozess-authn] Creating LDAP pool 'authz'
> 2016-01-18 15:23:27 WARNUNG [ovirt-engine-extension-aaa-ldap.authn::prozess-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server bbgpvmas100.prozess.bbg:389: java.io.IOException: An error occurred while attempting to establish a connection to server bbgpvmas100.prozess.bbg/10.157.8.25:389: java.net.ConnectException: Verbindungsaufbau abgelehnt
> 2016-01-18 15:23:27 SCHWERWIEGEND An error occurred while attempting to connect to server bbgpvmas100.prozess.bbg:389: java.io.IOException: An error occurred while attempting to establish a connection to server bbgpvmas100.prozess.bbg/10.157.8.25:389: java.net.ConnectException: Verbindungsaufbau abgelehnt
> [ ERROR ] Sequence failed
> Select test sequence to execute (Done, Abort, Login, Search) [Abort]: abort
> [ ERROR ] Failed to execute stage 'Setup validation': Aborted by user
> [ INFO ] Stage: Clean up
> Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20160118152213-nod1wm.log:
> [ INFO ] Stage: Pre-termination
> [ INFO ] Stage: Termination
>
>
> Thank you for your help.
>
> Hans-Joachim
>
> BTW.: I even tried the ovirt-engine-kerbldap-migration-tool for moving.. but without success.
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list