[ovirt-users] oVirt LDAP user authentication troubleshooting

Ondra Machacek omachace at redhat.com
Mon Aug 7 10:21:29 UTC 2017


The best is to use this tool:

$ ovirt-engine-extensions-tool --log-level=FINEST aaa search
--extension-name=your-openldap-authz-name --entity-name=myuser

It prints pretty verbose output, which you can analyze.

On Mon, Aug 7, 2017 at 9:01 AM, NUNIN Roberto <Roberto.Nunin at comifar.it> wrote:
> I’ve two oVirt 4.1.4.2-1 pods used for labs.
>
>
>
> These two pods are configured in the same way (three node with gluster)
>
>
>
> Trying to setup LDAP auth, towards the same OpenLDAP server, setup ends
> correctly in both engine VM.
>
> When I try to perform system permission modification, only one of these is
> recognizing the LDAP groups and allow setup and next users belonging to
> defined groups to log-in and perform assigned level tasks.
>
>
>
> On the second engine, system permissions, even if it recognize the LDAP
> domain (it appear in the selection box for search base) do not find nothing,
> groups or individuals.
>
> How to analyze this ? I wasn’t able to find logs useful for troubleshooting.
>
>
>
> Setup ended correctly with both Login and Search tasks complete successful.
>
> Thanks
>
>
>
> Roberto
>
>
>
>
>
>
>
>
>
>
> ________________________________
>
> Questo messaggio e' indirizzato esclusivamente al destinatario indicato e
> potrebbe contenere informazioni confidenziali, riservate o proprietarie.
> Qualora la presente venisse ricevuta per errore, si prega di segnalarlo
> immediatamente al mittente, cancellando l'originale e ogni sua copia e
> distruggendo eventuali copie cartacee. Ogni altro uso e' strettamente
> proibito e potrebbe essere fonte di violazione di legge.
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you have
> received it in error, please notify the sender immediately, deleting the
> original and all copies and destroying any hard copies. Any other use is
> strictly prohibited and may be unlawful.
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>


More information about the Users mailing list