I verified the fix against current master with multiple installs and browsers. Thanks guys!
Fix verified to work with: Firefox Version 22.0-1 Google Chrome Version 28.0.1500.95 I still noted an odd issue with Firefox Version 17.0.8-1 (Current Firefox EL6 Version). The login into the user portal succeeds and a successful login is logged, however the login remains hung at the login dialog indefinitely. Reloading the page and closing the browser does not change things. Also removing ~/<username>/.mozilla and starting fresh results in the same. Can someone else check and verify similar oddness with EL6 Firefox. - DHC On Wed, Aug 7, 2013 at 1:50 PM, Dead Horse <deadhorseconsult...@gmail.com>wrote: > I see the fix in Gerrit/GIT. Thanks guys! I will test and update results > tomorrow morning. > - DHC > > > On Wed, Aug 7, 2013 at 1:01 PM, Yair Zaslavsky <yzasl...@redhat.com>wrote: > >> >> >> ----- Original Message ----- >> > From: "Yair Zaslavsky" <yzasl...@redhat.com> >> > To: "Dead Horse" <deadhorseconsult...@gmail.com> >> > Cc: "engine-devel" <engine-devel@ovirt.org> >> > Sent: Wednesday, August 7, 2013 9:00:34 PM >> > Subject: Re: [Engine-devel] users cannot log into userportal >> > >> > >> > >> > ----- Original Message ----- >> > > From: "Dead Horse" <deadhorseconsult...@gmail.com> >> > > To: "Itamar Heim" <ih...@redhat.com> >> > > Cc: "engine-devel" <engine-devel@ovirt.org>, "Yair Zaslavsky" >> > > <yzasl...@redhat.com> >> > > Sent: Wednesday, August 7, 2013 6:14:02 PM >> > > Subject: Re: [Engine-devel] users cannot log into userportal >> > > >> > > BZ994604 (https://bugzilla.redhat.com/show_bug.cgi?id=994604) has >> been >> > > opened. >> > > - DHC >> > >> > Thanks for your help DHC, >> > This was already fixed by rnori. >> >> Of course "already fixed" comparing with current time. This was indeed a >> real issue. >> >> > >> > > >> > > >> > > On Wed, Aug 7, 2013 at 5:35 AM, Itamar Heim <ih...@redhat.com> wrote: >> > > >> > > > On 08/07/2013 12:10 AM, Dead Horse wrote: >> > > > >> > > >> I have found some steps to reproduce this easily. >> > > >> >> > > >> Start the engine bound to an AD for authentication >> > > >> log in to the user portal as an AD user which has been granted a >> Role (I >> > > >> used PowerUserRole) >> > > >> >> > > >> Result: Login will succeed >> > > >> Data from engine.log: >> > > >> 2013-08-06 15:54:10,088 INFO >> > > >> [org.ovirt.engine.core.bll.**LoginUserCommand] >> (ajp--127.0.0.1-8702-10) >> > > >> Running command: LoginUserCommand internal: false. >> > > >> 2013-08-06 15:54:10,139 INFO >> > > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.** >> > > >> AuditLogDirector] >> > > >> (ajp--127.0.0.1-8702-10) Correlation ID: 23c4709, Call Stack: null, >> > > >> Custom Event ID: -1, Message: User ovirttest logged in. >> > > >> >> > > >> log out of the user portal >> > > >> Result: log out succeeds >> > > >> Data from engine.log: >> > > >> 2013-08-06 15:54:12,448 INFO >> > > >> [org.ovirt.engine.core.bll.**LogoutUserCommand] >> (ajp--127.0.0.1-8702-2) >> > > >> Running command: LogoutUserCommand internal: false. >> > > >> 2013-08-06 15:54:12,474 INFO >> > > >> [org.ovirt.engine.core.dal.**dbbroker.auditloghandling.** >> > > >> AuditLogDirector] >> > > >> (ajp--127.0.0.1-8702-2) Correlation ID: 52a89e7d, Call Stack: null, >> > > >> Custom Event ID: -1, Message: User ovirttest logged out. >> > > >> >> > > >> As the same user log in to the user portal again but this purposely >> > > >> input the wrong password. >> > > >> Result: log in will fail >> > > >> Data from engine.log: >> > > >> 2013-08-06 15:54:20,830 ERROR >> > > >> >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication** >> > > >> Strategy] >> > > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication >> information >> > > >> was invalid (24) >> > > >> 2013-08-06 15:54:20,832 ERROR >> > > >> >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication** >> > > >> Strategy] >> > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the >> > > >> username and password. >> > > >> 2013-08-06 15:54:20,843 ERROR >> > > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher] >> > > >> (ajp--127.0.0.1-8702-7) Failed ldap search server >> > > >> LDAP://foodc02.foo.test.com:**389 <http://foodc02.foo.test.com:389> >> < >> > > >> http://foodc02.foo.test.com:**389 <http://foodc02.foo.test.com:389 >> >> >> > > >> using >> > > >> user ovirtt...@foo.test.com <mailto:ovirtt...@foo.test.com**> due >> to >> > > >> >> > > >> Authentication Failed. Please verify the username and password.. We >> > > >> should not try the next server >> > > >> 2013-08-06 15:54:20,850 ERROR >> > > >> >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication** >> > > >> Strategy] >> > > >> (ajp--127.0.0.1-8702-7) Kerberos error: Pre-authentication >> information >> > > >> was invalid (24) >> > > >> 2013-08-06 15:54:20,851 ERROR >> > > >> >> [org.ovirt.engine.core.bll.**adbroker.**GSSAPIDirContextAuthentication** >> > > >> Strategy] >> > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the >> > > >> username and password. >> > > >> 2013-08-06 15:54:20,852 ERROR >> > > >> [org.ovirt.engine.core.bll.**adbroker.DirectorySearcher] >> > > >> (ajp--127.0.0.1-8702-7) Failed ldap search server >> > > >> LDAP://foodc01.foo.test.com:**389 <http://foodc01.foo.test.com:389> >> < >> > > >> http://foodc01.foo.test.com:**389 <http://foodc01.foo.test.com:389 >> >> >> > > >> using >> > > >> user ovirtt...@foo.test.com <mailto:ovirtt...@foo.test.com**> due >> to >> > > >> >> > > >> Authentication Failed. Please verify the username and password.. We >> > > >> should not try the next server >> > > >> 2013-08-06 15:54:20,853 ERROR >> > > >> >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand] >> > > >> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to >> domain >> > > >> gso.med.ge.com <http://gso.med.ge.com>. Ldap Query Type is >> getUserByName >> > > >> >> > > >> 2013-08-06 15:54:20,854 ERROR >> > > >> >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand] >> > > >> (ajp--127.0.0.1-8702-7) Authentication Failed. Please verify the >> > > >> username and password. >> > > >> 2013-08-06 15:54:20,855 ERROR >> > > >> [org.ovirt.engine.core.bll.**LoginUserCommand] >> (ajp--127.0.0.1-8702-7) >> > > >> USER_FAILED_TO_AUTHENTICATE_**WRONG_USERNAME_OR_PASSWORD : >> ovirttest >> > > >> 2013-08-06 15:54:20,856 WARN >> > > >> [org.ovirt.engine.core.bll.**LoginUserCommand] >> (ajp--127.0.0.1-8702-7) >> > > >> CanDoAction of action LoginUser failed. >> > > >> Reasons:USER_FAILED_TO_**AUTHENTICATE_WRONG_USERNAME_**OR_PASSWORD >> > > >> >> > > >> Try again to log in as the same user this time typing the correct >> > > >> password. >> > > >> Result: Login fails! >> > > >> Data from engine.log: >> > > >> 2013-08-06 15:54:25,186 ERROR >> > > >> >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand] >> > > >> (ajp--127.0.0.1-8702-7) Failed authenticating user: ovirttest to >> domain >> > > >> gso.med.ge.com <http://gso.med.ge.com>. Ldap Query Type is >> getUserByName >> > > >> >> > > >> 2013-08-06 15:54:25,187 ERROR >> > > >> [org.ovirt.engine.core.bll.**LoginUserCommand] >> (ajp--127.0.0.1-8702-7) >> > > >> USER_FAILED_TO_AUTHENTICATE : ovirttest >> > > >> 2013-08-06 15:54:25,187 WARN >> > > >> [org.ovirt.engine.core.bll.**LoginUserCommand] >> (ajp--127.0.0.1-8702-7) >> > > >> CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_** >> > > >> AUTHENTICATE >> > > >> >> > > >> Try again with another AD user. >> > > >> Result: Login fails! >> > > >> Data from engine.log: >> > > >> 2013-08-06 15:54:38,056 ERROR >> > > >> >> [org.ovirt.engine.core.bll.**adbroker.**LdapAuthenticateUserCommand] >> > > >> (ajp--127.0.0.1-8702-5) Failed authenticating user: ovirtadmin to >> domain >> > > >> gso.med.ge.com <http://gso.med.ge.com>. Ldap Query Type is >> getUserByName >> > > >> >> > > >> 2013-08-06 15:54:38,057 ERROR >> > > >> [org.ovirt.engine.core.bll.**LoginUserCommand] >> (ajp--127.0.0.1-8702-5) >> > > >> USER_FAILED_TO_AUTHENTICATE : ovirtadmin >> > > >> 2013-08-06 15:54:38,058 WARN >> > > >> [org.ovirt.engine.core.bll.**LoginUserCommand] >> (ajp--127.0.0.1-8702-5) >> > > >> CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_** >> > > >> AUTHENTICATE >> > > >> >> > > >> Logging into the admin portal as the admin@internal user will >> yield that >> > > >> engine seems to have forgotten about and can no longer enumerate AD >> > > >> users and groups. >> > > >> engine stays in this state until it has been restarted. >> > > >> >> > > >> I also note the two following errors in the engine log file as >> well: >> > > >> 2013-08-06 15:53:41,098 ERROR >> > > >> [org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils] (MSC >> > > >> service >> > > >> thread 1-9) Could not parse option AutoRecoveryAllowedTypes value. >> > > >> 2013-08-06 15:53:41,161 ERROR >> > > >> [org.ovirt.engine.core.dal.**dbbroker.generic.**DBConfigUtils] (MSC >> > > >> service >> > > >> thread 1-9) Failed to decrypt value for property >> > > >> AttestationTruststorePass will be used encrypted value: >> > > >> javax.crypto.**BadPaddingException: Data must start with zero >> > > >> >> > > >> - DHC >> > > >> >> > > >> >> > > >> >> > > >> On Tue, Aug 6, 2013 at 1:31 PM, Dead Horse >> > > >> <deadhorseconsult...@gmail.com >> > > >> <mailto:deadhorseconsulting@**gmail.com< >> deadhorseconsult...@gmail.com> >> > > >> >> >> > > >> >> > > >> wrote: >> > > >> >> > > >> Really attaching logs from other install. >> > > >> - DHC >> > > >> >> > > >> >> > > >> On Tue, Aug 6, 2013 at 1:30 PM, Dead Horse >> > > >> <deadhorseconsult...@gmail.com >> > > >> <mailto:deadhorseconsulting@**gmail.com< >> deadhorseconsult...@gmail.com>>> >> > > >> wrote: >> > > >> >> > > >> Also I note that he login does succeed in the AD servers >> logs as >> > > >> well as the engine also acknowledges the same. However the >> login >> > > >> ends up in either the user logging in and the dialog >> sitting in >> > > >> space forever and/or the engine no longer enumerating the >> AD >> > > >> users/groups. >> > > >> >> > > >> Attached are logs from another install seeing the same >> thing. >> > > >> -DHC >> > > >> >> > > >> >> > > >> On Tue, Aug 6, 2013 at 1:20 PM, Dead Horse >> > > >> <deadhorseconsult...@gmail.com >> > > >> <mailto:deadhorseconsulting@**gmail.com< >> deadhorseconsult...@gmail.com>>> >> > > >> wrote: >> > > >> >> > > >> >> > > >> Seeing and issue where users are not able to log in. >> Also >> > > >> for some reason the engine is seemingly forgeting >> about AD >> > > >> users. Removing the AD domain via >> engine-manage-domains and >> > > >> re-adding it works for enumerating the users, however >> the >> > > >> first attempt to login as a user results in the engine >> no >> > > >> longer enumerating the users nor allowing logins. >> > > >> Attached are the pertinent logs. >> > > >> >> > > >> Engine is built and running from current master as of >> this >> > > >> morning, and was installed/built and upgraded via RPMs >> > > >> yum/engine-upgrade >> > > >> >> > > >> - DHC >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> ______________________________**_________________ >> > > >> Engine-devel mailing list >> > > >> Engine-devel@ovirt.org >> > > >> http://lists.ovirt.org/**mailman/listinfo/engine-devel< >> http://lists.ovirt.org/mailman/listinfo/engine-devel> >> > > >> >> > > >> >> > > > thanks for reproducing with such clear steps. can you please open a >> bug? >> > > > yair - can you try and reproduce as well (I tried on an older rhev >> 3.2 i >> > > > have and couldn't with the IPA provider) >> > > > >> > > >> > _______________________________________________ >> > Engine-devel mailing list >> > Engine-devel@ovirt.org >> > http://lists.ovirt.org/mailman/listinfo/engine-devel >> > >> > >
_______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
