from:"tbural"

[ovirt-users] LDAP auth error "server_error: Cannot locate principal"

2021-07-21 Thread tbural

Trying to configure LDAP auth on engine. After adding user from LDAP i cannot 
login with this error "server_error: Cannot locate principal"
Errors from engine.log
2021-06-30 17:24:23,830+05 ERROR 
[org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-5) 
[686f77b] Internal Server Error: Cannot locate principal 'Domain Reader'
2021-06-30 17:24:23,830+05 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] 
(default task-5) [686f77b] Cannot locate principal 'Domain Reader'
2021-06-30 17:24:23,851+05 ERROR 
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-5) 
[686f77b] server_error: Cannot locate principal 'Domain Reader'
How i can fix this error?

ovirt 4.3.10
Config /etc/ovirt-engine/aaa/openldap_rfc.properties:
include = 

vars.server = LDAP.testdom.local
vars.user = CN=Domain Reader,OU=AD,OU=SERVICE,DC=testdom,DC=local
vars.password = password

pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = single
pool.default.serverset.single.server = ${global:vars.server}
pool.default.ssl.startTLS = tlocale
pool.default.ssl.insecure = tlocale

attrmap.map-principal-record.attr.PrincipalRecord_ID.map = uid
attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = cn

#LDAP value changes
sequence.openldap-init-vars.030.var-set.value = entryUUID, uid, cn, givenName, 
sn, Email
sequence.openldap-init-vars.040.var-set.value = 
(objectClass=posixAccount)(uid=*)
sequence.openldap-init-vars.050.var-set.value = entryUUID, uid
sequence.openldap-init-vars.060.var-set.value = (objectClass=posixGroup)
sequence.openldap-init-vars.070.var-set.value = membelocalid

User attribures:
ovirt-engine-extensions-tool aaa search --extension-name=openldap_rfc-authz 
--entity=principal --entity-name=domreader
2021-07-21 17:14:33,805+05 INFO

2021-07-21 17:14:33,833+05 INFO Initialization 

2021-07-21 17:14:33,833+05 INFO

2021-07-21 17:14:33,878+05 INFOLoading extension 'internal-authz'
2021-07-21 17:14:33,885+05 INFOExtension 'internal-authz' loaded
--
2021-07-21 17:14:35,885+05 INFO

2021-07-21 17:14:35,886+05 INFO== Execution 
===
2021-07-21 17:14:35,886+05 INFO

2021-07-21 17:14:35,886+05 INFOIteration: 0
2021-07-21 17:14:35,891+05 INFO--- Begin QueryFilterRecord ---
2021-07-21 17:14:35,892+05 INFOAAA_AUTHZ_QUERY_FILTER_OPERATOR: 102
2021-07-21 17:14:35,892+05 INFOAAA_AUTHZ_QUERY_ENTITY: 
AAA_AUTHZ_QUERY_ENTITY_PRINCIPAL[1695cd36-4656-474f-b7bc-4466e12634e4]
2021-07-21 17:14:35,893+05 INFO  --- Begin QueryFilterRecord ---
2021-07-21 17:14:35,893+05 INFO  AAA_AUTHZ_QUERY_FILTER_OPERATOR: 0
2021-07-21 17:14:35,894+05 INFO  AAA_AUTHZ_QUERY_FILTER_KEY: 
Extkey[name=AAA_AUTHZ_PRINCIPAL_NAME;type=class 
java.lang.String;uuid=AAA_AUTHZ_PRINCIPAL_NAME[a0df5bcc-6ead-40a2-8565-2f5cc8773bdd];]
2021-07-21 17:14:35,894+05 INFO  AAA_AUTHZ_PRINCIPAL_NAME: domreader
2021-07-21 17:14:35,894+05 INFO  --- End QueryFilterRecord ---
2021-07-21 17:14:35,895+05 INFO--- End QueryFilterRecord ---
2021-07-21 17:14:35,895+05 INFOAPI: -->Authz.InvokeCommands.QUERY_OPEN 
namespace='dc=testdom,dc=local'
2021-07-21 17:14:35,904+05 INFOAPI: <--Authz.InvokeCommands.QUERY_OPEN
2021-07-21 17:14:35,904+05 INFOAPI: -->Authz.InvokeCommands.QUERY_EXECUTE
2021-07-21 17:16:04,079+05 INFOAPI: <--Authz.InvokeCommands.QUERY_EXECUTE 
count=1
2021-07-21 17:16:04,080+05 INFO--- Begin PrincipalRecord ---
2021-07-21 17:16:04,081+05 INFOAAA_AUTHZ_PRINCIPAL_PRINCIPAL: Domain Reader
2021-07-21 17:16:04,081+05 INFOAAA_AUTHZ_PRINCIPAL_LAST_NAME: Reader
2021-07-21 17:16:04,081+05 INFOAAA_LDAP_UNBOUNDID_DN: cn=Domain 
Reader,ou=AD,ou=SERVICE,dc=testdom,dc=local
2021-07-21 17:16:04,082+05 INFOAAA_AUTHZ_PRINCIPAL_NAMESPACE: 
dc=testdom,dc=local
2021-07-21 17:16:04,082+05 INFOAAA_AUTHZ_PRINCIPAL_ID: domreader
2021-07-21 17:16:04,082+05 INFOAAA_AUTHZ_PRINCIPAL_DISPLAY_NAME: Domain 
Reader
2021-07-21 17:16:04,083+05 INFOAAA_AUTHZ_PRINCIPAL_NAME: domreader
2021-07-21 17:16:04,083+05 INFOAAA_AUTHZ_PRINCIPAL_FIRST_NAME: Domain
2021-07-21 17:16:04,083+05 INFO--- End   PrincipalRecord ---
2021-07-21 17:16:04,084+05 INFOAPI: -->Authz.InvokeCommands.QUERY_EXECUTE
2021-07-21 17:16:04,084+05 INFOAPI: <--Authz.InvokeCommands.QUERY_EXECUTE 
count=END
2021-07-21 17:16:04,084+05 INFOAPI: -->Authz.InvokeCommands.QUERY_CLOSE
2021-07-21 17:16:04,084+05 INFOAPI: <--Authz.InvokeCommands.QUERY_CLOSE

Trying to auth using

[ovirt-users] Re: Gluster bricks error

2021-07-21 Thread tbural

Hello. What the replica count you using on that gluster volume?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/H42PBPXV24BD6KS3S2ILN34FTV6WD5SY/

[ovirt-users] LDAP auth error "server_error: Cannot locate principal"

[ovirt-users] Re: Gluster bricks error

2 matches

Site Navigation

Mail list logo

Footer information