Trying to configure LDAP auth on engine. After adding user from LDAP i cannot
login with this error "server_error: Cannot locate principal"
Errors from engine.log
2021-06-30 17:24:23,830+05 ERROR
[org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-5)
[686f77b] Internal Server Error: Cannot locate principal 'Domain Reader'
2021-06-30 17:24:23,830+05 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils]
(default task-5) [686f77b] Cannot locate principal 'Domain Reader'
2021-06-30 17:24:23,851+05 ERROR
[org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-5)
[686f77b] server_error: Cannot locate principal 'Domain Reader'
How i can fix this error?
ovirt 4.3.10
Config /etc/ovirt-engine/aaa/openldap_rfc.properties:
include =
vars.server = LDAP.testdom.local
vars.user = CN=Domain Reader,OU=AD,OU=SERVICE,DC=testdom,DC=local
vars.password = password
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = single
pool.default.serverset.single.server = ${global:vars.server}
pool.default.ssl.startTLS = tlocale
pool.default.ssl.insecure = tlocale
attrmap.map-principal-record.attr.PrincipalRecord_ID.map = uid
attrmap.map-principal-record.attr.PrincipalRecord_PRINCIPAL.map = cn
#LDAP value changes
sequence.openldap-init-vars.030.var-set.value = entryUUID, uid, cn, givenName,
sn, Email
sequence.openldap-init-vars.040.var-set.value =
(objectClass=posixAccount)(uid=*)
sequence.openldap-init-vars.050.var-set.value = entryUUID, uid
sequence.openldap-init-vars.060.var-set.value = (objectClass=posixGroup)
sequence.openldap-init-vars.070.var-set.value = membelocalid
User attribures:
ovirt-engine-extensions-tool aaa search --extension-name=openldap_rfc-authz
--entity=principal --entity-name=domreader
2021-07-21 17:14:33,805+05 INFO
2021-07-21 17:14:33,833+05 INFO Initialization
2021-07-21 17:14:33,833+05 INFO
2021-07-21 17:14:33,878+05 INFOLoading extension 'internal-authz'
2021-07-21 17:14:33,885+05 INFOExtension 'internal-authz' loaded
--
2021-07-21 17:14:35,885+05 INFO
2021-07-21 17:14:35,886+05 INFO== Execution
===
2021-07-21 17:14:35,886+05 INFO
2021-07-21 17:14:35,886+05 INFOIteration: 0
2021-07-21 17:14:35,891+05 INFO--- Begin QueryFilterRecord ---
2021-07-21 17:14:35,892+05 INFOAAA_AUTHZ_QUERY_FILTER_OPERATOR: 102
2021-07-21 17:14:35,892+05 INFOAAA_AUTHZ_QUERY_ENTITY:
AAA_AUTHZ_QUERY_ENTITY_PRINCIPAL[1695cd36-4656-474f-b7bc-4466e12634e4]
2021-07-21 17:14:35,893+05 INFO --- Begin QueryFilterRecord ---
2021-07-21 17:14:35,893+05 INFO AAA_AUTHZ_QUERY_FILTER_OPERATOR: 0
2021-07-21 17:14:35,894+05 INFO AAA_AUTHZ_QUERY_FILTER_KEY:
Extkey[name=AAA_AUTHZ_PRINCIPAL_NAME;type=class
java.lang.String;uuid=AAA_AUTHZ_PRINCIPAL_NAME[a0df5bcc-6ead-40a2-8565-2f5cc8773bdd];]
2021-07-21 17:14:35,894+05 INFO AAA_AUTHZ_PRINCIPAL_NAME: domreader
2021-07-21 17:14:35,894+05 INFO --- End QueryFilterRecord ---
2021-07-21 17:14:35,895+05 INFO--- End QueryFilterRecord ---
2021-07-21 17:14:35,895+05 INFOAPI: -->Authz.InvokeCommands.QUERY_OPEN
namespace='dc=testdom,dc=local'
2021-07-21 17:14:35,904+05 INFOAPI: <--Authz.InvokeCommands.QUERY_OPEN
2021-07-21 17:14:35,904+05 INFOAPI: -->Authz.InvokeCommands.QUERY_EXECUTE
2021-07-21 17:16:04,079+05 INFOAPI: <--Authz.InvokeCommands.QUERY_EXECUTE
count=1
2021-07-21 17:16:04,080+05 INFO--- Begin PrincipalRecord ---
2021-07-21 17:16:04,081+05 INFOAAA_AUTHZ_PRINCIPAL_PRINCIPAL: Domain Reader
2021-07-21 17:16:04,081+05 INFOAAA_AUTHZ_PRINCIPAL_LAST_NAME: Reader
2021-07-21 17:16:04,081+05 INFOAAA_LDAP_UNBOUNDID_DN: cn=Domain
Reader,ou=AD,ou=SERVICE,dc=testdom,dc=local
2021-07-21 17:16:04,082+05 INFOAAA_AUTHZ_PRINCIPAL_NAMESPACE:
dc=testdom,dc=local
2021-07-21 17:16:04,082+05 INFOAAA_AUTHZ_PRINCIPAL_ID: domreader
2021-07-21 17:16:04,082+05 INFOAAA_AUTHZ_PRINCIPAL_DISPLAY_NAME: Domain
Reader
2021-07-21 17:16:04,083+05 INFOAAA_AUTHZ_PRINCIPAL_NAME: domreader
2021-07-21 17:16:04,083+05 INFOAAA_AUTHZ_PRINCIPAL_FIRST_NAME: Domain
2021-07-21 17:16:04,083+05 INFO--- End PrincipalRecord ---
2021-07-21 17:16:04,084+05 INFOAPI: -->Authz.InvokeCommands.QUERY_EXECUTE
2021-07-21 17:16:04,084+05 INFOAPI: <--Authz.InvokeCommands.QUERY_EXECUTE
count=END
2021-07-21 17:16:04,084+05 INFOAPI: -->Authz.InvokeCommands.QUERY_CLOSE
2021-07-21 17:16:04,084+05 INFOAPI: <--Authz.InvokeCommands.QUERY_CLOSE
Trying to auth using