Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module
- Original Message - From: Bruno Rodriguez br...@pic.es To: Ondra Machacek omach...@redhat.com Cc: Esther Accion esth...@pic.es, users@ovirt.org Sent: Thursday, January 15, 2015 11:20:57 AM Subject: Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module Thank you very much, using the following ldap.example.org file: - include = openldap_example.properties include = rfc2307.properties what do you have in openldap_example.properties? vars.server = ldap1.example.org #vars.user = cn=authenticate,ou=System,dc=example,dc=org #vars.password = X why have you commented out the vars? you should have just removed the quotes from vars.password and keep bellow as-is. pool.default.serverset.single.server = ${global:vars.server} pool.default.auth.simple.bindDN = cn=authenticate,ou=System,dc=example,dc=org pool.default.auth.simple.password = X pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = /etc/ovirt-engine/extensions.d/ldap.example.org_keystore.jks pool.default.ssl.truststore.password = X - Then I get the following in the engine log: 2015-01-15 10:04:15,250 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=AAA_AUTHN_CREDENTIALS;type=class java.lang.String;uuid=AAA_AUTHN_CREDENTIALS[03b96485-4bb5-4592-8167-810a5c909706];]=***, Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org ,Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authn, Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]= authn-ldap.example.org , Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=AAA_AUTHN_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHN_CAPABILITIES[9d16bee3-10fd-46f2-83f9-3d3c54cf258d];]=12, Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.0.0, Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger( org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authn.authn-ldap.example.org ), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authn]}, Extkey[name=AAA_AUTHN_USER;type=class java.lang.String;uuid=AAA_AUTHN_USER[1ceaba26-1bdc-4663-a3c6-5d926f9dd8f0];]=bruno, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHN_AUTHENTICATE_CREDENTIALS[d9605c75-6b43-4b00-b32c-06bdfa80244c]} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey
Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module
- Original Message - From: Bruno Rodriguez br...@pic.es To: Ondra Machacek omach...@redhat.com Cc: Alon Bar-Lev alo...@redhat.com, Esther Accion esth...@pic.es, users@ovirt.org Sent: Thursday, January 15, 2015 12:03:39 PM Subject: Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module Thanks ! Now it's working! The problem was the absence of the line: pool.default.auth.type = simple this should not be set to all pools, only for the authz pool. the authn pool should be anonymous. the process of authentication is: 1. create a pool X ldap connections with anonymous bind. 2. when user authenticate fetch a connection from (1) and bind user that user and password. 3. revert to anonymous, return to pool. so basically your pool is now authenticated using your search user at all time. if your ldap does not permit anonymous logins at all, maybe better is to provide different user for this authentication pool? It's strange, I thought that the default auth type was set to simple and I didn't check it twice. After setting that the problem has to do about a user/password incorrect, which is our problem because of the schema we are using (migrated from a NIS some time ago). The openldap_example.properties actually was a copy of openldap.properties, I did it that way to customize it to our schema, but in a first instance it was a carbon copy of the original. in next version (1.0.2) there is rfc2307-openldap.properties to ease use :) Thanks again ! Bruno On Thu, Jan 15, 2015 at 10:43 AM, Ondra Machacek omach...@redhat.com wrote: On 01/15/2015 10:36 AM, Alon Bar-Lev wrote: - Original Message - From: Bruno Rodriguez br...@pic.es To: Ondra Machacek omach...@redhat.com Cc: Esther Accion esth...@pic.es, users@ovirt.org Sent: Thursday, January 15, 2015 11:20:57 AM Subject: Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module Thank you very much, using the following ldap.example.org file: - include = openldap_example.properties include = rfc2307.properties what do you have in openldap_example.properties? It seems you have specified anonymous bind in openldap_example.properties. You should probably try it with original one (openldap.properties). vars.server = ldap1.example.org #vars.user = cn=authenticate,ou=System,dc=example,dc=org #vars.password = X why have you commented out the vars? you should have just removed the quotes from vars.password and keep bellow as-is. pool.default.serverset.single.server = ${global:vars.server} pool.default.auth.simple.bindDN = cn=authenticate,ou=System,dc= example,dc=org pool.default.auth.simple.password = X pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = /etc/ovirt-engine/extensions.d/ldap.example.org_keystore.jks pool.default.ssl.truststore.password = X - Then I get the following in the engine log: 2015-01-15 10:04:15,250 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedEx ception Input: {Extkey[name=AAA_AUTHN_CREDENTIALS;type=class java.lang.String;uuid=AAA_AUTHN_CREDENTIALS[03b96485- 4bb5-4592-8167-810a5c909706];]=***, Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[ 886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name= EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_ MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65- 054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a- 4584-aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4- f969-42d4-b399-72d192e18304];]= http://www.ovirt.org ,Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112- 0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f- 4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authn, Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_ MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[ 2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a- 2dad-4bc5-9aad-e07018b7fbcc
Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module
Sorry, I forgot to restart the service. With the same ldap.example.org file, the REAL logs are the following: -- ldap log -- Jan 15 10:23:52 ldap1 slapd[6712]: conn=1672935 fd=109 ACCEPT from IP=192.168.XX.XX:41522 (IP=0.0.0.0:389) Jan 15 10:23:52 ldap1 slapd[6712]: conn=1672935 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 15 10:23:52 ldap1 slapd[6712]: conn=1672935 op=0 STARTTLS Jan 15 10:23:52 ldap1 slapd[6712]: conn=1672935 op=0 RESULT oid= err=0 text= Jan 15 10:23:53 ldap1 slapd[6712]: conn=1672935 fd=109 TLS established tls_ssf=128 ssf=128 Jan 15 10:23:53 ldap1 slapd[6712]: conn=1672935 op=1 BIND dn= method=128 Jan 15 10:23:53 ldap1 slapd[6712]: conn=1672935 op=1 RESULT tag=97 err=48 text=anonymous bind disallowed Jan 15 10:23:53 ldap1 slapd[6712]: conn=1672935 op=2 UNBIND Jan 15 10:23:53 ldap1 slapd[6712]: conn=1672935 fd=109 closed -- engine log -- 2015-01-15 10:23:53,010 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-2) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=AAA_AUTHN_CREDENTIALS;type=class java.lang.String;uuid=AAA_AUTHN_CREDENTIALS[03b96485-4bb5-4592-8167-810a5c909706];]=***, Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uu id=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX ;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Ex tkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4 c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584- aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6, Extkey[name=EXTENSION_HOME_URL;t ype=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778 bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf2 8-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authn, Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EX TENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a 226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc 5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=E XTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]= authn-ldap.example.org, Extkey[name=EXTENSION_BUILD_IN TERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4 747a8ab7];]=0, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTEN SION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=AAA_AUTHN_CAPABILITIES ;type=class java.lang.Long;uuid=AAA_AUTHN_CAPABILITIES[9d16bee3-10fd-46f2-83f9-3d3c54cf258d];]=12, Extkey[name=E XTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f -7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION _VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.0.0, Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface o rg.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLog ger(org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authn.authn-lda p.example.org), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-6 5b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authn]}, Extkey[name=AAA_AUTHN_USER;type=clas s java.lang.String;uuid=AAA_AUTHN_USER[1ceaba26-1bdc-4663-a3c6-5d926f9dd8f0];]=esthera, Extkey[name=EXTENSION_IN VOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a -b823-77b262a2f28d];]=AAA_AUTHN_AUTHENTICATE_CREDENTIALS[d9605c75-6b43-4b00-b32c-06bdfa80244c]} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40f b-b6c0-099c772ddd4e];]=2, Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class java.lang.String;uuid=EXTENSION_INVOKE _MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=anonymous bind disallowed} As you can see, the engine tries to make an anonimous binding and it's unsuccessful... Thank you very much (and sorry for the previous message),
Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module
On 01/15/2015 10:36 AM, Alon Bar-Lev wrote: - Original Message - From: Bruno Rodriguez br...@pic.es To: Ondra Machacek omach...@redhat.com Cc: Esther Accion esth...@pic.es, users@ovirt.org Sent: Thursday, January 15, 2015 11:20:57 AM Subject: Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module Thank you very much, using the following ldap.example.org file: - include = openldap_example.properties include = rfc2307.properties what do you have in openldap_example.properties? It seems you have specified anonymous bind in openldap_example.properties. You should probably try it with original one (openldap.properties). vars.server = ldap1.example.org #vars.user = cn=authenticate,ou=System,dc=example,dc=org #vars.password = X why have you commented out the vars? you should have just removed the quotes from vars.password and keep bellow as-is. pool.default.serverset.single.server = ${global:vars.server} pool.default.auth.simple.bindDN = cn=authenticate,ou=System,dc=example,dc=org pool.default.auth.simple.password = X pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = /etc/ovirt-engine/extensions.d/ldap.example.org_keystore.jks pool.default.ssl.truststore.password = X - Then I get the following in the engine log: 2015-01-15 10:04:15,250 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=AAA_AUTHN_CREDENTIALS;type=class java.lang.String;uuid=AAA_AUTHN_CREDENTIALS[03b96485-4bb5-4592-8167-810a5c909706];]=***, Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org ,Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authn, Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]= authn-ldap.example.org , Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=AAA_AUTHN_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHN_CAPABILITIES[9d16bee3-10fd-46f2-83f9-3d3c54cf258d];]=12, Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.0.0, Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger( org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authn.authn-ldap.example.org ), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authn]}, Extkey[name=AAA_AUTHN_USER;type=class java.lang.String;uuid=AAA_AUTHN_USER[1ceaba26-1bdc-4663-a3c6-5d926f9dd8f0];]=bruno, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHN_AUTHENTICATE_CREDENTIALS[d9605c75-6b43-4b00-b32c-06bdfa80244c]} Output: {Extkey[name
Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module
Thanks ! Now it's working! The problem was the absence of the line: pool.default.auth.type = simple It's strange, I thought that the default auth type was set to simple and I didn't check it twice. After setting that the problem has to do about a user/password incorrect, which is our problem because of the schema we are using (migrated from a NIS some time ago). The openldap_example.properties actually was a copy of openldap.properties, I did it that way to customize it to our schema, but in a first instance it was a carbon copy of the original. Thanks again ! Bruno On Thu, Jan 15, 2015 at 10:43 AM, Ondra Machacek omach...@redhat.com wrote: On 01/15/2015 10:36 AM, Alon Bar-Lev wrote: - Original Message - From: Bruno Rodriguez br...@pic.es To: Ondra Machacek omach...@redhat.com Cc: Esther Accion esth...@pic.es, users@ovirt.org Sent: Thursday, January 15, 2015 11:20:57 AM Subject: Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module Thank you very much, using the following ldap.example.org file: - include = openldap_example.properties include = rfc2307.properties what do you have in openldap_example.properties? It seems you have specified anonymous bind in openldap_example.properties. You should probably try it with original one (openldap.properties). vars.server = ldap1.example.org #vars.user = cn=authenticate,ou=System,dc=example,dc=org #vars.password = X why have you commented out the vars? you should have just removed the quotes from vars.password and keep bellow as-is. pool.default.serverset.single.server = ${global:vars.server} pool.default.auth.simple.bindDN = cn=authenticate,ou=System,dc= example,dc=org pool.default.auth.simple.password = X pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = /etc/ovirt-engine/extensions.d/ldap.example.org_keystore.jks pool.default.ssl.truststore.password = X - Then I get the following in the engine log: 2015-01-15 10:04:15,250 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedEx ception Input: {Extkey[name=AAA_AUTHN_CREDENTIALS;type=class java.lang.String;uuid=AAA_AUTHN_CREDENTIALS[03b96485- 4bb5-4592-8167-810a5c909706];]=***, Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[ 886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name= EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_ MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65- 054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a- 4584-aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4- f969-42d4-b399-72d192e18304];]= http://www.ovirt.org ,Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112- 0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f- 4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authn, Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_ MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[ 2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a- 2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245- 8674327f011b];]= authn-ldap.example.org , Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_ VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_ SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=AAA_AUTHN_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHN_CAPABILITIES[9d16bee3-10fd- 46f2-83f9-3d3c54cf258d];]=12, Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[ 9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8- 8239-4bdb-ab1a-af9f779ce68c];]=1.0.0, Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid
Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module
Thank you very much, using the following ldap.example.org file: - include = openldap_example.properties include = rfc2307.properties vars.server = ldap1.example.org #vars.user = cn=authenticate,ou=System,dc=example,dc=org #vars.password = X pool.default.serverset.single.server = ${global:vars.server} pool.default.auth.simple.bindDN = cn=authenticate,ou=System,dc=example,dc=org pool.default.auth.simple.password = X pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = /etc/ovirt-engine/extensions.d/ldap.example.org_keystore.jks pool.default.ssl.truststore.password = X - Then I get the following in the engine log: 2015-01-15 10:04:15,250 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-3) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=AAA_AUTHN_CREDENTIALS;type=class java.lang.String;uuid=AAA_AUTHN_CREDENTIALS[03b96485-4bb5-4592-8167-810a5c909706];]=***, Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]= http://www.ovirt.org,Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authn, Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]= authn-ldap.example.org, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=AAA_AUTHN_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHN_CAPABILITIES[9d16bee3-10fd-46f2-83f9-3d3c54cf258d];]=12, Extkey[name=EXTENSION_GLOBAL_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_GLOBAL_CONTEXT[9799e72f-7af6-4cf1-bf08-297bc8903676];]=*skip*, Extkey[name=EXTENSION_VERSION;type=class java.lang.String;uuid=EXTENSION_VERSION[fe35f6a8-8239-4bdb-ab1a-af9f779ce68c];]=1.0.0, Extkey[name=EXTENSION_MANAGER_TRACE_LOG;type=interface org.slf4j.Logger;uuid=EXTENSION_MANAGER_TRACE_LOG[863db666-3ea7-4751-9695-918a3197ad83];]=org.slf4j.impl.Slf4jLogger( org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace.ovirt-engine-extension-aaa-ldap.authn.authn-ldap.example.org), Extkey[name=EXTENSION_PROVIDES;type=interface java.util.Collection;uuid=EXTENSION_PROVIDES[8cf373a6-65b5-4594-b828-0e275087de91];]=[org.ovirt.engine.api.extensions.aaa.Authn]}, Extkey[name=AAA_AUTHN_USER;type=class java.lang.String;uuid=AAA_AUTHN_USER[1ceaba26-1bdc-4663-a3c6-5d926f9dd8f0];]=bruno, Extkey[name=EXTENSION_INVOKE_COMMAND;type=class org.ovirt.engine.api.extensions.ExtUUID;uuid=EXTENSION_INVOKE_COMMAND[485778ab-bede-4f1a-b823-77b262a2f28d];]=AAA_AUTHN_AUTHENTICATE_CREDENTIALS[d9605c75-6b43-4b00-b32c-06bdfa80244c]} Output: {Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[0909d91d-8bde-40fb-b6c0-099c772ddd4e];]=2, Extkey[name=EXTENSION_INVOKE_MESSAGE;type=class java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=anonymous bind disallowed} --- And this is the ldap connection log: /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 fd=114 ACCEPT from IP=192.168.XX.XX:41469 (IP=0.0.0.0:389) /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 op=0 EXT oid=1.3.6.1.4.1.1466.20037 /var/log/ldap.log:Jan 15 10:04:15 ldap1 slapd[6712]: conn=1671350 op=0 STARTTLS
[ovirt-users] Error authenticating bind using the AAA OpenLDAP module
Good afternoon, We cannot access to Ovirt using LDAP authentication against our openldap server. We created the following files in /etc/ovirt-engine/extensions.d (the organization name is not example.org and the passwords are not , obviously) : --- /etc/ovirt-engine/extensions.d/ldap.example.org --- include = openldap_example.properties vars.server = ldap1.example.org vars.user = cn=authenticate,ou=System,dc=example,dc=org vars.password = pool.default.serverset.single.server = ${global:vars.server} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = /etc/ovirt-engine/extensions.d/ldap.example.org_keystore.jks pool.default.ssl.truststore.password = --- /etc/ovirt-engine/extensions.d/authn-ldap.example.org.properties --- ovirt.engine.extension.name = authn-ldap.example.org ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = ldap.example.org ovirt.engine.aaa.authn.authz.plugin = authz-ldap.example.org config.profile.file.1 = /etc/ovirt-engine/extensions.d/ldap.example.org --- /etc/ovirt-engine/extensions.d/authz-ldap.example.org.properties --- ovirt.engine.extension.name = authz-ldap.example.org ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/ldap.example.org After all of this we restarted the service and tried to access via the administration portal. The JKS has the right permissions and contains the TLS CA, the password is correct and the user esthera exists. But when we try to log in, we obtain the following error in the engine.log (we already set the verbosity to ALL): 2015-01-14 16:35:25,750 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-6) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=AAA_AUTHN_CREDENTIALS;type=class java.lang.String;uuid=AAA_ AUTHN_CREDENTIALS[03b96485-4bb5-4592-8167-810a5c909706];]=***, Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api. extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3- e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_ MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid= EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid= EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4- f969-42d4-b399-72d192e18304];]=http://www.ovirt.org, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid= EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid= EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]= ovirt-engine-extension-aaa-ldap.authn, Extkey[name=EXTENSION_ INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid= EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid= EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid= EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid= EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=authn-ldap. http://authn-ldap.pic.es/example.org, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class java.lang.Integer;uuid=EXTENSION_BUILD_INTERFACE_VERSION[cb479e5a-4b23-46f8-aed3-56a4747a8ab7];]=0, Extkey[name=EXTENSION_CONFIGURATION_SENSITIVE_KEYS;type=interface java.util.Collection;uuid=EXTENSION_CONFIGURATION_ SENSITIVE_KEYS[a456efa1-73ff-4204-9f9b-ebff01e35263];]=[], Extkey[name=AAA_AUTHN_CAPABILITIES;type=class java.lang.Long;uuid=AAA_AUTHN_ CAPABILITIES[9d16bee3-10fd-46f2-83f9-3d3c54cf258d];]=12,
Re: [ovirt-users] Error authenticating bind using the AAA OpenLDAP module
Hi, On 01/14/2015 04:53 PM, Bruno Rodriguez wrote: Good afternoon, We cannot access to Ovirt using LDAP authentication against our openldap server. We created the following files in /etc/ovirt-engine/extensions.d (the organization name is not example.org http://example.org and the passwords are not , obviously) : --- /etc/ovirt-engine/extensions.d/ldap.example.org http://ldap.example.org --- include = openldap_example.properties vars.server = ldap1.example.org http://ldap1.example.org vars.user = cn=authenticate,ou=System,dc=example,dc=org vars.password = pool.default.serverset.single.server = ${global:vars.server} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} pool.default.ssl.startTLS = true pool.default.ssl.truststore.file = /etc/ovirt-engine/extensions.d/ldap.example.org_keystore.jks pool.default.ssl.truststore.password = --- /etc/ovirt-engine/extensions.d/authn-ldap.example.org.properties --- ovirt.engine.extension.name http://ovirt.engine.extension.name = authn-ldap.example.org http://authn-ldap.example.org ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name http://ovirt.engine.aaa.authn.profile.name = ldap.example.org http://ldap.example.org ovirt.engine.aaa.authn.authz.plugin = authz-ldap.example.org http://authz-ldap.example.org config.profile.file.1 = /etc/ovirt-engine/extensions.d/ldap.example.org http://ldap.example.org --- /etc/ovirt-engine/extensions.d/authz-ldap.example.org.properties --- ovirt.engine.extension.name http://ovirt.engine.extension.name = authz-ldap.example.org http://authz-ldap.example.org ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /etc/ovirt-engine/extensions.d/ldap.example.org http://ldap.example.org After all of this we restarted the service and tried to access via the administration portal. The JKS has the right permissions and contains the TLS CA, the password is correct and the user esthera exists. But when we try to log in, we obtain the following error in the engine.log (we already set the verbosity to ALL): 2015-01-14 16:35:25,750 ERROR [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (ajp--127.0.0.1-8702-6) Error during CanDoActionFailure.: Class: class org.ovirt.engine.core.extensions.mgr.ExtensionInvokeCommandFailedException Input: {Extkey[name=AAA_AUTHN_CREDENTIALS;type=class java.lang.String;uuid=AAA_AUTHN_CREDENTIALS[03b96485-4bb5-4592-8167-810a5c909706];]=***, Extkey[name=EXTENSION_INVOKE_CONTEXT;type=class org.ovirt.engine.api.extensions.ExtMap;uuid=EXTENSION_INVOKE_CONTEXT[886d2ebb-312a-49ae-9cc3-e1f849834b7d];]={Extkey[name=EXTENSION_INTERFACE_VERSION_MAX;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MAX[f4cff49f-2717-4901-8ee9-df362446e3e7];]=0, Extkey[name=EXTENSION_LICENSE;type=class java.lang.String;uuid=EXTENSION_LICENSE[8a61ad65-054c-4e31-9c6d-1ca4d60a4c18];]=ASL 2.0, Extkey[name=EXTENSION_NOTES;type=class java.lang.String;uuid=EXTENSION_NOTES[2da5ad7e-185a-4584-aaff-97f66978e4ea];]=Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6, Extkey[name=EXTENSION_HOME_URL;type=class java.lang.String;uuid=EXTENSION_HOME_URL[4ad7a2f4-f969-42d4-b399-72d192e18304];]=http://www.ovirt.org http://www.ovirt.org/, Extkey[name=EXTENSION_LOCALE;type=class java.lang.String;uuid=EXTENSION_LOCALE[0780b112-0ce0-404a-b85e-8765d778bb29];]=en_US, Extkey[name=EXTENSION_NAME;type=class java.lang.String;uuid=EXTENSION_NAME[651381d3-f54f-4547-bf28-b0b01a103184];]=ovirt-engine-extension-aaa-ldap.authn, Extkey[name=EXTENSION_INTERFACE_VERSION_MIN;type=class java.lang.Integer;uuid=EXTENSION_INTERFACE_VERSION_MIN[2b84fc91-305b-497b-a1d7-d961b9d2ce0b];]=0, Extkey[name=EXTENSION_CONFIGURATION;type=class java.util.Properties;uuid=EXTENSION_CONFIGURATION[2d48ab72-f0a1-4312-b4ae-5068a226b0fc];]=***, Extkey[name=EXTENSION_AUTHOR;type=class java.lang.String;uuid=EXTENSION_AUTHOR[ef242f7a-2dad-4bc5-9aad-e07018b7fbcc];]=The oVirt Project, Extkey[name=EXTENSION_INSTANCE_NAME;type=class java.lang.String;uuid=EXTENSION_INSTANCE_NAME[65c67ff6-aeca-4bd5-a245-8674327f011b];]=authn-ldap. http://authn-ldap.pic.es/example.org http://example.org, Extkey[name=EXTENSION_BUILD_INTERFACE_VERSION;type=class