<top posting> Hey,
According to the call stack, it looks like something is wrong in the root DSE attributes (whether due to a bug in the engine, or some configuration that can be done in AD). Please provide us this information by using the following commands: ldapsearch -LLL -D u...@example.com -h <AD-SERVER> -b "" -s base objectClass=* Oved ----- Original Message ----- > From: "Joop" <jvdw...@xs4all.nl> > To: "<users@ovirt.org>" <users@ovirt.org> > Sent: Saturday, September 15, 2012 1:07:06 AM > Subject: [Users] ActiveDirectory problems > > Hi List, > > I have been reading the list for quite sometime and I have a question > because I can't find the problem myself. > I have an oVirt-3.1 setup with 3 nodes (Fed17 install from LiveCD + > vdsm) and an engine install. Sofar this all works. Can create VM's, > can > migrate them, no problems ( well one but thats for another post, > vdsmd > doesn't start at system start). > Version of oVirt thats installed: > Installed Packages > ovirt-engine.noarch 3.1.0-2.fc17 @ovirt-beta > ovirt-engine-backend.noarch 3.1.0-2.fc17 > @ovirt-beta > ovirt-engine-cli.noarch 3.1.0.6-1.fc17 > @ovirt-beta > ovirt-engine-config.noarch 3.1.0-2.fc17 > @ovirt-beta > ovirt-engine-dbscripts.noarch 3.1.0-2.fc17 > @ovirt-beta > ovirt-engine-genericapi.noarch 3.1.0-2.fc17 > @ovirt-beta > ovirt-engine-notification-service.noarch > 3.1.0-2.fc17 @ovirt-beta > ovirt-engine-restapi.noarch 3.1.0-2.fc17 > @ovirt-beta > ovirt-engine-sdk.noarch 3.1.0.4-1.fc17 > @ovirt-beta > ovirt-engine-setup.noarch 3.1.0-2.fc17 > @ovirt-beta > ovirt-engine-tools-common.noarch 3.1.0-2.fc17 > @ovirt-beta > ovirt-engine-userportal.noarch 3.1.0-2.fc17 > @ovirt-beta > ovirt-engine-webadmin-portal.noarch > 3.1.0-2.fc17 @ovirt-beta > ovirt-image-uploader.noarch 3.1.0-0.git9c42c8.fc17 > @ovirt-beta > ovirt-iso-uploader.noarch 3.1.0-0.git1841d9.fc17 > @ovirt-beta > ovirt-log-collector.noarch 3.1.0-0.git10d719.fc17 > @ovirt-beta > > Next step is integrating with our AD setup. Ran engine-manage-domains > -action=add -provider=ActiveDirectory -domain=nieuwland.local > -user=admin -interactive > Message is: > WARNING: No permissions were added to the Engine. Login either with > the > internal admin user or with another configured user > Successfully added domain nieuwland.local. oVirt Engine restart is > required in order for the changes to take place (service > Manage Domains completed successfully > > The specified admin is an DomainAdministrator. > > The logfile in /var/log/engine/engine-manage-domains also says OK. > The > resulting krb5.conf in /etc/ovirt-engine looks also OK. The AD > servers > are resolvable forward and backward. > Then I'm lost because when I log into the Admin portal with the > internal > admin account and goto the Users tab and want to add a user from the > nieuwland.local, myself (jvandewege) realm it won't work and I get > the > following in engine.log > > 2012-09-14 12:55:26,104 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (ajp--0.0.0.0-8009-12) Failed ldap search server > LDAP://digit.nieuwland.local:389 due to > java.lang.NullPointerException. > We should try the next server: java.lang.NullPointerException > at > org.ovirt.engine.core.bll.adbroker.ADRootDSE.<init>(ADRootDSE.java:26) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.adbroker.RootDSEFactory.get(RootDSEFactory.java:14) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.adbroker.GetRootDSETask.setRootDSE(GetRootDSETask.java:97) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.adbroker.DirectorySearcher.find(DirectorySearcher.java:91) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.adbroker.DirectorySearcher.FindOne(DirectorySearcher.java:39) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand.executeQuery(LdapAuthenticateUserCommand.java:44) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase.Execute(LdapBrokerCommandBase.java:68) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.adbroker.LdapBrokerBase.RunAdAction(LdapBrokerBase.java:18) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.LoginUserCommand.authenticateUser(LoginUserCommand.java:30) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:177) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:14) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.CommandBase.InternalCanDoAction(CommandBase.java:486) > [engine-bll.jar:] > at > org.ovirt.engine.core.bll.CommandBase.ExecuteAction(CommandBase.java:261) > [engine-bll.jar:] > at org.ovirt.engine.core.bll.Backend.Login(Backend.java:481) > [engine-bll.jar:] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.7.0_05-icedtea] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > [rt.jar:1.7.0_05-icedtea] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > [rt.jar:1.7.0_05-icedtea] > at java.lang.reflect.Method.invoke(Method.java:601) > [rt.jar:1.7.0_05-icedtea] > at > org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) > [jboss-invocation.jar:1.1.1.Final] > at > org.ovirt.engine.core.utils.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:11) > [engine-utils.jar:] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.7.0_05-icedtea] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > [rt.jar:1.7.0_05-icedtea] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > [rt.jar:1.7.0_05-icedtea] > at java.lang.reflect.Method.invoke(Method.java:601) > [rt.jar:1.7.0_05-icedtea] > at > org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptorFactory$ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptorFactory.java:123) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:53) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) > [jboss-invocation.jar:1.1.1.Final] > at > org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at > org.ovirt.engine.core.common.interfaces.BackendLocal$$$view9.Login(Unknown > Source) [engine-common.jar:] > at > org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.Login(GenericApiGWTServiceImpl.java:157) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.7.0_05-icedtea] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > [rt.jar:1.7.0_05-icedtea] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > [rt.jar:1.7.0_05-icedtea] > at java.lang.reflect.Method.invoke(Method.java:601) > [rt.jar:1.7.0_05-icedtea] > at > com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) > at > com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:161) > at > com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:222) > at > com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) > [jboss-servlet-3.0-api.jar:1.0.1.Final] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > [jboss-servlet-3.0-api.jar:1.0.1.Final] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) > > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) > > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) > > at > org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) > > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) > > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > > at > org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) > at > org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:505) > at > org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:445) > > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) > at java.lang.Thread.run(Thread.java:722) > [rt.jar:1.7.0_05-icedtea] > > 2012-09-14 12:55:26,124 ERROR > [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] > (ajp--0.0.0.0-8009-12) Failed authenticating user: admin to domain > nieuwland.local. Ldap Query Type is getUserByName > 2012-09-14 12:55:26,125 ERROR > [org.ovirt.engine.core.bll.LoginAdminUserCommand] > (ajp--0.0.0.0-8009-12) > USER_FAILED_TO_AUTHENTICATE : admin > 2012-09-14 12:55:26,125 WARN > [org.ovirt.engine.core.bll.LoginAdminUserCommand] > (ajp--0.0.0.0-8009-12) > CanDoAction of action LoginAdminUser failed. > Reasons:USER_FAILED_TO_AUTHENTICATE > 2012-09-14 12:57:07,027 INFO > [org.ovirt.engine.core.bll.LoginAdminUserCommand] > (ajp--0.0.0.0-8009-5) > Checking if user admin@internal is an admin, result true > 2012-09-14 12:57:07,029 INFO > [org.ovirt.engine.core.bll.LoginAdminUserCommand] > (ajp--0.0.0.0-8009-5) > Running command: LoginAdminUserCommand internal: false. > > Using Wireshark I don't see what I expected namely a well formed ldap > search and a result. Can provide the dmp if needed. > > Anyone had any luck and is willing to help me out? > > Thanks in advance, > > Joop > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users