----- Original Message ----- > From: "Trevor Galloway" <[email protected]> > To: [email protected] > Sent: Thursday, July 25, 2013 7:51:56 PM > Subject: [Users] Problem running engine-manage-domain on oVirt 3.1.0-4 > > Hello oVirt Users, > > > > Just signed up to the user mailing list and have a question regarding an > error being reported to stdout when running engine-manage-domains. > > > > When running the `engine-manage-domains` utility from the command line I > see the following error reported: > > > > *[root@hive ovirt-engine]# engine-manage-domains -action=list* > > *Failed reading current configuration. Details: Error "Key for add > operation must be defined!" while reading configuration value AdUserName.* > > > > A quick Google on this leads directly to Bugzilla – Bug 883846 – which > looks like it’s fixed in the 3.2 version. Can anyone confirm that? I’ve > inherited a DL580 running oVirt Manager and a bunch of VM’s, and don’t > really want to undertake an upgrade just now if I don’t have to.
This is indeed the issue. > > > > > > The real problem seems to be that I can’t assign a user with any roles > since the ldap lookup to the active server fails – due, I think, to the > fact that the query is configured to authenticate with the previous admins > credentials – they left and the account is now disabled. J > > > > From the /var/log/ovirt-engine/engine.log > > *2013-07-25 11:32:15,574 ERROR > [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] > (ajp--0.0.0.0-8009-1) Authentication failed. The user is either locked or > disabled* > > *2013-07-25 11:32:15,575 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (ajp--0.0.0.0-8009-1) Failed ldap search server > LDAP://<my_active_directory>:389 due to > org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException. We > should not try the next server: > org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException* > > * * > > The above gets written out as soon as I hit the Go button in the Add System > Permission to User dialogue window. engine-manage-domains uses engine-config and provides its a configuration (after the above bug fix) with keys in form of "key=". If you really don't want to upgrade, maybe you should consider editing the engine-manage-domains script, as in http://gerrit.ovirt.org/#/c/9743/3/backend/manager/conf/kerberos/engine-manage-domains ? You will have to do that for any altering operations on domains and their associated users. Please let us know if it worked for you Many thanks, Yair > > > > Thanks in advance for any advice! > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
