On 07/26/2013 03:54 PM, Trevor Galloway wrote:
Thanks Itamar for the suggestion - however the `-action=edit` fails
since the currently configured user account is inactive within the
active directory - it looks as if there is an initial authentication
that needs to validate before the edit can proceed ... :(
Hence my query about being able to reset the underlying username that
engine-manage-domains uses?
you can delete the domain, then add it.
(and i'd expect edit allows you to set the new user and use it, strange
it will fail you)
Thanks
Trevor
On 26 July 2013 12:01, Itamar Heim <[email protected]
<mailto:[email protected]>> wrote:
On 07/26/2013 01:55 PM, Trevor Galloway wrote:
Thanks Yair,
I made the changes to the engine-manage-domains script as
suggested in
the gerrit link - that now works just fine, and also confirms what I
thought the problem was all along - namely that the configured
username
returned on a `engine-manage-domains --action=list` is that of the
previous admin.
The problem being that their account is no longer valid within the
active directory, hence validation fails.
I've trawled the various ovirt config directories but can't find a
resource that holds the username to use on the LDAP query.
Presumably
this is something that gets setup at install time?
Is there a way to re-configure the underlying username?
engine-manage-domains should allow you to set the user used in the
ldap query via -action=list.
then you can use -action=edit to update it
Many thanks,
Trevor
On 25 July 2013 22:29, Yair Zaslavsky <[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>> wrote:
----- Original Message -----
> From: "Trevor Galloway" <[email protected]
<mailto:[email protected]>
<mailto:trevgall@googlemail.__com
<mailto:[email protected]>>>
> To: [email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
> Sent: Thursday, July 25, 2013 7:51:56 PM
> Subject: [Users] Problem running engine-manage-domain on
oVirt
3.1.0-4
>
> Hello oVirt Users,
>
>
>
> Just signed up to the user mailing list and have a question
regarding an
> error being reported to stdout when running
engine-manage-domains.
>
>
>
> When running the `engine-manage-domains` utility from
the command
line I
> see the following error reported:
>
>
>
> *[root@hive ovirt-engine]# engine-manage-domains
-action=list*
>
> *Failed reading current configuration. Details: Error
"Key for add
> operation must be defined!" while reading configuration
value
AdUserName.*
>
>
>
> A quick Google on this leads directly to Bugzilla – Bug
883846 –
which
> looks like it’s fixed in the 3.2 version. Can anyone confirm
that? I’ve
> inherited a DL580 running oVirt Manager and a bunch of
VM’s, and
don’t
> really want to undertake an upgrade just now if I don’t
have to.
This is indeed the issue.
>
>
>
>
>
> The real problem seems to be that I can’t assign a user
with any
roles
> since the ldap lookup to the active server fails – due,
I think,
to the
> fact that the query is configured to authenticate with the
previous admins
> credentials – they left and the account is now disabled. J
>
>
>
> From the /var/log/ovirt-engine/engine.__log
>
> *2013-07-25 11:32:15,574 ERROR
>
[org.ovirt.engine.core.bll.__adbroker.__GSSAPIDirContextAuthentication__Strategy]
> (ajp--0.0.0.0-8009-1) Authentication failed. The user is
either
locked or
> disabled*
>
> *2013-07-25 11:32:15,575 ERROR
> [org.ovirt.engine.core.bll.__adbroker.DirectorySearcher]
> (ajp--0.0.0.0-8009-1) Failed ldap search server
> LDAP://<my_active_directory>:__389 due to
>
org.ovirt.engine.core.bll.__adbroker.__EngineDirectoryServiceExceptio__n.
We
> should not try the next server:
>
org.ovirt.engine.core.bll.__adbroker.__EngineDirectoryServiceExceptio__n*
>
> * *
>
> The above gets written out as soon as I hit the Go
button in the
Add System
> Permission to User dialogue window.
engine-manage-domains uses engine-config and provides its a
configuration (after the above bug fix) with keys in form
of "key=".
If you really don't want to upgrade, maybe you should consider
editing the engine-manage-domains script, as in
http://gerrit.ovirt.org/#/c/__9743/3/backend/manager/conf/__kerberos/engine-manage-domains
<http://gerrit.ovirt.org/#/c/9743/3/backend/manager/conf/kerberos/engine-manage-domains>
?
You will have to do that for any altering operations on
domains and
their associated users.
Please let us know if it worked for you
Many thanks,
Yair
>
>
>
> Thanks in advance for any advice!
>
> _________________________________________________
> Users mailing list
> [email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
> http://lists.ovirt.org/__mailman/listinfo/users
<http://lists.ovirt.org/mailman/listinfo/users>
>
_________________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.ovirt.org/__mailman/listinfo/users
<http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users
