----- Original Message ----- > From: "david van zeebroeck" <[email protected]> > To: [email protected] > Sent: Tuesday, November 5, 2013 10:59:43 AM > Subject: [Users] unable to use ad authentication > > hello i'm trying to use ad authentication in my ovirt setup > however i can't seem to get it to work. > > i can browse the ad and select users & groups but logging in does not work > > output of engine-manage-domains > engine-manage-domains -report -action=validate > Domain mydomain.com is valid. > The configured user for domain mydomain.com is [email protected] > Manage Domains completed successfully > > in the egine.log i see following info : > 2013-11-05 09:53:45,088 ERROR > [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] > (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is > (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: > DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested > exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - > 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, > v1db1]; remaining name '' > 2013-11-05 09:53:45,100 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// > srvdc06.mydomain.com:389 using user [email protected] due to : [LDAP: > error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing > name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: > : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error > processing name, data 0, v1db1]; remaining name ''. We should try the next > server > 2013-11-05 09:53:45,179 ERROR > [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] > (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is > (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: > DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested > exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - > 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, > v1db1]; remaining name '' > 2013-11-05 09:53:45,189 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// > srvdc04.mydomain.com:389 using user [email protected] due to : [LDAP: > error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing > name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: > : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error > processing name, data 0, v1db1]; remaining name ''. We should try the next > server > 2013-11-05 09:53:45,253 ERROR > [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] > (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is > (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: > DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested > exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - > 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, > v1db1]; remaining name '' > 2013-11-05 09:53:45,262 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// > srvdc05.mydomain.com:389 using user [email protected] due to : [LDAP: > error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing > name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: > : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error > processing name, data 0, v1db1]; remaining name ''. We should try the next > server > 2013-11-05 09:53:45,335 ERROR > [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] > (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is > (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: > DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested > exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - > 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, > v23f0]; remaining name '' > 2013-11-05 09:53:45,353 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// > srvdc08.mydomain.com:389 using user [email protected] due to : [LDAP: > error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing > name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: > : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error > processing name, data 0, v23f0]; remaining name ''. We should try the next > server > 2013-11-05 09:53:45,433 ERROR > [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] > (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is > (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: > DSID-0C09074B, comment: Error processing name, data 0, v23f0]; nested > exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - > 0000208F: LdapErr: DSID-0C09074B, comment: Error processing name, data 0, > v23f0]; remaining name '' > 2013-11-05 09:53:45,451 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// > srvdc07.mydomain.com:389 using user [email protected] due to : [LDAP: > error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error processing > name, data 0, v23f0]; nested exception is javax.naming.InvalidNameException: > : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C09074B, comment: Error > processing name, data 0, v23f0]; remaining name ''. We should try the next > server > 2013-11-05 09:53:45,523 ERROR > [org.ovirt.engine.core.bll.adbroker.LDAPTemplateWrapper] > (ajp--127.0.0.1-8702-11) Error in running LDAP query. BaseDN is , filter is > (cn=*). Exception message is: : [LDAP: error code 34 - 0000208F: LdapErr: > DSID-0C090715, comment: Error processing name, data 0, v1db1]; nested > exception is javax.naming.InvalidNameException: : [LDAP: error code 34 - > 0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, > v1db1]; remaining name '' > 2013-11-05 09:53:45,540 ERROR > [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] > (ajp--127.0.0.1-8702-11) Failed ldap search server LDAP:// > srvdc03.mydomain.com:389 using user [email protected] due to : [LDAP: > error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error processing > name, data 0, v1db1]; nested exception is javax.naming.InvalidNameException: > : [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090715, comment: Error > processing name, data 0, v1db1]; remaining name ''. We should try the next > server > 2013-11-05 09:53:45,987 WARN > [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp--127.0.0.1-8702-11) > CanDoAction of action LoginAdminUser failed. > Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
Hi It seems that you had added a user using AD but didn't assign him any role. Please note that you should assign entities permissions (shown on the permission TAB when you select an entity instance) > > when i try to get a kerberos ticket on the server i'm able to get a correct > ticket > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
