----- Original Message ----- > From: "Fumihide Tani" <[email protected]> > To: "Alon Bar-Lev" <[email protected]> > Cc: [email protected] > Sent: Monday, October 6, 2014 6:47:15 PM > Subject: Re: [ovirt-users] Can not configure with simple LDAP. > > Alon, > > Sorry, I forgetted to start my DNS server. > After that everything goes well. > I can add LDAP account and login to the Web Portal by LDAP account > successfully!
great, now try this sequence: 1. define a group X in ldap. 2. define a group Y in ldap which is member of group X. 3. define user U that is member of group Y. 4. add group X into ovirt-engine as superuser. 5. try to login with user U. it should work unless we have an issue. > > (2014/10/07 0:33), Alon Bar-Lev wrote: > > 2014-10-07 00:27:59,829 DEBUG > > [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-14) > > Exception during sequence: LDAPException(resultCode=91 (connect error), > > errorMessage='An error occurred while attempting to connect to server > > ldap.rxc05271.com:389: java.io.IOException: An error occurred while > > attempting to establish a connection to server > > ldap.rxc05271.com/111.64.166.75:389: java.net.ConnectException: > > Connection refused') > > > > > > ----- Original Message ----- > >> From: "Fumihide Tani" <[email protected]> > >> To: "Alon Bar-Lev" <[email protected]> > >> Cc: [email protected] > >> Sent: Monday, October 6, 2014 6:31:17 PM > >> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >> > >> engine.log attached. > >> > >> Regards > >> > >> (2014/10/06 23:57), Alon Bar-Lev wrote: > >>> ----- Original Message ----- > >>>> From: "Fumihide Tani" <[email protected]> > >>>> To: "Alon Bar-Lev" <[email protected]> > >>>> Cc: [email protected] > >>>> Sent: Monday, October 6, 2014 3:40:05 PM > >>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>> > >>>> Alon, > >>>> > >>>> Thanks, the ovirt-engine-extension-aaa-ldap was updated successfully. > >>>> and then I restarted my ovirt-engine. > >>>> > >>>> I tried the following: > >>>> > >>>> 1) Login to the User Portal using LDAP account "tani". > >>>> Failed. (it was able to login before doing update.) > >>>> > >>>> 2) Then deleting the LDAP account "tani" from admin portal. > >>>> > >>>> 3) Tried to add new account "tani" again. > >>>> I selected "rxc05271.com (authz-company)" instead of "internal > >>>> (internal)" > >>>> but "Go" bottun is hidden. > >>>> > >>>> What should I do next? > >>> it probably means that the engine cannot interact with the ldap. > >>> can you see any error message during engine startup that related? > >>> can you stop engine remove engine.log start engine and send me the > >>> engine.log? > >>> > >>>> Regards, > >>>> Fumihide Tani > >>>> > >>>> (2014/10/06 20:39), Alon Bar-Lev wrote: > >>>>> ----- Original Message ----- > >>>>>> From: "Fumihide Tani" <[email protected]> > >>>>>> To: "Alon Bar-Lev" <[email protected]> > >>>>>> Cc: [email protected] > >>>>>> Sent: Monday, October 6, 2014 2:36:38 PM > >>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>>>> > >>>>>> Hi, Alon > >>>>>> > >>>>>> I can not update the ovirt-engine-extension-aaa-ldap.noarch > >>>>>> 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the one you > >>>>>> specified. > >>>>>> Is it still not exist in ovirt-3.5-pre repo? > >>>>> right, they are at snapshots. > >>>>> you can take the extension rpm and only update it. > >>>>> > >>>>> yum localupdate > >>>>> http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d.el6.noarch.rpm > >>>>> > >>>>>> Regards, > >>>>>> Fumihide Tani > >>>>>> > >>>>>> (2014/10/06 17:07), Alon Bar-Lev wrote: > >>>>>>> Hello Fumihide, > >>>>>>> > >>>>>>> I pushed a significant change into ldap package, in some cases it > >>>>>>> will > >>>>>>> provide better response times. > >>>>>>> The change is within group resolution. > >>>>>>> I wounder if you can test it, should be at least > >>>>>>> ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d. > >>>>>>> > >>>>>>> Regards, > >>>>>>> Alon Bar-Lev. > >>>>>>> > >>>>>>> ----- Original Message ----- > >>>>>>>> From: "Fumihide Tani" <[email protected]> > >>>>>>>> To: "Alon Bar-Lev" <[email protected]> > >>>>>>>> Cc: [email protected] > >>>>>>>> Sent: Thursday, September 25, 2014 4:41:09 PM > >>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>>>>>> > >>>>>>>> Hi, Alon, > >>>>>>>> > >>>>>>>> Without waiting until the weekend, > >>>>>>>> I have finished the flesh install of the oVirt 3.5 RC3 today. > >>>>>>>> As a result, with same AAA settings, > >>>>>>>> My OpenLDAP's users became possible to login to the Web User Portal > >>>>>>>> now. > >>>>>>>> Yes, RC3 is good for integrating with newest OpenLDAP 2.4.23, RC2 is > >>>>>>>> not. > >>>>>>>> > >>>>>>>> Very much thanks, > >>>>>>>> Fumihide Tani > >>>>>>>> > >>>>>>>> (2014/09/25 7:27), Alon Bar-Lev wrote: > >>>>>>>>> This is severe, the upgrade is not working properly you have issues > >>>>>>>>> with > >>>>>>>>> accessing database. > >>>>>>>>> If database is not important I suggest a fresh install, run > >>>>>>>>> engine-cleanup > >>>>>>>>> then engine-setup. > >>>>>>>>> If database is important please forward this to devel mailing list > >>>>>>>>> for > >>>>>>>>> someone to help, regardless of LDAP. > >>>>>>>>> Regards, > >>>>>>>>> Alon > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> 4-09-25 00:36:08,389 ERROR > >>>>>>>>> [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] > >>>>>>>>> (DefaultQuartzScheduler_Worker-7) ArrayIndexOutOfBoundsException: > >>>>>>>>> 1: > >>>>>>>>> java.lang.ArrayIndexOutOfBoundsException: 1 > >>>>>>>>> at > >>>>>>>>> > >>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208) > >>>>>>>>> [dal.jar:] > >>>>>>>>> at > >>>>>>>>> > >>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20) > >>>>>>>>> [dal.jar:] > >>>>>>>>> at > >>>>>>>>> > >>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184) > >>>>>>>>> [dal.jar:] > >>>>>>>>> at > >>>>>>>>> > >>>>>>>>> org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168) > >>>>>>>>> [dal.jar:] > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> ----- Original Message ----- > >>>>>>>>>> From: "Fumihide Tani" <[email protected]> > >>>>>>>>>> To: "Alon Bar-Lev" <[email protected]> > >>>>>>>>>> Sent: Wednesday, September 24, 2014 6:40:58 PM > >>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>>>>>>>> > >>>>>>>>>> Result of running engine-setup: > >>>>>>>>>> [root@ovirt ~]# yum list installed|grep ovirt-engine > >>>>>>>>>> ovirt-engine.noarch 3.5.0-0.0.master.20140923231936.git42065cc.el6 > >>>>>>>>>> > >>>>>>>>>> Yes, engine is updated to newest one.! > >>>>>>>>>> > >>>>>>>>>> But I still continued failing to login. > >>>>>>>>>> engine.log attached. > >>>>>>>>>> > >>>>>>>>>> Very thanks, > >>>>>>>>>> > >>>>>>>>>> (2014/09/24 23:59), Alon Bar-Lev wrote: > >>>>>>>>>>> you probably need to run engine-setup > >>>>>>>>>>> > >>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>> From: "Fumihide Tani" <[email protected]> > >>>>>>>>>>>> To: "Alon Bar-Lev" <[email protected]> > >>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:59:22 PM > >>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>>>>>>>>>> > >>>>>>>>>>>> Oops! > >>>>>>>>>>>> # yum list installed | grep ovirt-engine > >>>>>>>>>>>> ovirt-engine.noarch > >>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6 > >>>>>>>>>>>> (snip) > >>>>>>>>>>>> ..... > >>>>>>>>>>>> > >>>>>>>>>>>> Many ovirt-3.5-* modules are updated by yum today but engine is > >>>>>>>>>>>> not. > >>>>>>>>>>>> Why not updated to RC3?? > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> (2014/09/24 22:42), Alon Bar-Lev wrote: > >>>>>>>>>>>>> Unless I am missing something, you run old engine: > >>>>>>>>>>>>> > >>>>>>>>>>>>> 2014-09-24 22:16:24,136 INFO > >>>>>>>>>>>>> [org.ovirt.engine.core.bll.Backend] > >>>>>>>>>>>>> (MSC > >>>>>>>>>>>>> service thread 1-12) Running ovirt-engine > >>>>>>>>>>>>> 3.5.0-0.0.master.20140821064931.gitb794d66.el6 > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>>> From: "Fumihide Tani" <[email protected]> > >>>>>>>>>>>>>> To: "Alon Bar-Lev" <[email protected]> > >>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 4:21:09 PM > >>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple LDAP. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Attached engine.log with "FINEST" > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Thanks, > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> (2014/09/24 21:32), Alon Bar-Lev wrote: > >>>>>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>>>>> From: "Fumihide Tani" <[email protected]> > >>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <[email protected]> > >>>>>>>>>>>>>>>> Cc: [email protected] > >>>>>>>>>>>>>>>> Sent: Wednesday, September 24, 2014 3:24:23 PM > >>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple > >>>>>>>>>>>>>>>> LDAP. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Hi, Alon, > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I have updated the oVirt 3.5 RC2 to the newest RC3 today. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> From my CentOS6.5 based oVirt Engine server and the > >>>>>>>>>>>>>>>> oVirt > >>>>>>>>>>>>>>>> Host > >>>>>>>>>>>>>>>> server, > >>>>>>>>>>>>>>>> # yum clean all > >>>>>>>>>>>>>>>> # yum update > >>>>>>>>>>>>>>>> Then rebooted these servers. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> But my LDAP problem is continued and same result as before. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> When I login to the oVirt User Portal, > >>>>>>>>>>>>>>>> User Name: tani > >>>>>>>>>>>>>>>> Password: (OpenLDAP's userPassword) > >>>>>>>>>>>>>>>> Domain: rxc05271.com > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> UI displays "General command validation failure." > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Please advice. > >>>>>>>>>>>>>>> Hopefully I can if you provide log... :) > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Thanks, > >>>>>>>>>>>>>>>> Fumihide Tani > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> (2014/09/22 22:20), Alon Bar-Lev wrote: > >>>>>>>>>>>>>>>>> The version of engine you are using is probably out of date > >>>>>>>>>>>>>>>>> and > >>>>>>>>>>>>>>>>> unsynced > >>>>>>>>>>>>>>>>> with latest ldap package (20140821064931). > >>>>>>>>>>>>>>>>> Please make sure you take latest from[1] > >>>>>>>>>>>>>>>>> Thanks! > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/ > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <[email protected]> > >>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <[email protected]> > >>>>>>>>>>>>>>>>>> Cc: [email protected] > >>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:42:52 PM > >>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple > >>>>>>>>>>>>>>>>>> LDAP. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Hi, Alon, > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Your requested engine.log attached. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Also, I tried to login to web user portal by "tani" > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> User Name: tani > >>>>>>>>>>>>>>>>>> Password: (OpenLDAP userPassword) > >>>>>>>>>>>>>>>>>> Domain: rxc05271.com > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> cause: "General command validation failure." > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Attated log includes login by "Fumihide" first, "tani" > >>>>>>>>>>>>>>>>>> second. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Very thanks, > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> (2014/09/22 21:24), Alon Bar-Lev wrote: > >>>>>>>>>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>>>>>>>>> From: "Fumihide Tani" <[email protected]> > >>>>>>>>>>>>>>>>>>>> To: "Alon Bar-Lev" <[email protected]> > >>>>>>>>>>>>>>>>>>>> Cc: [email protected] > >>>>>>>>>>>>>>>>>>>> Sent: Monday, September 22, 2014 3:06:39 PM > >>>>>>>>>>>>>>>>>>>> Subject: Re: [ovirt-users] Can not configure with simple > >>>>>>>>>>>>>>>>>>>> LDAP. > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> Sorry, I misunderstood. > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> This is outputs after LDAP user logged in. > >>>>>>>>>>>>>>>>>>> Please attach log as files, not inline, easier to handle. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,638 DEBUG > >>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] > >>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) > >>>>>>>>>>>>>>>>>>> SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', > >>>>>>>>>>>>>>>>>>> scope=SUB, > >>>>>>>>>>>>>>>>>>> deref=NEVER, sizeLimit=0, timeLimit=0, > >>>>>>>>>>>>>>>>>>> filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', > >>>>>>>>>>>>>>>>>>> attrs={entryUUID, > >>>>>>>>>>>>>>>>>>> uid, displayName, memberOf, department, givenName, sn, > >>>>>>>>>>>>>>>>>>> title, > >>>>>>>>>>>>>>>>>>> mail}, > >>>>>>>>>>>>>>>>>>> controls={SimplePagedResultsControl(pageSize=100, > >>>>>>>>>>>>>>>>>>> isCritical=false)}) > >>>>>>>>>>>>>>>>>>> 2014-09-22 21:01:32,640 DEBUG > >>>>>>>>>>>>>>>>>>> [org.ovirt.engineextensions.aaa.ldap.Framework] > >>>>>>>>>>>>>>>>>>> (ajp--127.0.0.1-8702-4) > >>>>>>>>>>>>>>>>>>> SearchResult: SearchResult(resultCode=0 (success), > >>>>>>>>>>>>>>>>>>> messageID=3, > >>>>>>>>>>>>>>>>>>> entriesReturned=0, referencesReturned=0, > >>>>>>>>>>>>>>>>>>> responseControls={SimplePagedResultsControl(pageSize=0, > >>>>>>>>>>>>>>>>>>> isCritical=false)}) > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> >From the above I see that a search was issued: > >>>>>>>>>>>>>>>>>>>> &(objectClass=uidObject)(uid=*)(uid=Fumihide) > >>>>>>>>>>>>>>>>>>> And no result returned. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Per previous output: > >>>>>>>>>>>>>>>>>>> --- > >>>>>>>>>>>>>>>>>>> # tani, Users, rxc05271.com > >>>>>>>>>>>>>>>>>>> dn: uid=tani,ou=Users,dc=rxc05271,dc=com > >>>>>>>>>>>>>>>>>>> objectClass: inetOrgPerson > >>>>>>>>>>>>>>>>>>> objectClass: uidObject > >>>>>>>>>>>>>>>>>>> uid: tani > >>>>>>>>>>>>>>>>>>> cn: Fumihide Tani > >>>>>>>>>>>>>>>>>>> givenName: Fumihide > >>>>>>>>>>>>>>>>>>> mail: [email protected] > >>>>>>>>>>>>>>>>>>> sn: Tani > >>>>>>>>>>>>>>>>>>> userPassword:: a3VtaXRhbg== > >>>>>>>>>>>>>>>>>>> --- > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Your user name is tani and not Fumihide. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Alon > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>> > >> > > > > > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
