(2014/10/07 0:50), Alon Bar-Lev wrote:
----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Cc: [email protected] Sent: Monday, October 6, 2014 6:47:15 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Alon, Sorry, I forgetted to start my DNS server. After that everything goes well. I can add LDAP account and login to the Web Portal by LDAP account successfully!great, now try this sequence: 1. define a group X in ldap. 2. define a group Y in ldap which is member of group X. 3. define user U that is member of group Y. 4. add group X into ovirt-engine as superuser. 5. try to login with user U. it should work unless we have an issue.
I have done sequence 1 to 4. I can successflly login to the User Portal using ldap's user U. But my VMs which I have added permission to the group X as superuser are not displayed on the screen. Why not? something wrong?
(2014/10/07 0:33), Alon Bar-Lev wrote:2014-10-07 00:27:59,829 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-14) Exception during sequence: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server ldap.rxc05271.com:389: java.io.IOException: An error occurred while attempting to establish a connection to server ldap.rxc05271.com/111.64.166.75:389: java.net.ConnectException: Connection refused') ----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Cc: [email protected] Sent: Monday, October 6, 2014 6:31:17 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. engine.log attached. Regards (2014/10/06 23:57), Alon Bar-Lev wrote:----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Cc: [email protected] Sent: Monday, October 6, 2014 3:40:05 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Alon, Thanks, the ovirt-engine-extension-aaa-ldap was updated successfully. and then I restarted my ovirt-engine. I tried the following: 1) Login to the User Portal using LDAP account "tani". Failed. (it was able to login before doing update.) 2) Then deleting the LDAP account "tani" from admin portal. 3) Tried to add new account "tani" again. I selected "rxc05271.com (authz-company)" instead of "internal (internal)" but "Go" bottun is hidden. What should I do next?it probably means that the engine cannot interact with the ldap. can you see any error message during engine startup that related? can you stop engine remove engine.log start engine and send me the engine.log?Regards, Fumihide Tani (2014/10/06 20:39), Alon Bar-Lev wrote:----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Cc: [email protected] Sent: Monday, October 6, 2014 2:36:38 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Hi, Alon I can not update the ovirt-engine-extension-aaa-ldap.noarch 0.0.0-0.0.master.20140923213100.git10a282b.el6. to the one you specified. Is it still not exist in ovirt-3.5-pre repo?right, they are at snapshots. you can take the extension rpm and only update it. yum localupdate http://resources.ovirt.org/pub/ovirt-3.5-snapshot/rpm/el6/noarch/ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d.el6.noarch.rpmRegards, Fumihide Tani (2014/10/06 17:07), Alon Bar-Lev wrote:Hello Fumihide, I pushed a significant change into ldap package, in some cases it will provide better response times. The change is within group resolution. I wounder if you can test it, should be at least ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.20141005113632.git842505d. Regards, Alon Bar-Lev. ----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Cc: [email protected] Sent: Thursday, September 25, 2014 4:41:09 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Hi, Alon, Without waiting until the weekend, I have finished the flesh install of the oVirt 3.5 RC3 today. As a result, with same AAA settings, My OpenLDAP's users became possible to login to the Web User Portal now. Yes, RC3 is good for integrating with newest OpenLDAP 2.4.23, RC2 is not. Very much thanks, Fumihide Tani (2014/09/25 7:27), Alon Bar-Lev wrote:This is severe, the upgrade is not working properly you have issues with accessing database. If database is not important I suggest a fresh install, run engine-cleanup then engine-setup. If database is important please forward this to devel mailing list for someone to help, regardless of LDAP. Regards, Alon 4-09-25 00:36:08,389 ERROR [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] (DefaultQuartzScheduler_Worker-7) ArrayIndexOutOfBoundsException: 1: java.lang.ArrayIndexOutOfBoundsException: 1 at org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.getDistanceMap(VdsNumaNodeDAODbFacadeImpl.java:208) [dal.jar:] at org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl.access$000(VdsNumaNodeDAODbFacadeImpl.java:20) [dal.jar:] at org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:184) [dal.jar:] at org.ovirt.engine.core.dao.VdsNumaNodeDAODbFacadeImpl$1.mapRow(VdsNumaNodeDAODbFacadeImpl.java:168) [dal.jar:] ----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Sent: Wednesday, September 24, 2014 6:40:58 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Result of running engine-setup: [root@ovirt ~]# yum list installed|grep ovirt-engine ovirt-engine.noarch 3.5.0-0.0.master.20140923231936.git42065cc.el6 Yes, engine is updated to newest one.! But I still continued failing to login. engine.log attached. Very thanks, (2014/09/24 23:59), Alon Bar-Lev wrote:you probably need to run engine-setup ----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Sent: Wednesday, September 24, 2014 4:59:22 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Oops! # yum list installed | grep ovirt-engine ovirt-engine.noarch 3.5.0-0.0.master.20140821064931.gitb794d66.el6 (snip) ..... Many ovirt-3.5-* modules are updated by yum today but engine is not. Why not updated to RC3?? (2014/09/24 22:42), Alon Bar-Lev wrote:Unless I am missing something, you run old engine: 2014-09-24 22:16:24,136 INFO [org.ovirt.engine.core.bll.Backend] (MSC service thread 1-12) Running ovirt-engine 3.5.0-0.0.master.20140821064931.gitb794d66.el6 ----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Sent: Wednesday, September 24, 2014 4:21:09 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Attached engine.log with "FINEST" Thanks, (2014/09/24 21:32), Alon Bar-Lev wrote:----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Cc: [email protected] Sent: Wednesday, September 24, 2014 3:24:23 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Hi, Alon, I have updated the oVirt 3.5 RC2 to the newest RC3 today. From my CentOS6.5 based oVirt Engine server and the oVirt Host server, # yum clean all # yum update Then rebooted these servers. But my LDAP problem is continued and same result as before. When I login to the oVirt User Portal, User Name: tani Password: (OpenLDAP's userPassword) Domain: rxc05271.com UI displays "General command validation failure." Please advice.Hopefully I can if you provide log... :)Thanks, Fumihide Tani (2014/09/22 22:20), Alon Bar-Lev wrote:The version of engine you are using is probably out of date and unsynced with latest ldap package (20140821064931). Please make sure you take latest from[1] Thanks! [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/ ----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Cc: [email protected] Sent: Monday, September 22, 2014 3:42:52 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Hi, Alon, Your requested engine.log attached. Also, I tried to login to web user portal by "tani" User Name: tani Password: (OpenLDAP userPassword) Domain: rxc05271.com cause: "General command validation failure." Attated log includes login by "Fumihide" first, "tani" second. Very thanks, (2014/09/22 21:24), Alon Bar-Lev wrote:----- Original Message -----From: "Fumihide Tani" <[email protected]> To: "Alon Bar-Lev" <[email protected]> Cc: [email protected] Sent: Monday, September 22, 2014 3:06:39 PM Subject: Re: [ovirt-users] Can not configure with simple LDAP. Sorry, I misunderstood. This is outputs after LDAP user logged in.Please attach log as files, not inline, easier to handle. 2014-09-22 21:01:32,638 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) SearchRequest: SearchRequest(baseDN='dc=rxc05271,dc=com', scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0, filter='&(objectClass=uidObject)(uid=*)(uid=Fumihide)', attrs={entryUUID, uid, displayName, memberOf, department, givenName, sn, title, mail}, controls={SimplePagedResultsControl(pageSize=100, isCritical=false)}) 2014-09-22 21:01:32,640 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (ajp--127.0.0.1-8702-4) SearchResult: SearchResult(resultCode=0 (success), messageID=3, entriesReturned=0, referencesReturned=0, responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)}) >From the above I see that a search was issued:&(objectClass=uidObject)(uid=*)(uid=Fumihide)And no result returned. Per previous output: --- # tani, Users, rxc05271.com dn: uid=tani,ou=Users,dc=rxc05271,dc=com objectClass: inetOrgPerson objectClass: uidObject uid: tani cn: Fumihide Tani givenName: Fumihide mail: [email protected] sn: Tani userPassword:: a3VtaXRhbg== --- Your user name is tani and not Fumihide. Alon
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
