We will also need log of the generic ldap extensin, can you please provide it?
Thanks! ----- Original Message ----- > From: "Juan Jose" <jj197...@gmail.com> > To: "Alon Bar-Lev" <alo...@redhat.com> > Cc: "Ondra Machacek" <omach...@redhat.com>, "Yair Zaslavsky" > <yzasl...@redhat.com>, users@ovirt.org > Sent: Friday, December 5, 2014 1:10:06 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Hello Alon, > > I have deleted Legacy domain with engine-manage-domain, and I have changed > configuration to absolute file name as you can see: > > /etc/ovirt-engine/extensions.d/siee-local-authn.properties: > > ovirt.engine.extension.name = siee-local-authn > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn > ovirt.engine.aaa.authn.profile.name = siee > ovirt.engine.aaa.authn.authz.plugin = siee-local-authz > config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties > > /etc/ovirt-engine/extensions.d/siee-local-authz.properties: > > ovirt.engine.extension.name = siee-local-authz > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz > config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties > > I had configured relative file name because the example > /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties > has a relative file name. > > I have done the same: delete engine.log, restart ovirt-engine and try log > in and the same error is showed, "General command validation failure." > > Attach engine.log file. > > Thanks, > > Juanjo. > > > On Fri, Dec 5, 2014 at 9:52 AM, Alon Bar-Lev <alo...@redhat.com> wrote: > > > > > Hi! > > > > You have the following errors: > > > > 2014-12-05 09:32:31,778 INFO > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service > > thread 1-5) Loading extension 'siee-local-authn' > > 2014-12-05 09:32:31,819 ERROR > > [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC > > service thread 1-5) Could not load extension based on configuration file > > '/etc/ovirt-engine/extensions.d/siee-local-authn.properties'. Please check > > the configuration file is valid. Exception message is: Error loading > > extension 'siee-local-authn': /aaa/siee.properties (No such file or > > directory) > > 2014-12-05 09:32:31,823 INFO > > [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service > > thread 1-5) Loading extension 'siee-local-authz' > > 2014-12-05 09:32:31,824 ERROR > > [org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager] (MSC > > service thread 1-5) Could not load extension based on configuration file > > '/etc/ovirt-engine/extensions.d/siee-local-authz.properties'. Please check > > the configuration file is valid. Exception message is: Error loading > > extension 'siee-local-authz': /aaa/siee.properties (No such file or > > directory) > > > > Per my last message, you should provide absolute file names if you use > > 3.5.0. > > Please see inline comments bellow. > > > > Also, you are trying to authenticate with the legacy provider: > > > > 2014-12-05 09:33:04,871 ERROR > > [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] > > (ajp--127.0.0.1-8702-5) Failed ldap search server > > ldap://adserver.siee.local:389 using user juanjo@SIEE.LOCAL due to > > Authentication Failed. Please verify the username and password.. We should > > not try the next server > > > > Can you please use engine-manage-domains to remove the legacy (old) > > domain, so we reduce confusion? > > > > Thanks! > > > > ----- Original Message ----- > > > From: "Juan Jose" <jj197...@gmail.com> > > > To: "Alon Bar-Lev" <alo...@redhat.com> > > > Cc: "Ondra Machacek" <omach...@redhat.com>, "Yair Zaslavsky" < > > yzasl...@redhat.com>, users@ovirt.org > > > Sent: Friday, December 5, 2014 10:43:01 AM > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > Hello Alon, > > > > > > I have done what you have said. My new configuration files are: > > > > > > /etc/ovirt-engine/extensions.d/siee-local-authn.properties: > > > > > > ovirt.engine.extension.name = siee-local-authn > > > ovirt.engine.extension.bindings.method = jbossmodule > > > ovirt.engine.extension.binding.jbossmodule.module = > > > org.ovirt.engine-extensions.aaa.ldap > > > ovirt.engine.extension.binding.jbossmodule.class = > > > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > > > ovirt.engine.extension.provides = > > org.ovirt.engine.api.extensions.aaa.Authn > > > ovirt.engine.aaa.authn.profile.name = siee > > > ovirt.engine.aaa.authn.authz.plugin = siee-local-authz > > > config.profile.file.1 = aaa/siee.properties > > > > should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or > > can be ../aaa/siee.properties in 3.5.1. > > > > > > > > /etc/ovirt-engine/extensions.d/siee-local-authz.properties: > > > > > > ovirt.engine.extension.name = siee-local-authz > > > ovirt.engine.extension.bindings.method = jbossmodule > > > ovirt.engine.extension.binding.jbossmodule.module = > > > org.ovirt.engine-extensions.aaa.ldap > > > ovirt.engine.extension.binding.jbossmodule.class = > > > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > > > ovirt.engine.extension.provides = > > org.ovirt.engine.api.extensions.aaa.Authz > > > config.profile.file.1 = aaa/siee.properties > > > > should be: /etc/ovirt-engine/extensions.d/aaa/siee.properties in 3.5.0 or > > can be ../aaa/siee.properties in 3.5.1. > > > > > > > > > > /etc/ovirt-engine/extensions.d/aaa/siee.properties: > > > > > > include = <ad.properties> > > > > > > # > > > # Active directory domain name. > > > # > > > vars.domain = siee.local > > > > > > # > > > # Search user and its password. > > > # > > > vars.user = searcher@${global:vars.domain} > > > vars.password = xxxxxxx > > > > > > # > > > # Optional DNS servers, if enterprise > > > # DNS server cannot resolve the domain srvrecord. > > > # > > > #vars.dns = dns://dc1.${global:vars.domain} > > dns://dc2.${global:vars.domain} > > > > > > pool.default.serverset.type = srvrecord > > > pool.default.serverset.srvrecord.domain = ${global:vars.domain} > > > pool.default.auth.simple.bindDN = ${global:vars.user} > > > pool.default.auth.simple.password = ${global:vars.password} > > > > > > # Uncomment if using custom DNS > > > > > #pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url > > > = ${global:vars.dns} > > > #pool.default.socketfactory.resolver.uRL = ${global:vars.dns} > > > > > > # Create keystore, import certificate chain and uncomment > > > # if using ssl/tls. > > > #pool.default.ssl.startTLS = true > > > #pool.default.ssl.truststore.file = > > > ${local:_basedir}/${global:vars.domain}.jks > > > #pool.default.ssl.truststore.password = changeit > > > > > > After reconfigure my files with ovirt-engine stopped I have started > > > ovirt-engine and I have tried to log in. The error persist, > > > "General command validation failure." and after that I have stopped > > > ovirt-engine again. I attach my engine.log file. > > > > > > Many thanks again, > > > > > > Juanjo. > > > > > > > > > On Tue, Dec 2, 2014 at 3:46 PM, Alon Bar-Lev <alo...@redhat.com> wrote: > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Juan Jose" <jj197...@gmail.com> > > > > > To: "Alon Bar-Lev" <alo...@redhat.com> > > > > > Cc: "Ondra Machacek" <omach...@redhat.com>, "Yair Zaslavsky" < > > > > yzasl...@redhat.com>, users@ovirt.org > > > > > Sent: Tuesday, December 2, 2014 3:48:54 PM > > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > Hello Alon and everybody, > > > > > > > > > > I have installed package ovirt-engine-extension-aaa-ldap and > > configure my > > > > > files as the documentation says. The files are: > > > > > > > > > > /etc/ovirt-engine/extensions.d/siee.local-authn.properties: > > > > > > > > > > ovirt.engine.extension.name = siee.local-authn > > > > > ovirt.engine.extension.bindings.method = jbossmodule > > > > > ovirt.engine.extension.binding.jbossmodule.module = > > > > > org.ovirt.engine-extensions.aaa.ldap > > > > > ovirt.engine.extension.binding.jbossmodule.class = > > > > > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > > > > > ovirt.engine.extension.provides = > > > > org.ovirt.engine.api.extensions.aaa.Authn > > > > > ovirt.engine.aaa.authn.profile.name = siee.local > > > > > ovirt.engine.aaa.authn.authz.plugin = siee.local-authz > > > > > config.profile.file.1 = aaa/siee.local.properties > > > > > > > > please use absolute file name for 3.5.0 relative will be available in > > 3.5.1 > > > > > > > > > > > > > > /etc/ovirt-engine/extensions.d/siee.local-authz.properties: > > > > > > > > > > ovirt.engine.extension.name = siee.local-authz > > > > > ovirt.engine.extension.bindings.method = jbossmodule > > > > > ovirt.engine.extension.binding.jbossmodule.module = > > > > > org.ovirt.engine-extensions.aaa.ldap > > > > > ovirt.engine.extension.binding.jbossmodule.class = > > > > > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > > > > > ovirt.engine.extension.provides = > > > > org.ovirt.engine.api.extensions.aaa.Authz > > > > > config.profile.file.1 = aaa/siee.local.properties > > > > > > > > please use absolute file name for 3.5.0 relative will be available in > > 3.5.1 > > > > > > > > > > > > > > > > > > /etc/ovirt-engine/extensions.d/aaa/siee.local.properties: > > > > > > > > > > include = <ad.properties> > > > > > > > > > > # > > > > > # Active directory domain name. > > > > > # > > > > > vars.domain = siee.local > > > > > > > > > > # > > > > > # Search user and its password. > > > > > # > > > > > vars.user = juanjo@${global:vars.domain} > > > > > vars.password = xxxxxxxx > > > > > > > > this should be dedicate user for search not your private user. > > > > > > > > > > > > > > # > > > > > # Optional DNS servers, if enterprise > > > > > # DNS server cannot resolve the domain srvrecord. > > > > > # > > > > > #vars.dns = dns://dc1.${global:vars.domain} > > > > dns://dc2.${global:vars.domain} > > > > > > > > > > pool.default.serverset.type = srvrecord > > > > > pool.default.serverset.srvrecord.domain = ${global:vars.domain} > > > > > pool.default.auth.simple.bindDN = ${global:vars.user} > > > > > pool.default.auth.simple.password = ${global:vars.password} > > > > > > > > > > # Uncomment if using custom DNS > > > > > > > > > > > #pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url > > > > > = ${global:vars.dns} > > > > > #pool.default.socketfactory.resolver.uRL = ${global:vars.dns} > > > > > > > > > > # Create keystore, import certificate chain and uncomment > > > > > # if using ssl/tls. > > > > > #pool.default.ssl.startTLS = true > > > > > #pool.default.ssl.truststore.file = > > > > > ${local:_basedir}/${global:vars.domain}.jks > > > > > #pool.default.ssl.truststore.password = changeit > > > > > > > > > > And after this configuration I restart ovirt-engine service. When I > > try > > > > to > > > > > login in administrator portal I can see the error "The user name or > > > > > password is incorrect.". In /var/log/ovirt-engine/engine.log I have > > the > > > > > errors: > > > > > > > > > > 2014-12-02 14:02:21,983 ERROR > > > > > > > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > > > > > (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, > > Custom > > > > > Event ID: -1, Message: User juanjo cannot login, please verify the > > > > username > > > > > and password. > > > > > 2014-12-02 14:02:21,991 ERROR > > > > > > > [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] > > > > > (ajp--127.0.0.1-8702-8) Correlation ID: null, Call Stack: null, > > Custom > > > > > Event ID: -1, Message: User juanjo failed to log in. > > > > > > > > > > I'm using correct user and password becuase I can login in a Windows > > > > client > > > > > machine which is inside siee.local domain with this user and its > > correct > > > > > password. > > > > > > > > > > What do you think it could be the problem? > > > > > > > > > > If you need more information or I have to configure any other > > parameters, > > > > > please tell me. > > > > > > > > please attach full engine.log, more correctly, stop engine, remove > > > > engine.log start engine, try to login and send log. > > > > please make sure you select the "siee.local" domain in dropdown of > > login > > > > screen. > > > > > > > > when I get the engine.log I will be able to understand who to progress. > > > > > > > > thanks! > > > > > > > > > > > > > > > > > > Many thanks in advanced, > > > > > > > > > > Juanjo. > > > > > > > > > > > > > > > > > > > > On Wed, Nov 26, 2014 at 3:19 PM, Alon Bar-Lev <alo...@redhat.com> > > wrote: > > > > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Juan Jose" <jj197...@gmail.com> > > > > > > > To: "Alon Bar-Lev" <alo...@redhat.com> > > > > > > > Cc: "Ondra Machacek" <omach...@redhat.com>, "Yair Zaslavsky" < > > > > > > yzasl...@redhat.com>, users@ovirt.org > > > > > > > Sent: Wednesday, November 26, 2014 3:04:14 PM > > > > > > > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > > > > > > > > > > > > > Hello Alon and everybody, > > > > > > > > > > > > > > Check in my ovirt-engine machine for ovirt-engine-aaa-ldap > > package > > > > and it > > > > > > > is not available: > > > > > > > > > > > > > > yum list "ovirt-engine*" > > > > > > > Loaded plugins: fastestmirror, refresh-packagekit, security, > > > > versionlock > > > > > > > Loading mirror speeds from cached hostfile > > > > > > > * base: ftp.udl.es > > > > > > > * epel: mirror.uv.es > > > > > > > * extras: ftp.udl.es > > > > > > > * ovirt-3.5: ftp.nluug.nl > > > > > > > * ovirt-3.5-epel: mirror.uv.es > > > > > > > * ovirt-3.5-jpackage-6.0-generic: mirror.ibcp.fr > > > > > > > * ovirt-epel: mirror.uv.es > > > > > > > * ovirt-jpackage-6.0-generic: mirror.ibcp.fr > > > > > > > * updates: ftp.udl.es > > > > > > > Installed Packages > > > > > > > ovirt-engine.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-backend.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-cli.noarch > > > > > > > 3.3.0.6-1.el6 @ovirt-3.3.3 > > > > > > > ovirt-engine-dbscripts.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-extensions-api-impl.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-jboss-as.x86_64 > > > > > > > 7.1.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-lib.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-restapi.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-sdk-python.noarch > > > > > > > 3.5.0.8-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-setup.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-setup-base.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-setup-plugin-ovirt-engine.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-setup-plugin-ovirt-engine-common.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-setup-plugin-websocket-proxy.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-tools.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-userportal.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-webadmin-portal.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > ovirt-engine-websocket-proxy.noarch > > > > > > > 3.5.0.1-1.el6 @ovirt-3.5 > > > > > > > Available Packages > > > > > > > ovirt-engine-cli.noarch > > > > > > > 3.5.0.5-1.el6 ovirt-3.5 > > > > > > > ovirt-engine-dwh.noarch > > > > > > > 3.5.0-1.el6 ovirt-3.5 > > > > > > > ovirt-engine-dwh-setup.noarch > > > > > > > 3.5.0-1.el6 ovirt-3.5 > > > > > > > ovirt-engine-extensions-api-impl-javadoc.noarch > > > > > > > 3.5.0.1-1.el6 ovirt-3.5 > > > > > > > ovirt-engine-reports.noarch > > > > > > > 3.5.1-0.1.el6 ovirt-3.5 > > > > > > > ovirt-engine-reports-setup.noarch > > > > > > > 3.5.1-0.1.el6 ovirt-3.5 > > > > > > > ovirt-engine-sdk-java.noarch > > > > > > > 3.5.0.5-1.el6 ovirt-3.5 > > > > > > > ovirt-engine-sdk-java-javadoc.noarch > > > > > > > 3.5.0.5-1.el6 ovirt-3.5 > > > > > > > ovirt-engine-setup-plugin-allinone.noarch > > > > > > > > > > > > > > How can I get this package? > > > > > > > > > > > > > > > > > > Thanks for trying! > > > > > > > > > > > > Package is available at ovirt-3.5-snapshot[1]. > > > > > > > > > > > > [1] http://resources.ovirt.org/pub/ovirt-3.5-snapshot/ > > > > > > > > > > > > > > > > > > > > > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users