Hi! I tested the configuration and it worked properly.
----- Original Message ----- > From: "Juan Jose" <[email protected]> > To: "Alon Bar-Lev" <[email protected]> > Cc: "Ondra Machacek" <[email protected]>, "Yair Zaslavsky" > <[email protected]>, [email protected] > Sent: Friday, December 5, 2014 1:10:06 PM > Subject: Re: [ovirt-users] Adding domain to oVirt to 3.5 issue > > Hello Alon, > > I have deleted Legacy domain with engine-manage-domain, and I have changed > configuration to absolute file name as you can see: > > /etc/ovirt-engine/extensions.d/siee-local-authn.properties: > > ovirt.engine.extension.name = siee-local-authn > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthnExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn > ovirt.engine.aaa.authn.profile.name = siee > ovirt.engine.aaa.authn.authz.plugin = siee-local-authz > config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties Please move this file to /etc/ovirt-engine/aaa/siee.properties, it should not reside within the extensions.d > > /etc/ovirt-engine/extensions.d/siee-local-authz.properties: > > ovirt.engine.extension.name = siee-local-authz > ovirt.engine.extension.bindings.method = jbossmodule > ovirt.engine.extension.binding.jbossmodule.module = > org.ovirt.engine-extensions.aaa.ldap > ovirt.engine.extension.binding.jbossmodule.class = > org.ovirt.engineextensions.aaa.ldap.AuthzExtension > ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz > config.profile.file.1 = /etc/ovirt-engine/extensions.d/aaa/siee.properties Same. > > I had configured relative file name because the example > /usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/extensions.d/domain1-authz.properties > has a relative file name. Yes, as I wrote, this relative is coming int 3.5.1. > I have done the same: delete engine.log, restart ovirt-engine and try log > in and the same error is showed, "General command validation failure." Please first refer the startup errors, there is no much sense to try login if startup fails... :) In your case: 2014-12-05 11:25:05,575 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-2) [ovirt-engine-extension-aaa-ldap.authz::siee-local-authz] Cannot initialize LDAP framework, deferring initialization. Error: null Which is as if something missing. I took your configuration as-is and it does work, in the exception of moving /etc/ovirt-engine/extensions.d/aaa to /etc/ovirt-engine/aaa as it should be, please perform this change and modify the file locations within extension properties file. I need to figure out what is happening, so from README[1], please follow the following instructions and restart engine so we get more verbose logs. Update: /usr/share/ovirt-engine/services/ovirt-engine/ovirt-engine.xml.in Make sure handle level name is ALL for ENGINE, if not set like I am unsure if in 3.5.0 this was the case: --- <file-handler name="ENGINE" autoflush="true"> <level name="ALL"/> --- Add the following before the <root-logger> line: --- <logger category="org.ovirt.engineextensions.aaa.ldap"> <level name="ALL"/> </logger> --- Restart the engine and send the engine.log, this way I can see what happening during initialization. Thanks for checking it out, hopefully something trivial is missing, Alon [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l230 _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
