Hey, I'm running into an issue which I'm not sure where to go from here. I'm trying to use LDAP authentication and am following the setup guide from here
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD I have tested the ldap credentials manually using ldapsearch, and I get results as expected with the user I'm binding with - but when I use ovirt I run into problems. I hope someone can provide me some guidance, or other things to try! DNS resolves; Can manually do ldap lookups using ldapsearch Can telnet to hostname 389 successfully Below are the steps taken; # ovirt-engine-extension-aaa-ldap-setup [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf'] Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log Version: otopi-1.4.0 (otopi-1.4.0-1.el7.centos) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment customization Welcome to LDAP extension configuration program Please specify profile name that will be visible to users: LDAP Available LDAP implementations: 1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IPA 5 - Novell eDirectory RFC-2307 Schema 6 - OpenLDAP RFC-2307 Schema 7 - OpenLDAP Standard Schema 8 - Oracle Unified Directory RFC-2307 Schema 9 - RFC-2307 Schema (Generic) 10 - RHDS 11 - RHDS RFC-2307 Schema 12 - iPlanet Please select: 1 NOTE: It is highly recommended to use DNS resolution for LDAP server. If for some reason you intend to use hosts or plain address disable DNS usage. Use DNS (Yes, No) [Yes]: Available policy method: 1 - Single server 2 - DNS domain LDAP SRV record 3 - Round-robin between multiple hosts 4 - Failover between multiple hosts Please select: 1 Please enter host address: ldap-test-server [ INFO ] Trying to resolve host 'ldap-test-server' NOTE: It is highly recommended to use secure protocol to access the LDAP server. Protocol startTLS is the standard recommended method to do so. Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol. Use plain for test environments only. Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain [ INFO ] Connecting to LDAP using 'ldap://ldap-test-server:389' [ INFO ] Connection succeeded Enter search user DN (empty for anonymous): uid=ovirt-test,ou=Special Users,dc=test Enter search user password: [ INFO ] Attempting to bind using 'uid=ovirt-test,ou=Special Users,dc=test' [ INFO ] Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before applying it into engine. Perform at least one Login sequence and one Search sequence. Select test sequence to execute (Done, Abort, Login, Search) [Abort]: Login Enter search user name: uid=ovirt-test,ou=Special Users,dc=test Enter search user password: [ INFO ] Executing login sequence... Login output: 2016-01-15 15:13:25 INFO ======================================================================== 2016-01-15 15:13:25 INFO ============================ Initialization ============================ 2016-01-15 15:13:25 INFO ======================================================================== 2016-01-15 15:13:25 INFO Loading extension 'LDAP-authn' 2016-01-15 15:13:25 INFO Extension 'LDAP-authn' loaded 2016-01-15 15:13:25 INFO Loading extension 'LDAP-authz' 2016-01-15 15:13:25 INFO Extension 'LDAP-authz' loaded 2016-01-15 15:13:25 INFO Initializing extension 'LDAP-authn' 2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool 'authz' 2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server 2016-01-15 15:13:25 INFO Extension 'LDAP-authn' initialized 2016-01-15 15:13:25 INFO Initializing extension 'LDAP-authz' 2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Creating LDAP pool 'authz' 2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authz::LDAP-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server 2016-01-15 15:13:25 INFO Extension 'LDAP-authz' initialized 2016-01-15 15:13:25 INFO Start of enabled extensions list 2016-01-15 15:13:25 INFO Instance name: 'LDAP-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authn.properties', Initialized: 'true' 2016-01-15 15:13:25 INFO Instance name: 'LDAP-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.1.2', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.2-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpM8fPs4/extensions.d/LDAP-authz.properties', Initialized: 'true' 2016-01-15 15:13:25 INFO End of enabled extensions list 2016-01-15 15:13:25 INFO ======================================================================== 2016-01-15 15:13:25 INFO ============================== Execution =============================== 2016-01-15 15:13:25 INFO ======================================================================== 2016-01-15 15:13:25 INFO Profile='LDAP' authn='LDAP-authn' authz='LDAP-authz' mapping='null' 2016-01-15 15:13:25 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS user='uid=ovirt-test,ou=Special Users,dc=test' 2016-01-15 15:13:25 INFO [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Creating LDAP pool 'authz' 2016-01-15 15:13:25 WARNING [ovirt-engine-extension-aaa-ldap.authn::LDAP-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server 2016-01-15 15:13:25 SEVERE An error occurred while attempting to connect to server ldap-test-server:389: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server')LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap-test-server/xxxx:xxxx:xxx:x:xxxx:xx:xx48:dcc0:389: java.net.UnknownHostException: ldap-test-server') caused by java.net.UnknownHostException: ldap-test-server [ ERROR ] Sequence failed Select test sequence to execute (Done, Abort, Login, Search) [Abort]: [ ERROR ] Failed to execute stage 'Setup validation': Aborted by user [ INFO ] Stage: Clean up Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20160115151231-o0d7hp.log: [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination This email and any attachments may contain confidential and proprietary information of Blackboard that is for the sole use of the intended recipient. If you are not the intended recipient, disclosure, copying, re-distribution or other use of any of this information is strictly prohibited. Please immediately notify the sender and delete this transmission if you received this email in error.
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
