If you are using Active Directory you most probably don't use Anonymous bind. The question:
Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): You should not leave empty but rather specify some user, which can search in active directory, you can enter it either in DN format(cn=user,dc=domain,dcom) or UPN format (u...@domain.com). On Thu, Jun 8, 2017 at 5:32 AM, qinglong.d...@horebdata.cn <qinglong.d...@horebdata.cn> wrote: > Thanks! I excuted "ovirt-engine-extension-aaa-ldap-setup", but I got an > error. Is there anything wrong? > > [root@engine ~]# ovirt-engine-extension-aaa-ldap-setup > [ INFO ] Stage: Initializing > [ INFO ] Stage: Environment setup > Configuration files: > ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf'] > Log file: > /tmp/ovirt-engine-extension-aaa-ldap-setup-20170608112535-jll8t2.log > Version: otopi-1.6.2 (otopi-1.6.2-1.el7.centos) > [ INFO ] Stage: Environment packages setup > [ INFO ] Stage: Programs detection > [ INFO ] Stage: Environment customization > Welcome to LDAP extension configuration program > Available LDAP implementations: > 1 - 389ds > 2 - 389ds RFC-2307 Schema > 3 - Active Directory > 4 - IBM Security Directory Server > 5 - IBM Security Directory Server RFC-2307 Schema > 6 - IPA > 7 - Novell eDirectory RFC-2307 Schema > 8 - OpenLDAP RFC-2307 Schema > 9 - OpenLDAP Standard Schema > 10 - Oracle Unified Directory RFC-2307 Schema > 11 - RFC-2307 Schema (Generic) > 12 - RHDS > 13 - RHDS RFC-2307 Schema > 14 - iPlanet > Please select: 3 > Please enter Active Directory Forest name: horebdata.com > [ INFO ] Resolving Global Catalog SRV record for horebdata.com > [ INFO ] Resolving LDAP SRV record for horebdata.com > NOTE: > It is highly recommended to use secure protocol to access the LDAP > server. > Protocol startTLS is the standard recommended method to do so. > Only in cases in which the startTLS is not supported, fallback to > non standard ldaps protocol. > Use plain for test environments only. > Please select protocol to use (startTLS, ldaps, plain) [startTLS]: > plain > [ INFO ] Resolving SRV record 'horebdata.com' > [ INFO ] Connecting to LDAP using > 'ldap://win-fvdsocg3abj.horebdata.com:389' > [ INFO ] Connection succeeded > Enter search user DN (for example uid=username,dc=example,dc=com > or leave empty for anonymous): > [ INFO ] Attempting to bind using '[Anonymous]' > Are you going to use Single Sign-On for Virtual Machines (Yes, No) > [No]: yes > NOTE: > Profile name has to match domain name, otherwise Single Sign-On > for Virtual Machines will not work. > Please specify profile name that will be visible to users > [horebdata.com]: > [ INFO ] Stage: Setup validation > The following files are about to be overwritten: > /etc/ovirt-engine/extensions.d/horebdata.com-authn.properties > /etc/ovirt-engine/extensions.d/horebdata.com.properties > /etc/ovirt-engine/aaa/horebdata.com.properties > Continue and overwrite? (Yes, No) [No]: yes > NOTE: > It is highly recommended to test drive the configuration before > applying it into engine. > Perform at least one Login sequence and one Search sequence. > Select test sequence to execute (Done, Abort, Login, Search) > [Abort]: login > Enter user name: horebdata > Enter user password: > [ INFO ] Executing login sequence... > Login output: > 2017-06-08 11:26:09,446+08 INFO > ======================================================================== > 2017-06-08 11:26:09,463+08 INFO ============================ > Initialization ============================ > 2017-06-08 11:26:09,463+08 INFO > ======================================================================== > 2017-06-08 11:26:09,475+08 INFO Loading extension > 'horebdata.com-authn' > 2017-06-08 11:26:09,517+08 INFO Extension 'horebdata.com-authn' > loaded > 2017-06-08 11:26:09,522+08 INFO Loading extension > 'horebdata.com' > 2017-06-08 11:26:09,530+08 INFO Extension 'horebdata.com' > loaded > 2017-06-08 11:26:09,531+08 INFO Initializing extension > 'horebdata.com-authn' > 2017-06-08 11:26:09,532+08 INFO > [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] Creating LDAP > pool 'authz' > 2017-06-08 11:26:09,620+08 INFO > [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] LDAP pool > 'authz' information: vendor='null' version='null' > 2017-06-08 11:26:09,621+08 INFO > [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] Creating LDAP > pool 'authn' > 2017-06-08 11:26:09,636+08 INFO > [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] LDAP pool > 'authn' information: vendor='null' version='null' > 2017-06-08 11:26:09,649+08 WARNING > [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] Cannot > initialize LDAP framework, deferring initialization. Error: Unexpected comma > or semicolon found at the end of the DN string. > 2017-06-08 11:26:09,650+08 INFO Extension 'horebdata.com-authn' > initialized > 2017-06-08 11:26:09,650+08 INFO Initializing extension > 'horebdata.com' > 2017-06-08 11:26:09,651+08 INFO > [ovirt-engine-extension-aaa-ldap.authz::horebdata.com] Creating LDAP pool > 'authz' > 2017-06-08 11:26:09,679+08 INFO > [ovirt-engine-extension-aaa-ldap.authz::horebdata.com] LDAP pool 'authz' > information: vendor='null' version='null' > 2017-06-08 11:26:09,679+08 INFO > [ovirt-engine-extension-aaa-ldap.authz::horebdata.com] Creating LDAP pool > 'gc' > 2017-06-08 11:26:09,694+08 INFO > [ovirt-engine-extension-aaa-ldap.authz::horebdata.com] LDAP pool 'gc' > information: vendor='null' version='null' > 2017-06-08 11:26:09,697+08 WARNING > [ovirt-engine-extension-aaa-ldap.authz::horebdata.com] Cannot initialize > LDAP framework, deferring initialization. Error: Unexpected comma or > semicolon found at the end of the DN string. > 2017-06-08 11:26:09,697+08 INFO Extension 'horebdata.com' > initialized > 2017-06-08 11:26:09,697+08 INFO Start of enabled extensions > list > 2017-06-08 11:26:09,697+08 INFO Instance name: 'horebdata.com', > Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.1', > Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.1-1.el7.centos', > License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt > Project', Build interface Version: '0', File: > '/tmp/tmpHfBhQf/extensions.d/horebdata.com.properties', Initialized: 'true' > 2017-06-08 11:26:09,698+08 INFO Instance name: > 'horebdata.com-authn', Extension name: > 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.1', Notes: 'Display > name: ovirt-engine-extension-aaa-ldap-1.3.1-1.el7.centos', License: 'ASL > 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build > interface Version: '0', File: > '/tmp/tmpHfBhQf/extensions.d/horebdata.com-authn.properties', Initialized: > 'true' > 2017-06-08 11:26:09,698+08 INFO End of enabled extensions list > 2017-06-08 11:26:09,698+08 INFO > ======================================================================== > 2017-06-08 11:26:09,698+08 INFO ============================== > Execution =============================== > 2017-06-08 11:26:09,698+08 INFO > ======================================================================== > 2017-06-08 11:26:09,698+08 INFO Iteration: 0 > 2017-06-08 11:26:09,699+08 INFO Profile='horebdata.com' > authn='horebdata.com-authn' authz='horebdata.com' mapping='null' > 2017-06-08 11:26:09,699+08 INFO API: > -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='horebdata.com' > user='horebdata' > 2017-06-08 11:26:09,702+08 WARNING > [ovirt-engine-extension-aaa-ldap.authn::horebdata.com-authn] Cannot > initialize LDAP framework, deferring initialization. Error: Unexpected comma > or semicolon found at the end of the DN string. > 2017-06-08 11:26:09,703+08 SEVERE Unexpected comma or semicolon > found at the end of the DN string. > [ ERROR ] Login sequence failed > Please investigate details of the failure (search for lines > containing SEVERE log level). > Select test sequence to execute (Done, Abort, Login, Search) > [Abort]: > > From: Ondra Machacek > Date: 2017-06-07 14:47 > To: qinglong.d...@horebdata.cn > CC: users > Subject: Re: [ovirt-users] active directory > Or you can try the migration tool: > > https://github.com/oVirt/ovirt-engine-kerbldap-migration > > Check the README, there are instructions how to procceed. > > On Wed, Jun 7, 2017 at 8:33 AM, Latchezar Filtchev <lat...@aubg.bg> wrote: >> This can help you: >> >> >> >> http://lists.ovirt.org/pipermail/users/2016-September/042937.html >> >> >> >> Best, >> >> Latcho >> >> >> >> >> >> From: users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] On Behalf >> Of >> qinglong.d...@horebdata.cn >> Sent: Wednesday, June 07, 2017 4:57 AM >> To: users >> Subject: [ovirt-users] active directory >> >> >> >> Hi all, >> >> I used "engine-manage-domains" to add AD to ovirt in earlier >> version. What should I do in ovirt 4.1? Hope someone can help. Thanks! >> >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users