in the ovirt-engine-extension-aaa-ldap-setup i try to login to the ldap user
but it show CREDENTIALS_INVALID ,put if i make search option it will show
successful :
the question is how to make login successfully ?
[root@ovirt_engine home]# ovirt-engine-extension-aaa-ldap-setup
[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files:
['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packa
ging.conf']
Log file:
/tmp/ovirt-engine-extension-aaa-ldap-setup-20180924120156-wutrcv.log
Version: otopi-1.7.8 (otopi-1.7.8-1.el7)
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment customization
Welcome to LDAP extension configuration program
Available LDAP implementations:
1 - 389ds
2 - 389ds RFC-2307 Schema
3 - Active Directory
4 - IBM Security Directory Server
5 - IBM Security Directory Server RFC-2307 Schema
6 - IPA
7 - Novell eDirectory RFC-2307 Schema
8 - OpenLDAP RFC-2307 Schema
9 - OpenLDAP Standard Schema
10 - Oracle Unified Directory RFC-2307 Schema
11 - RFC-2307 Schema (Generic)
12 - RHDS
13 - RHDS RFC-2307 Schema
14 - iPlanet
Please select: 9
NOTE:
It is highly recommended to use DNS resolution for LDAP server.
If for some reason you intend to use hosts or plain address disable
DNS usage.
Use DNS (Yes, No) [Yes]:
Available policy method:
1 - Single server
2 - DNS domain LDAP SRV record
3 - Round-robin between multiple hosts
4 - Failover between multiple hosts
Please select: 1
Please enter host address: ldap23.exalt.ps
[ INFO ] Trying to resolve host 'ldap23.exalt.ps'
NOTE:
It is highly recommended to use secure protocol to access the LDAP
server.
Protocol startTLS is the standard recommended method to do so.
Only in cases in which the startTLS is not supported, fallback to
non standard ld
aps protocol.
Use plain for test environments only.
Please select protocol to use (startTLS, ldaps, plain) [startTLS]:
ldaps
Please select method to obtain PEM encoded CA certificate (File,
URL, Inline, Sys
tem, Insecure): file
File path: /home/server.pem
[ INFO ] Connecting to LDAP using 'ldaps://ldap23.exalt.ps:636'
[ INFO ] Connection succeeded
Enter search user DN (for example uid=username,dc=example,dc=com or
leave empty f
or anonymous): cn=admin,dc=exalt,dc=ps
Enter search user password:
[ INFO ] Attempting to bind using 'cn=admin,dc=exalt,dc=ps'
Please enter base DN (dc=exalt,dc=ps) [dc=exalt,dc=ps]:
Are you going to use Single Sign-On for Virtual Machines (Yes, No)
[Yes]: no
Please specify profile name that will be visible to users
[ldap23.exalt.ps]:
[ INFO ] Stage: Setup validation
NOTE:
It is highly recommended to test drive the configuration before
applying it into
engine.
Login sequence is executed automatically, but it is recommended to
also execute S
earch sequence manually after successful Login sequence.
Please provide credentials to test login flow:
Enter user name: taha
Enter user password:
[ INFO ] Executing login sequence...
Login output:
2018-09-24 12:03:10,832+03 INFO
==============================================
==========================
2018-09-24 12:03:10,851+03 INFO ============================
Initialization ==
==========================
2018-09-24 12:03:10,851+03 INFO
==============================================
==========================
2018-09-24 12:03:10,879+03 INFO Loading extension
'ldap23.exalt.ps-authn'
2018-09-24 12:03:10,930+03 INFO Extension 'ldap23.exalt.ps-authn'
loaded
2018-09-24 12:03:10,934+03 INFO Loading extension
'ldap23.exalt.ps-authz'
2018-09-24 12:03:10,943+03 INFO Extension 'ldap23.exalt.ps-authz'
loaded
2018-09-24 12:03:10,943+03 INFO Initializing extension
'ldap23.exalt.ps-authn'
2018-09-24 12:03:10,944+03 INFO
[ovirt-engine-extension-aaa-ldap.authn::ldap23
.exalt.ps-authn] Creating LDAP pool 'authz'
2018-09-24 12:03:11,472+03 INFO
[ovirt-engine-extension-aaa-ldap.authn::ldap23
.exalt.ps-authn] LDAP pool 'authz' information:
vendor='null' version='null'
2018-09-24 12:03:11,473+03 INFO
[ovirt-engine-extension-aaa-ldap.authn::ldap23
.exalt.ps-authn] Creating LDAP pool 'authn'
2018-09-24 12:03:11,745+03 INFO
[ovirt-engine-extension-aaa-ldap.authn::ldap23
.exalt.ps-authn] LDAP pool 'authn' information:
vendor='null' version='null'
2018-09-24 12:03:11,745+03 INFO Extension 'ldap23.exalt.ps-authn'
initialized
2018-09-24 12:03:11,746+03 INFO Initializing extension
'ldap23.exalt.ps-authz'
2018-09-24 12:03:11,746+03 INFO
[ovirt-engine-extension-aaa-ldap.authz::ldap23
.exalt.ps-authz] Creating LDAP pool 'authz'
2018-09-24 12:03:12,076+03 INFO
[ovirt-engine-extension-aaa-ldap.authz::ldap23
.exalt.ps-authz] LDAP pool 'authz' information:
vendor='null' version='null'
2018-09-24 12:03:12,077+03 INFO
[ovirt-engine-extension-aaa-ldap.authz::ldap23
.exalt.ps-authz] Available Namespaces:
[dc=exalt,dc=ps]
2018-09-24 12:03:12,077+03 INFO Extension 'ldap23.exalt.ps-authz'
initialized
2018-09-24 12:03:12,078+03 INFO Start of enabled extensions list
2018-09-24 12:03:12,078+03 INFO Instance name:
'ldap23.exalt.ps-authn', Extens
ion name: 'ovirt-engine-extension-aaa-ldap.authn', Version:
'1.3.7', Notes: 'Display name:
ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License:
'ASL 2.0', Home: 'http://www.
ovirt.org', Author 'The oVirt Project', Build interface Version:
'0', File: '/tmp/tmpDADej
Q/extensions.d/ldap23.exalt.ps-authn.properties',
Initialized: 'true'
2018-09-24 12:03:12,078+03 INFO Instance name:
'ldap23.exalt.ps-authz', Extens
ion name: 'ovirt-engine-extension-aaa-ldap.authz', Version:
'1.3.7', Notes: 'Display name:
ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License:
'ASL 2.0', Home: 'http://www.
ovirt.org', Author 'The oVirt Project', Build interface Version:
'0', File: '/tmp/tmpDADej
Q/extensions.d/ldap23.exalt.ps-authz.properties',
Initialized: 'true'
2018-09-24 12:03:12,078+03 INFO End of enabled extensions list
2018-09-24 12:03:12,079+03 INFO
==============================================
==========================
2018-09-24 12:03:12,079+03 INFO ==============================
Execution =====
==========================
2018-09-24 12:03:12,079+03 INFO
==============================================
==========================
2018-09-24 12:03:12,079+03 INFO Iteration: 0
2018-09-24 12:03:12,080+03 INFO Profile='ldap23.exalt.ps'
authn='ldap23.exalt.
ps-authn' authz='ldap23.exalt.ps-authz' mapping='null'
2018-09-24 12:03:12,080+03 INFO API:
-->Authn.InvokeCommands.AUTHENTICATE_CRED
ENTIALS profile='ldap23.exalt.ps' user='taha'
2018-09-24 12:03:12,122+03 INFO API:
<--Authn.InvokeCommands.AUTHENTICATE_CRED
ENTIALS profile='ldap23.exalt.ps'
result=CREDENTIALS_INVALID
2018-09-24 12:03:12,126+03 SEVERE Authn.Result code is:
CREDENTIALS_INVALID
[ ERROR ] Login sequence failed
Please investigate details of the failure (search for lines
containing SEVERE log
level).
Select test sequence to execute (Done, Abort, Login, Search)
[Abort]: search
Please provide parameters for Search sequence:
Select entity to search (Principal, Group) [Principal]:
Term to search, trailing '*' is allowed: *
Resolve Groups (Yes, No) [No]:
[ INFO ] Executing search sequence...
Login output:
2018-09-24 12:03:27,952+03 INFO
==============================================
==========================
2018-09-24 12:03:27,970+03 INFO ============================
Initialization ==
==========================
2018-09-24 12:03:27,970+03 INFO
==============================================
==========================
2018-09-24 12:03:27,997+03 INFO Loading extension
'ldap23.exalt.ps-authn'
2018-09-24 12:03:28,049+03 INFO Extension 'ldap23.exalt.ps-authn'
loaded
2018-09-24 12:03:28,053+03 INFO Loading extension
'ldap23.exalt.ps-authz'
2018-09-24 12:03:28,061+03 INFO Extension 'ldap23.exalt.ps-authz'
loaded
2018-09-24 12:03:28,062+03 INFO Initializing extension
'ldap23.exalt.ps-authn'
2018-09-24 12:03:28,062+03 INFO
[ovirt-engine-extension-aaa-ldap.authn::ldap23
.exalt.ps-authn] Creating LDAP pool 'authz'
2018-09-24 12:03:28,508+03 INFO
[ovirt-engine-extension-aaa-ldap.authn::ldap23
.exalt.ps-authn] LDAP pool 'authz' information:
vendor='null' version='null'
2018-09-24 12:03:28,509+03 INFO
[ovirt-engine-extension-aaa-ldap.authn::ldap23
.exalt.ps-authn] Creating LDAP pool 'authn'
2018-09-24 12:03:28,779+03 INFO
[ovirt-engine-extension-aaa-ldap.authn::ldap23
.exalt.ps-authn] LDAP pool 'authn' information:
vendor='null' version='null'
2018-09-24 12:03:28,780+03 INFO Extension 'ldap23.exalt.ps-authn'
initialized
2018-09-24 12:03:28,781+03 INFO Initializing extension
'ldap23.exalt.ps-authz'
2018-09-24 12:03:28,781+03 INFO
[ovirt-engine-extension-aaa-ldap.authz::ldap23
.exalt.ps-authz] Creating LDAP pool 'authz'
2018-09-24 12:03:29,020+03 INFO
[ovirt-engine-extension-aaa-ldap.authz::ldap23
.exalt.ps-authz] LDAP pool 'authz' information:
vendor='null' version='null'
2018-09-24 12:03:29,021+03 INFO
[ovirt-engine-extension-aaa-ldap.authz::ldap23
.exalt.ps-authz] Available Namespaces:
[dc=exalt,dc=ps]
2018-09-24 12:03:29,021+03 INFO Extension 'ldap23.exalt.ps-authz'
initialized
2018-09-24 12:03:29,021+03 INFO Start of enabled extensions list
2018-09-24 12:03:29,021+03 INFO Instance name:
'ldap23.exalt.ps-authn', Extens
ion name: 'ovirt-engine-extension-aaa-ldap.authn', Version:
'1.3.7', Notes: 'Display name:
ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License:
'ASL 2.0', Home: 'http://www.
ovirt.org', Author 'The oVirt Project', Build interface Version:
'0', File: '/tmp/tmpDADej
Q/extensions.d/ldap23.exalt.ps-authn.properties',
Initialized: 'true'
2018-09-24 12:03:29,022+03 INFO Instance name:
'ldap23.exalt.ps-authz', Extens
ion name: 'ovirt-engine-extension-aaa-ldap.authz', Version:
'1.3.7', Notes: 'Display name:
ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', License:
'ASL 2.0', Home: 'http://www.
ovirt.org', Author 'The oVirt Project', Build interface Version:
'0', File: '/tmp/tmpDADej
Q/extensions.d/ldap23.exalt.ps-authz.properties',
Initialized: 'true'
2018-09-24 12:03:29,022+03 INFO End of enabled extensions list
2018-09-24 12:03:29,022+03 INFO
==============================================
==========================
2018-09-24 12:03:29,022+03 INFO ==============================
Execution =====
==========================
2018-09-24 12:03:29,022+03 INFO
==============================================
==========================
2018-09-24 12:03:29,022+03 INFO Iteration: 0
2018-09-24 12:03:29,026+03 INFO --- Begin QueryFilterRecord ---
2018-09-24 12:03:29,026+03 INFO AAA_AUTHZ_QUERY_FILTER_OPERATOR:
102
2018-09-24 12:03:29,027+03 INFO AAA_AUTHZ_QUERY_ENTITY:
AAA_AUTHZ_QUERY_ENTITY
_PRINCIPAL[1695cd36-4656-474f-b7bc-4466e12634e4]
2018-09-24 12:03:29,027+03 INFO --- Begin QueryFilterRecord ---
2018-09-24 12:03:29,027+03 INFO
AAA_AUTHZ_QUERY_FILTER_OPERATOR: 0
2018-09-24 12:03:29,028+03 INFO AAA_AUTHZ_QUERY_FILTER_KEY:
Extkey[name=AAA_
AUTHZ_PRINCIPAL_NAME;type=class
java.lang.String;uuid=AAA_AUTHZ_PRINCIPAL_NAME[a0df5bcc-6ea
d-40a2-8565-2f5cc8773bdd];]
2018-09-24 12:03:29,028+03 INFO AAA_AUTHZ_PRINCIPAL_NAME: *
2018-09-24 12:03:29,028+03 INFO --- End QueryFilterRecord ---
2018-09-24 12:03:29,028+03 INFO --- End QueryFilterRecord ---
2018-09-24 12:03:29,029+03 INFO API:
-->Authz.InvokeCommands.QUERY_OPEN namesp
ace='dc=exalt,dc=ps'
2018-09-24 12:03:29,035+03 INFO API:
<--Authz.InvokeCommands.QUERY_OPEN
2018-09-24 12:03:29,035+03 INFO API:
-->Authz.InvokeCommands.QUERY_EXECUTE
2018-09-24 12:03:29,059+03 INFO API:
<--Authz.InvokeCommands.QUERY_EXECUTE cou
nt=END
2018-09-24 12:03:29,060+03 INFO API:
-->Authz.InvokeCommands.QUERY_CLOSE
2018-09-24 12:03:29,060+03 INFO API:
<--Authz.InvokeCommands.QUERY_CLOSE
[ INFO ] Search sequence executed successfully
Please make sure that entity details are correct and that depending
on the type o
f the query group membership meets expectations (search for PrincipalRecord and
GroupRecord
titles).
_______________________________________________
Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/[email protected]/message/DDT6DUGOVTRBT5XGL33I76E3Y6B7UYDI/
