On Thu, May 30, 2019 at 11:22 AM <rubennune...@gmail.com> wrote: Hello everyone. > > So i don't know what i'm doing wrong but this doesn't seem to work, i > already made the confgurations needed on the > ovirt-engine-extension-aaa-ldap i'm a little desperate here. > > I'm going to put all the commands that i already made and the errors that > they give: > > - ovirt-engine-extension-aaa-ldap-setup > > Stage: Setup validation > > NOTE: > It is highly recommended to test drive the configuration before > applying it into engine. > Login sequence is executed automatically, but it is recommended > to also execute Search sequence manually after successful Login sequence. > > Please provide credentials to test login flow: > Enter user name: node1 > Enter user password: > [ INFO ] Executing login sequence... > > [snip]
> 2019-05-29 03:45:59,778+01 INFO > ======================================================================== > 2019-05-29 03:45:59,778+01 INFO > ============================== Execution =============================== > 2019-05-29 03:45:59,778+01 INFO > ======================================================================== > 2019-05-29 03:45:59,779+01 INFO Iteration: 0 > 2019-05-29 03:45:59,780+01 INFO Profile='192.168.16.114' > authn='192.168.16.114-authn' authz='192.168.16.114' mapping='null' > 2019-05-29 03:45:59,780+01 INFO API: > -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='192.168.16.114' > user='node1' > 2019-05-29 03:45:59,835+01 INFO API: > <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='192.168.16.114' > result=CREDENTIALS_INVALID > 2019-05-29 03:45:59,843+01 SEVERE Authn.Result code is: > CREDENTIALS_INVALID > [ ERROR ] Login sequence failed > Please investigate details of the failure (search for lines > containing SEVERE log level). > Select test sequence to execute (Done, Abort, Login, Search) > [Abort]: > > The setup command above didn't succeed, so before going ahead with further steps you have to fix it. Error has been 2019-05-29 03:45:59,843+01 SEVERE Authn.Result code is: CREDENTIALS_INVALID So the password used for user node1 is not ok. Is this the user you want to use to bind? What option did you choose: 9 - OpenLDAP Standard Schema ? - ovirt-engine-extensions-tool aaa login-user --profile=lab.local > --user-name=node1 > > [snip] > 2019-05-29 03:57:35,859+01 WARNING Exception: An error occurred while > attempting to connect to server ldap.lab.local:389: > IOException(LDAPException(resultCode=91 (connect error), errorMessage='An > error occurred while attempting to establish a connection to server > ldap.lab.local/192.168.16.114:389: UnknownHostException(ldap.lab.local), > ldapSDKVersion=4.0.5, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58')) > > here you go apparently now with an hostname (ldap.lab.local) but it seems not resolved. So you have to decide if going with hostname or ip and use consistently, because then your ldapsearch test is used below, it is used with ip (192.168.16.114) > > - ldapsearch -x -h 192.168.16.114 -b "dc=ldap,dc=local" -D > "cn=ldapadm,dc=lab,dc=local" -W > > Enter LDAP Password: > # extended LDIF > # > Also, to bind here you use DN cn=ldapadm,dc=lab,dc=local, while in test above you use node1... I also see you have profile1 and profile 2 with profile1 using something like "dc=sybase,dc=pt"... is this a working profile? Anyway, as a starting point you could also read the automatic workflow here: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/sect-configuring_an_external_ldap_provider#Configuring_an_External_LDAP_Provider or the manual method here: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/sect-configuring_an_external_ldap_provider#Configuring_an_External_LDAP_Provider_ManualMethod In particular: Prerequisites: - You must know the domain name of the DNS or the LDAP server. - To set up secure connection between the LDAP server and the Manager, ensure that a PEM-encoded CA certificate has been prepared. - Have at least one set of account name and password ready to perform search and login queries to the LDAP server. HIH, Gianluca
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZUIVHAI7HNZ26XQT3YWRGLNKTNMZI7G7/