[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI

Thu, 30 May 2019 06:43:16 -0700 

It gives the same error that can't connect because of invalid credentials and 
when i try to put the hostname on the option of Single Server it can't resolve 
the host but when i ping him i can resolve it.

[root@ovirt ~]# ovirt-engine-extension-aaa-ldap-setup 
[ INFO  ] Stage: Initializing
[ INFO  ] Stage: Environment setup
          Configuration files: 
['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
          Log file: 
/tmp/ovirt-engine-extension-aaa-ldap-setup-20190530142721-m0p3r8.log
          Version: otopi-1.7.8 (otopi-1.7.8-1.el7)
[ INFO  ] Stage: Environment packages setup
[ INFO  ] Stage: Programs detection
[ INFO  ] Stage: Environment customization
          Welcome to LDAP extension configuration program
          Available LDAP implementations:
           1 - 389ds
           2 - 389ds RFC-2307 Schema
           3 - Active Directory
           4 - IBM Security Directory Server
           5 - IBM Security Directory Server RFC-2307 Schema
           6 - IPA
           7 - Novell eDirectory RFC-2307 Schema
           8 - OpenLDAP RFC-2307 Schema
           9 - OpenLDAP Standard Schema
          10 - Oracle Unified Directory RFC-2307 Schema
          11 - RFC-2307 Schema (Generic)
          12 - RHDS
          13 - RHDS RFC-2307 Schema
          14 - iPlanet
          Please select: 9
           
          NOTE:
          It is highly recommended to use DNS resolution for LDAP server.
          If for some reason you intend to use hosts or plain address disable 
DNS usage.
           
          Use DNS (Yes, No) [Yes]: 
          Available policy method:
           1 - Single server
           2 - DNS domain LDAP SRV record
           3 - Round-robin between multiple hosts
           4 - Failover between multiple hosts
          Please select: 1
          Please enter host address: 192.168.16.114
[WARNING] Detected plain IP address '192.168.16.114', disabling DNS.
           
          NOTE:
          It is highly recommended to use secure protocol to access the LDAP 
server.
          Protocol startTLS is the standard recommended method to do so.
          Only in cases in which the startTLS is not supported, fallback to non 
standard ldaps protocol.
          Use plain for test environments only.
           
          Please select protocol to use (startTLS, ldaps, plain) [startTLS]:    
  
          Please select method to obtain PEM encoded CA certificate (File, URL, 
Inline, System, Insecure): Insecure
[ INFO  ] Connecting to LDAP using 'ldap://192.168.16.114:389'
[ INFO  ] Executing startTLS
[ INFO  ] Connection succeeded
          Enter search user DN (for example uid=username,dc=example,dc=com or 
leave empty for anonymous): uid=node1,ou=People,dc=lab,dc=local
          Enter search user password: 
[ INFO  ] Attempting to bind using 'uid=node1,ou=People,dc=lab,dc=local'
          Please enter base DN (dc=lab,dc=local) [dc=lab,dc=local]: 
ou=People,dc=lab,dc=local
          Are you going to use Single Sign-On for Virtual Machines (Yes, No) 
[Yes]:   
           
          NOTE:
          Profile name has to match domain name, otherwise Single Sign-On for 
Virtual Machines will not work.
           
          Please specify profile name that will be visible to users 
[192.168.16.114]: lab.local
[ INFO  ] Stage: Setup validation
           
          NOTE:
          It is highly recommended to test drive the configuration before 
applying it into engine.
          Login sequence is executed automatically, but it is recommended to 
also execute Search sequence manually after successful Login sequence.
           
          Please provide credentials to test login flow:
          Enter user name: node1
          Enter user password: 
[ INFO  ] Executing login sequence...
          Login output:
          2019-05-30 14:29:03,825+01 INFO    
========================================================================
          2019-05-30 14:29:03,859+01 INFO    ============================ 
Initialization ============================
          2019-05-30 14:29:03,859+01 INFO    
========================================================================
          2019-05-30 14:29:03,926+01 INFO    Loading extension 'lab.local-authn'
          2019-05-30 14:29:04,075+01 INFO    Extension 'lab.local-authn' loaded
          2019-05-30 14:29:04,095+01 INFO    Loading extension 'lab.local'
          2019-05-30 14:29:04,103+01 INFO    Extension 'lab.local' loaded
          2019-05-30 14:29:04,104+01 INFO    Initializing extension 
'lab.local-authn'
          2019-05-30 14:29:04,105+01 INFO    
[ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] Creating LDAP pool 
'authz'
          2019-05-30 14:29:04,121+01 WARNING 
[ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] TLS/SSL insecure mode
          2019-05-30 14:29:04,593+01 WARNING Exception: An error occurred while 
attempting to set the value of the SO_TIMEOUT socket option for connection 
LDAPConnection(connected to 192.168.16.114:389) to 50ms:  
SocketException(Socket is closed), ldapSDKVersion=4.0.5, 
revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58
          2019-05-30 14:29:04,594+01 INFO    
[ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] Creating LDAP pool 
'authn'
          2019-05-30 14:29:04,594+01 WARNING 
[ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] TLS/SSL insecure mode
          2019-05-30 14:29:04,674+01 WARNING Exception: The connection reader 
was unable to successfully complete TLS negotiation:  
LDAPException(resultCode=91 (connect error), errorMessage='Hostname 
verification failed because the expected hostname '192.168.16.114' was not 
found in peer certificate 'subject='CN=localhost' dNSName='localhost' 
dNSName='localhost' dNSName='localhost.localdomain''.', ldapSDKVersion=4.0.5, 
revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58)
          2019-05-30 14:29:04,675+01 INFO    Extension 'lab.local-authn' 
initialized
          2019-05-30 14:29:04,675+01 INFO    Initializing extension 'lab.local'
          2019-05-30 14:29:04,676+01 INFO    
[ovirt-engine-extension-aaa-ldap.authz::lab.local] Creating LDAP pool 'authz'
          2019-05-30 14:29:04,676+01 WARNING 
[ovirt-engine-extension-aaa-ldap.authz::lab.local] TLS/SSL insecure mode
          2019-05-30 14:29:04,776+01 WARNING Exception: The connection reader 
was unable to successfully complete TLS negotiation:  
LDAPException(resultCode=91 (connect error), errorMessage='Hostname 
verification failed because the expected hostname '192.168.16.114' was not 
found in peer certificate 'subject='CN=localhost' dNSName='localhost' 
dNSName='localhost' dNSName='localhost.localdomain''.', ldapSDKVersion=4.0.5, 
revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58)
          2019-05-30 14:29:04,777+01 INFO    
[ovirt-engine-extension-aaa-ldap.authz::lab.local] Available Namespaces: 
[ou=People,dc=lab,dc=local]
          2019-05-30 14:29:04,778+01 INFO    Extension 'lab.local' initialized
          2019-05-30 14:29:04,778+01 INFO    Start of enabled extensions list
          2019-05-30 14:29:04,779+01 INFO    Instance name: 'lab.local-authn', 
Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.8', 
Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.8-1.el7', License: 
'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build 
interface Version: '0',  File: 
'/tmp/tmpwbSUo5/extensions.d/lab.local-authn.properties', Initialized: 'true'
          2019-05-30 14:29:04,779+01 INFO    Instance name: 'lab.local', 
Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.8', 
Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.8-1.el7', License: 
'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build 
interface Version: '0',  File: 
'/tmp/tmpwbSUo5/extensions.d/lab.local.properties', Initialized: 'true'
          2019-05-30 14:29:04,779+01 INFO    End of enabled extensions list
          2019-05-30 14:29:04,779+01 INFO    
========================================================================
          2019-05-30 14:29:04,779+01 INFO    ============================== 
Execution ===============================
          2019-05-30 14:29:04,779+01 INFO    
========================================================================
          2019-05-30 14:29:04,780+01 INFO    Iteration: 0
          2019-05-30 14:29:04,780+01 INFO    Profile='lab.local' 
authn='lab.local-authn' authz='lab.local' mapping='null'
          2019-05-30 14:29:04,781+01 INFO    API: 
-->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='lab.local' 
user='node1'
          2019-05-30 14:29:04,825+01 WARNING Ignoring records from pool: 'authz'
          2019-05-30 14:29:04,826+01 INFO    API: 
<--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='lab.local' 
result=CREDENTIALS_INVALID
          2019-05-30 14:29:04,834+01 SEVERE  Authn.Result code is: 
CREDENTIALS_INVALID
[ ERROR ] Login sequence failed
          Please investigate details of the failure (search for lines 
containing SEVERE log level).
          Select test sequence to execute (Done, Abort, Login, Search) [Abort]: 
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TKIYWCU23ZEUKL2MV4IY5RPVBHASPUIE/

Reply via email to