________________________________
From: Vrgotic, Marko
Sent: Tuesday, June 4, 2019 4:44:08 PM
To: users@ovirt.org
Cc: Stojchev, Darko
Subject: Issue with aaa-ldap connector on fresh install of 4.3.3
Dear oVIrt,
We are running 4.3.3 latest with SHE.
Tried to connect our domain users using aaa-ldap extension tool provided.
We tried multiple different accounts, with multiple dn search tree syntaxes and
verified the passwords.
The error is always the same:
`2019-06-04 14:03:30,763+0000 ERROR
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common
common._customization_late:835 Cannot authenticate using
'uid=**FILTERED**,ou=ABC Users,dc=example,dc=com': {'info': '80090308: LdapErr:
DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc':
'Invalid credentials'}`
The log file is showing the following:
2019-06-04 14:02:31,666+0000 DEBUG
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common common._getURLs:283
URLs: [u'ldap://hqdc2.example.com:389', u'ldap://eudc1.example.com:389',
u'ldap://eudc2.example.com:389', u'ldap://hqdc1.example.com:389']
2019-06-04 14:02:31,666+0000 INFO
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common
common._connectLDAP:393 Connecting to LDAP using 'ldap://hqdc2.example.com:389'
2019-06-04 14:02:31,675+0000 INFO
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common
common._connectLDAP:444 Executing startTLS
2019-06-04 14:02:32,420+0000 DEBUG
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common
common._connectLDAP:447 Perform search
2019-06-04 14:02:32,567+0000 DEBUG
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common
common._connectLDAP:455 Result: [('', {'supportedLDAPVersion': ['3', '2']})]
2019-06-04 14:02:32,568+0000 INFO
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common
common._connectLDAP:457 Connection succeeded
2019-06-04 14:02:32,568+0000 DEBUG otopi.plugins.otopi.dialog.human
human.queryString:159 query OVAAALDAP_LDAP_USER
2019-06-04 14:02:32,568+0000 DEBUG otopi.plugins.otopi.dialog.human
dialog.__logString:204 DIALOG:SEND Enter search user DN (for
example uid=username,dc=example,dc=com or leave empty for anonymous):
2019-06-04 14:02:57,540+0000 DEBUG otopi.plugins.otopi.dialog.human
dialog.__logString:204 DIALOG:RECEIVE
uid=da-dstojchev,ou=Users,dc=example,dc=com
2019-06-04 14:02:57,541+0000 DEBUG otopi.plugins.otopi.dialog.human
human.queryString:159 query OVAAALDAP_LDAP_PASSWORD
2019-06-04 14:02:57,541+0000 DEBUG otopi.plugins.otopi.dialog.human
dialog.__logString:204 DIALOG:SEND Enter search user password:
2019-06-04 14:03:00,713+0000 INFO
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common common._bindLDAP:478
Attempting to bind using 'uid=da-dstojchev,ou=Users,dc=example,dc=com'
2019-06-04 14:03:00,862+0000 ERROR
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common
common._customization_late:835 Cannot authenticate using
'uid=da-dstojchev,ou=Users,dc=example,dc=com': {'info': '80090308: LdapErr:
DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc':
'Invalid credentials'}
2019-06-04 14:03:00,863+0000 DEBUG otopi.plugins.otopi.dialog.human
human.queryString:159 query OVAAALDAP_LDAP_USER
2019-06-04 14:03:00,863+0000 DEBUG otopi.plugins.otopi.dialog.human
dialog.__logString:204 DIALOG:SEND Enter search user DN (for
example uid=username,dc=example,dc=com or leave empty for anonymous):
2019-06-04 14:03:27,376+0000 DEBUG otopi.plugins.otopi.dialog.human
dialog.__logString:204 DIALOG:RECEIVE uid=openstack-test,ou=ABC
Users,dc=example,dc=com
2019-06-04 14:03:27,376+0000 DEBUG otopi.plugins.otopi.dialog.human
human.queryString:159 query OVAAALDAP_LDAP_PASSWORD
2019-06-04 14:03:27,377+0000 DEBUG otopi.plugins.otopi.dialog.human
dialog.__logString:204 DIALOG:SEND Enter search user password:
2019-06-04 14:03:30,616+0000 INFO
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common common._bindLDAP:478
Attempting to bind using 'uid=**FILTERED**,ou=ABC Users,dc=example,dc=com'
2019-06-04 14:03:30,763+0000 ERROR
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common
common._customization_late:835 Cannot authenticate using
'uid=**FILTERED**,ou=ABC Users,dc=example,dc=com': {'info': '80090308: LdapErr:
DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc':
'Invalid credentials'}
2019-06-04 14:03:30,764+0000 DEBUG otopi.plugins.otopi.dialog.human
human.queryString:159 query OVAAALDAP_LDAP_USER
2019-06-04 14:03:30,764+0000 DEBUG otopi.plugins.otopi.dialog.human
dialog.__logString:204 DIALOG:SEND Enter search user DN (for
example uid=username,dc=example,dc=com or leave empty for anonymous):
2019-06-04 14:03:41,055+0000 DEBUG otopi.context context._executeMethod:145
method exception
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/otopi/context.py", line 132, in
_executeMethod
method['method']()
File
"/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py",
line 812, in _customization_late
default='',
File "/usr/share/otopi/plugins/otopi/dialog/human.py", line 211, in
queryString
value = self._readline(hidden=hidden)
File "/usr/lib/python2.7/site-packages/otopi/dialog.py", line 246, in
_readline
value = self.__input.readline()
File "/usr/lib/python2.7/site-packages/otopi/main.py", line 53, in _signal
raise RuntimeError("SIG%s" % signum)
RuntimeError: SIG2
2019-06-04 14:03:41,057+0000 ERROR otopi.context context._executeMethod:154
Failed to execute stage 'Environment customization': SIG2
2019-06-04 14:03:41,057+0000 DEBUG otopi.context context.dumpEnvironment:731
ENVIRONMENT DUMP – BEGIN
This is fresh install of oVIrt 4.3.3 latest, assigned for our prod env.
Kindly awaiting your reply,
Marko Vrgotic
ActiveVideo
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FPTQ3NUF3TRB26BWCPOV76TMQPQFS3PD/
