Dear Lucie,
Thanks for your help.
You can find my configuration file below :
sudo nano /etc/ovirt-engine/extensions.d/ldap.mydomain.fr-authn.properties
ovirt.engine.extension.name = ldap.mydomain.fr-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = ldap.mydomain.fr
ovirt.engine.aaa.authn.authz.plugin = ldap.mydomain.fr
config.profile.file.1 = ../aaa/ldap.mydomain.fr.properties
config.globals.baseDN.simple_baseDN = ou=people,dc=mydomain,dc=fr
sudo nano /etc/ovirt-engine/extensions.d/ldap.mydomain.fr-authz.properties
ovirt.engine.extension.name = ldap.mydomain.fr
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =
org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =
org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = ../aaa/ldap.mydomain.fr.properties
config.globals.baseDN.simple_baseDN = ou=people,dc=mydomain,dc=fr
sudo nano /etc/ovirt-engine/aaa/ldap.mydomain.fr.properties
include = <isds.properties>
vars.server = ldap.mydomain.fr
pool.authz.auth.type = none
pool.default.serverset.type = single
pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.single.port = 636
pool.default.ssl.enable = true
pool.default.ssl.truststore.file = ${local:_basedir}/ldap.mydomain.fr.jks
pool.default.ssl.truststore.password = changeit
Thank you beforehand,
Best Regards,
LAMY Lucas
> Le 19 févr. 2020 à 8:31 AM, Lucie Leistnerova <[email protected]> a écrit :
>
> Hi Lucas,
>
> how is your ldap set? Can you please share settings in
> /etc/ovirt-engine/extensions.d
> Is the driver properly set? I've found similar issue here
> https://users.ovirt.narkive.com/FveKIVCV/ovirt-users-adding-users-through-ldap-fails-on-external-id
>
> Thank you.
>
> Lucie
>
>> On 2/18/20 4:14 PM, Lucas Lamy wrote:
>> Hello everyone.
>>
>> I have previously configured LDAP connexion though
>> ovirt-engine-extension-aaa-ldap-setup.
>>
>> The only working configuration was IBM Security Directory Server (the IBM
>> Security Directory Server RFC-2307 Schema doesn't work), ladps and anonymous
>> search user. But the LDAP server I’m testing is OpenLDAP and not IBM.
>>
>> Indeed with IBM the search and login are working fine when I test them with
>> ovirt-engine-extensions-tool aaa.
>>
>> But when I try to add a LDAP User in the User Administration Panel I get
>> this Error message : "Error while executing action AddUser : Internal Engine
>> Error".
>>
>> None of the solutions I've found on previous threads seems to works.
>>
>> Does someone have an idea please ?
>> Please find the logs attached.
>> Thank you beforehand.
>>
>>
>> Caused by: org.postgresql.util.PSQLException: ERROR: null value in column
>> "external_id" violates not-null constraint Detail: Failing row contains
>> (**user info**). Where: SQL statement "INSERT INTO users ( department,
>> domain, email, name, note, surname, user_id, username, external_id,
>> namespace ) VALUES ( v_department, v_domain, v_email, v_name, v_note,
>> v_surname, v_user_id, v_username, v_external_id, v_namespace )" PL/pgSQL
>> function insertuser(character varying,character varying,character
>> varying,character varying,character varying,character varying,uuid,character
>> varying,text,character varying) line 3 at SQL state$ at
>> org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2433)
>> at
>> org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2178)
>> at
>> org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:306)
>> at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:441) at
>> org.postgresql.jdbc.PgStatement.execute(PgStatement.java:365) at
>> org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:155)
>> at
>> org.postgresql.jdbc.PgCallableStatement.executeWithFlags(PgCallableStatement.java:78)
>> at
>> org.postgresql.jdbc.PgPreparedStatement.execute(PgPreparedStatement.java:144)
>> at
>> org.jboss.jca.adapters.jdbc.CachedPreparedStatement.execute(CachedPreparedStatement.java:303)
>> at
>> org.jboss.jca.adapters.jdbc.WrappedPreparedStatement.execute(WrappedPreparedStatement.java:442)
>> at
>> org.springframework.jdbc.core.JdbcTemplate.lambda$call$4(JdbcTemplate.java:1105)
>> [spring-jdbc.jar:5.0.4.RELEASE] at
>> org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:1050)
>> [spring-jdbc.jar:5.0.4.RELEASE] ... 162 more 2020-02-15 10:16:53,337+01
>> ERROR [org.ovirt.engine.core.bll.aaa.AddUserCommand] (default task-4)
>> [222f7ca7-b669-40e0-b152-2ca898ebde09] Transaction rolled-back for command
>> 'org.ovirt.engine.core.bll.aaa.$ 2020-02-15 10:16:53,341+01 WARN
>> [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
>> (default task-4) [222f7ca7-b669-40e0-b152-2ca898ebde09] EVENT_ID:
>> USER_FAILED_ADD_ADUSER(327), Fail, Failed to add User 'user' to the system.
>> _______________________________________________
>> Users mailing list -- [email protected]
>> To unsubscribe send an email to [email protected]
>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/[email protected]/message/PLCLWVJUD7KNOTG7HQ7Y4PDWYEJVG5JJ/
>
> --
> Lucie Leistnerova
> Senior Quality Engineer, QE Cloud, RHVM
> Red Hat EMEA
>
> IRC: lleistne @ #rhev-qe
>
>
_______________________________________________
Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/[email protected]/message/IBBPTA2QCW7OLVEE4XTVUX2JODDVJMV4/
