subject:"\"\\\[ovirt\\\-users\\\] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA\""

[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-14 Thread Cameron Christensen

Hello,

I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
Starting up ovrit-engine the extension manager fails to properly load
the service that handles Kerberos/LDAP.

engine.log:
...
2014-11-10 11:29:25,106 INFO
[org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (MSC service
thread 1-10) Start initializing ExecutionMessageDirector
2014-11-10 11:29:25,108 INFO
[org.ovirt.engine.core.dal.job.ExecutionMessageDirector] (MSC service
thread 1-10) Finished initializing ExecutionMessageDirector
2014-11-10 11:29:25,145 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Loading extension 'builtin-authn-internal'
2014-11-10 11:29:25,146 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'builtin-authn-internal' loaded
2014-11-10 11:29:25,148 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Loading extension 'internal'
2014-11-10 11:29:25,150 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'internal' loaded
2014-11-10 11:29:25,154 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Loading extension 'builtin-authn-EXAMPLE.ORG'
2014-11-10 11:29:25,215 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'builtin-authn-EXAMPLE.ORG' loaded
2014-11-10 11:29:25,218 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Loading extension 'EXAMPLE.ORG'
2014-11-10 11:29:25,264 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'EXAMPLE.ORG' loaded
2014-11-10 11:29:25,265 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Initializing extension 'EXAMPLE.ORG'
2014-11-10 11:29:25,265 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'EXAMPLE.ORG' initialized
2014-11-10 11:29:25,266 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Initializing extension 'builtin-authn-internal'
2014-11-10 11:29:25,266 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'builtin-authn-internal' initialized
2014-11-10 11:29:25,267 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Initializing extension 'builtin-authn-EXAMPLE.ORG'
2014-11-10 11:29:25,267 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'builtin-authn-EXAMPLE.ORG' initialized
2014-11-10 11:29:25,268 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Initializing extension 'internal'
2014-11-10 11:29:25,268 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Extension 'internal' initialized
2014-11-10 11:29:25,268 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Start of enabled extensions list
2014-11-10 11:29:25,269 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Instance name: 'EXAMPLE.ORG', Extension name:
'Kerberos/Ldap Authz (Built-in)', Version: 'N/A', Notes: '', License:
'ASL 2.0',
 Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interface Version: '0',  File: 'N/A', Initialized: 'true'
2014-11-10 11:29:25,270 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Instance name: 'builtin-authn-internal', Extension name:
'Internal Authn (Built-in)', Version: 'N/A', Notes: '', License: 'AS
L 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interface Version: '0',  File: 'N/A', Initialized: 'true'
2014-11-10 11:29:25,270 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Instance name: 'builtin-authn-EXAMPLE.ORG', Extension name:
'Kerberos/Ldap Authn (Built-in)', Version: 'N/A', Notes: '', Licen
se: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project',
Build interface Version: '0',  File: 'N/A', Initialized: 'true'
2014-11-10 11:29:25,271 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) Instance name: 'internal', Extension name: 'Internal Authz
(Built-in)', Version: 'N/A', Notes: '', License: 'ASL 2.0', Home:
'http://www.ovirt.org', Author 'The oVirt Project', Build interface
Version: '0',  File: 'N/A', Initialized: 'true'
2014-11-10 11:29:25,272 INFO
[org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service
thread 1-10) End of enabled extensions list
2014-11-10 11:29:25,404 INFO
[org.ovirt.engine.core.bll.aaa.DbUserCacheManager] (MSC service thread
1-10) Start initializing DbUserCacheManager
2014-11-10 11:29:25,405 INFO
[org.ovirt.engine.core.bll.aaa.DbUserCacheManager] (MSC service thread
1-10) Finished initializing DbUserCacheManager
2014-11-10 11:29:25,41

[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-20 Thread Ondra Machacek

Hi,

just tried it too.
I was not successfull to reproduce, but the problem is that
the domain part of LDAPSecurityAuthentication is uppercase
as Cameron wrote.

In 3.4 it is OK when it's upper case - everything works OK,
but in 3.5 it's not.

I checked differences and something like this would be enough, Yair?

diff --git 
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
 
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExte
index f5ab28d..ccaf04a 100644
--- 
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
+++ 
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
@@ -240,7 +240,7 @@ public class EngineExtensionsManager extends 
ExtensionsManager {
 )
 );
 }
-if (nameValue[0].equals(domain)) {
+if (nameValue[0].equalsIgnoreCase(domain)) {
 result = nameValue[1];
 break;
 }


Ondra


- Original Message -
> From: "Alon Bar-Lev" 
> To: "Cameron Christensen" , "Yair 
> Zaslavsky" 
> Cc: users at ovirt.org
> Sent: Monday, November 17, 2014 11:48:15 PM
> Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
> 
> 
> 
> - Original Message -
> > From: "Cameron Christensen" 
> > To: "Alon Bar-Lev" 
> > Cc: users at ovirt.org
> > Sent: Monday, November 17, 2014 11:43:34 PM
> > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > IPA
> > 
> > 
> > 
> > On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
> > > 
> > > ----- Original Message -
> > > > From: "Cameron Christensen" 
> > > > To: users at ovirt.org
> > > > Sent: Friday, November 14, 2014 5:39:54 PM
> > > > Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > > > IPA
> > > > 
> > > > Hello,
> > > > 
> > > > I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> > > > Starting up ovrit-engine the extension manager fails to properly load
> > > > the service that handles Kerberos/LDAP.
> > > 
> > > This is probably a bug, can you please execute the following and paste
> > > result:
> > > 
> > > # PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from
> > > vdc_options where option_name='LDAPSecurityAuthentication'"
> > > 
> > 
> >  option_id |option_name |   option_value| version
> > ---++---+-
> >165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
> > 
> > I replaced my domain name with 'example.org'
> > 
> 
> I thought it will be empty... and it contains valid value. Yair?

No, this is fine actually.

> 
> Any I truly suggest you try out the new provider... Much easier to resolve
> any issue, current and future, including easier to debug.
> 
> Alon
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-17 Thread Marcelo Donato

Hello, is using the new structure  AAA (Authentication, Authorization and
Accouting) of the oVirt 3.5?



-- 
Ao encaminhar esta mensagem, por favor:
1. Apague o meu e-mail e o meu nome.
2. Apague também os endereços dos amigos antes de reenviar
3. Use Cco ou Bcc para enviar mensagens!
Dificulte a disseminação de vírus e spam.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-17 Thread Alon Bar-Lev



- Original Message -
> From: "Cameron Christensen" 
> To: users@ovirt.org
> Sent: Friday, November 14, 2014 5:39:54 PM
> Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
> 
> Hello,
> 
> I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> Starting up ovrit-engine the extension manager fails to properly load
> the service that handles Kerberos/LDAP.

This is probably a bug, can you please execute the following and paste result:

# PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from 
vdc_options where option_name='LDAPSecurityAuthentication'"

Replace @PASSWORD@ and probably other parameters based on 
/etc/ovirt-engine/engine.conf.d/10-setup-database.conf

It is probably empty and we should file a bug.

If you are interested there is a new ldap provider in 3.5 available in 
snapshots repository (ovirt-engine-extension-aaa-ldap package), documentation 
is available here[1], this provider should be simpler and robust as it uses 
only ldap protocol and is fully customizable.

Regards,
Alon

[1] 
http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-17 Thread Cameron Christensen



On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
> 
> - Original Message -
> > From: "Cameron Christensen" 
> > To: users@ovirt.org
> > Sent: Friday, November 14, 2014 5:39:54 PM
> > Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
> > 
> > Hello,
> > 
> > I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> > Starting up ovrit-engine the extension manager fails to properly load
> > the service that handles Kerberos/LDAP.
> 
> This is probably a bug, can you please execute the following and paste result:
> 
> # PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from 
> vdc_options where option_name='LDAPSecurityAuthentication'"
> 

 option_id |option_name |   option_value| version 
---++---+-
   165 | LDAPSecurityAuthentication | example.org:GSSAPI | general

I replaced my domain name with 'example.org'

Cameron


signature.asc
Description: This is a digitally signed message part
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-17 Thread Alon Bar-Lev



- Original Message -
> From: "Cameron Christensen" 
> To: "Alon Bar-Lev" 
> Cc: users@ovirt.org
> Sent: Monday, November 17, 2014 11:43:34 PM
> Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
> 
> 
> 
> On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
> > 
> > - Original Message -
> > > From: "Cameron Christensen" 
> > > To: users@ovirt.org
> > > Sent: Friday, November 14, 2014 5:39:54 PM
> > > Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
> > > 
> > > Hello,
> > > 
> > > I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> > > Starting up ovrit-engine the extension manager fails to properly load
> > > the service that handles Kerberos/LDAP.
> > 
> > This is probably a bug, can you please execute the following and paste
> > result:
> > 
> > # PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from
> > vdc_options where option_name='LDAPSecurityAuthentication'"
> > 
> 
>  option_id |option_name |   option_value| version
> ---++---+-
>165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
> 
> I replaced my domain name with 'example.org'
> 

I thought it will be empty... and it contains valid value. Yair?

Any I truly suggest you try out the new provider... Much easier to resolve any 
issue, current and future, including easier to debug.

Alon
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-18 Thread Cameron Christensen

On Mon, 2014-11-17 at 16:48 -0500, Alon Bar-Lev wrote:
> 
> - Original Message -
> > From: "Cameron Christensen" 
> > To: "Alon Bar-Lev" 
> > Cc: users@ovirt.org
> > Sent: Monday, November 17, 2014 11:43:34 PM
> > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to 
> > IPA
> > 
> > 
> > 
> > On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
> > > 
> > > - Original Message -
> > > > From: "Cameron Christensen" 
> > > > To: users@ovirt.org
> > > > Sent: Friday, November 14, 2014 5:39:54 PM
> > > > Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to 
> > > > IPA
> > > > 
> > > > Hello,
> > > > 
> > > > I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> > > > Starting up ovrit-engine the extension manager fails to properly load
> > > > the service that handles Kerberos/LDAP.
> > > 
> > > This is probably a bug, can you please execute the following and paste
> > > result:
> > > 
> > > # PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from
> > > vdc_options where option_name='LDAPSecurityAuthentication'"
> > > 
> > 
> >  option_id |option_name |   option_value| version
> > ---++---+-
> >165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
> > 
> > I replaced my domain name with 'example.org'
> > 
> 
> I thought it will be empty... and it contains valid value. Yair?
> 
Looking through the vdc_options table I noticed that many of the LDAP*
and Ad* settings use two different spellings for the Kerberos/LDAP
domain. One in all upper case letters, EXAMPLE.ORG and one in all lower
case, example.org. (I'm guessing this is to handle either spelling of
the domain?)

I updated LDAPSecurityAuthentication and set the option_value to use
both the upper case and lower case domain name,
'EXAMPLE.ORG:GSSAPI,example.org:GSSAPI'.

select * from vdc_options where option_name =
'LDAPSecurityAuthentication';
 option_id |option_name |option_value
| version 
---++-+-
   165 | LDAPSecurityAuthentication |
EXAMPLE.ORG:GSSAPI,example.org:GSSAPI | general

Using both domain names I am able to authenticate, authorize and pull
account information from the IPA server once again.

Thanks for pointing me at the right location.

Cameron


signature.asc
Description: This is a digitally signed message part
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-19 Thread Yair Zaslavsky



- Original Message -
> From: "Alon Bar-Lev" 
> To: "Cameron Christensen" , "Yair 
> Zaslavsky" 
> Cc: users@ovirt.org
> Sent: Monday, November 17, 2014 11:48:15 PM
> Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
> 
> 
> 
> - Original Message -
> > From: "Cameron Christensen" 
> > To: "Alon Bar-Lev" 
> > Cc: users@ovirt.org
> > Sent: Monday, November 17, 2014 11:43:34 PM
> > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > IPA
> > 
> > 
> > 
> > On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
> > > 
> > > - Original Message -----
> > > > From: "Cameron Christensen" 
> > > > To: users@ovirt.org
> > > > Sent: Friday, November 14, 2014 5:39:54 PM
> > > > Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > > > IPA
> > > > 
> > > > Hello,
> > > > 
> > > > I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> > > > Starting up ovrit-engine the extension manager fails to properly load
> > > > the service that handles Kerberos/LDAP.
> > > 
> > > This is probably a bug, can you please execute the following and paste
> > > result:
> > > 
> > > # PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from
> > > vdc_options where option_name='LDAPSecurityAuthentication'"
> > > 
> > 
> >  option_id |option_name |   option_value| version
> > ---++---+-
> >165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
> > 
> > I replaced my domain name with 'example.org'
> > 
> 
> I thought it will be empty... and it contains valid value. Yair?

No, this is fine actually.

> 
> Any I truly suggest you try out the new provider... Much easier to resolve
> any issue, current and future, including easier to debug.
> 
> Alon
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-19 Thread Yair Zaslavsky



- Original Message -
> From: "Cameron Christensen" 
> To: "Alon Bar-Lev" 
> Cc: "Yair Zaslavsky" , users@ovirt.org
> Sent: Tuesday, November 18, 2014 6:21:18 PM
> Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
> 
> On Mon, 2014-11-17 at 16:48 -0500, Alon Bar-Lev wrote:
> > 
> > - Original Message -
> > > From: "Cameron Christensen" 
> > > To: "Alon Bar-Lev" 
> > > Cc: users@ovirt.org
> > > Sent: Monday, November 17, 2014 11:43:34 PM
> > > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > > IPA
> > > 
> > > 
> > > 
> > > On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
> > > > 
> > > > ----- Original Message -----
> > > > > From: "Cameron Christensen" 
> > > > > To: users@ovirt.org
> > > > > Sent: Friday, November 14, 2014 5:39:54 PM
> > > > > Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > > > > IPA
> > > > > 
> > > > > Hello,
> > > > > 
> > > > > I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> > > > > Starting up ovrit-engine the extension manager fails to properly load
> > > > > the service that handles Kerberos/LDAP.
> > > > 
> > > > This is probably a bug, can you please execute the following and paste
> > > > result:
> > > > 
> > > > # PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from
> > > > vdc_options where option_name='LDAPSecurityAuthentication'"
> > > > 
> > > 
> > >  option_id |option_name |   option_value| version
> > > ---++---+-
> > >165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
> > > 
> > > I replaced my domain name with 'example.org'
> > > 
> > 
> > I thought it will be empty... and it contains valid value. Yair?
> > 
> Looking through the vdc_options table I noticed that many of the LDAP*
> and Ad* settings use two different spellings for the Kerberos/LDAP
> domain. One in all upper case letters, EXAMPLE.ORG and one in all lower
> case, example.org. (I'm guessing this is to handle either spelling of
> the domain?)
> 
> I updated LDAPSecurityAuthentication and set the option_value to use
> both the upper case and lower case domain name,
> 'EXAMPLE.ORG:GSSAPI,example.org:GSSAPI'.
> 
> select * from vdc_options where option_name =
> 'LDAPSecurityAuthentication';
>  option_id |option_name |option_value
> | version
> ---++-+-
>165 | LDAPSecurityAuthentication |
> EXAMPLE.ORG:GSSAPI,example.org:GSSAPI | general

Just so we can continue to investigate -
if u would like to get your ldap and kerberos SRV records , to which domain 
will you send them in your setup?

dig SRV _ldap._tcp.EXAMPLE.ORG

or

dig SRV _ldap._tcp.example.org?


same goes to

_kerberos._tcp.example.org and _kerberos._tcp.EXAMPLE.ORG

Cheers,
Yair

> 
> Using both domain names I am able to authenticate, authorize and pull
> account information from the IPA server once again.
> 
> Thanks for pointing me at the right location.
> 
> Cameron
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

2014-11-22 Thread Yair Zaslavsky



- Original Message -
> From: "Ondra Machacek" 
> To: "Yair Zaslavsky" 
> Cc: "cameron christensen" , "Alon Bar-Lev" 
> , users@ovirt.org
> Sent: Thursday, November 20, 2014 6:09:53 PM
> Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA
> 
> Hi,
> 
> just tried it too.
> I was not successfull to reproduce, but the problem is that
> the domain part of LDAPSecurityAuthentication is uppercase
> as Cameron wrote.
> 
> In 3.4 it is OK when it's upper case - everything works OK,
> but in 3.5 it's not.
> 
> I checked differences and something like this would be enough, Yair?
> 
> diff --git
> a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
> b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExte
> index f5ab28d..ccaf04a 100644
> ---
> a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
> +++
> b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/extensionsmgr/EngineExtensionsManager.java
> @@ -240,7 +240,7 @@ public class EngineExtensionsManager extends
> ExtensionsManager {
>  )
>  );
>  }
> -if (nameValue[0].equals(domain)) {
> +if (nameValue[0].equalsIgnoreCase(domain)) {
>  result = nameValue[1];
>  break;
>  }
> 
> 
> Ondra

Looks fine, but please email me in private a testing environment where I can 
check that.

Thanks!

P.S:
Another option worth trying is simply remove and add the domain, but hey, if 
you're already in 3.5, and removed the domain, why not use he generic ldap 
provider?

> 
> 
> - Original Message -
> > From: "Alon Bar-Lev" 
> > To: "Cameron Christensen" , "Yair
> > Zaslavsky" 
> > Cc: users at ovirt.org
> > Sent: Monday, November 17, 2014 11:48:15 PM
> > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > IPA
> > 
> > 
> > 
> > - Original Message -
> > > From: "Cameron Christensen" 
> > > To: "Alon Bar-Lev" 
> > > Cc: users at ovirt.org
> > > Sent: Monday, November 17, 2014 11:43:34 PM
> > > Subject: Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > > IPA
> > > 
> > > 
> > > 
> > > On Mon, 2014-11-17 at 14:39 -0500, Alon Bar-Lev wrote:
> > > > 
> > > > - Original Message -
> > > > > From: "Cameron Christensen" 
> > > > > To: users at ovirt.org
> > > > > Sent: Friday, November 14, 2014 5:39:54 PM
> > > > > Subject: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to
> > > > > IPA
> > > > > 
> > > > > Hello,
> > > > > 
> > > > > I upgraded to ovirt 3.5.0 and can no longer authenticate to IPA.
> > > > > Starting up ovrit-engine the extension manager fails to properly load
> > > > > the service that handles Kerberos/LDAP.
> > > > 
> > > > This is probably a bug, can you please execute the following and paste
> > > > result:
> > > > 
> > > > # PGPASSWORD="@PASSWORD@" psql -U engine -d engine -c "select * from
> > > > vdc_options where option_name='LDAPSecurityAuthentication'"
> > > > 
> > > 
> > >  option_id |option_name |   option_value| version
> > > ---++---+-
> > >165 | LDAPSecurityAuthentication | example.org:GSSAPI | general
> > > 
> > > I replaced my domain name with 'example.org'
> > > 
> > 
> > I thought it will be empty... and it contains valid value. Yair?
> 
> No, this is fine actually.
> 
> > 
> > Any I truly suggest you try out the new provider... Much easier to resolve
> > any issue, current and future, including easier to debug.
> > 
> > Alon
> > 
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

[ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

Re: [ovirt-users] Upgrade to Ovirt 3.5.0 Authentication Fails to IPA

10 matches

Site Navigation

Mail list logo

Footer information