[ovirt-users] LDAP Users constatly can't login on Ovirt Portal
Hello, So we have LDAP Authentication configured on Ovirt with aaa-extension, but the users of LDAP are constantly not being able to login, but when i restart ovirt-engine they can login again, but after some time they can't again bellow i will leave some logs: 2019-10-25 13:38:20,287+01 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-1) [] Session expired. 2019-10-25 13:39:01,503+01 INFO [org.ovirt.engine.extension.aaa.jdbc.core.Tasks] (default task-4) [] (house keeping) deleting failed logins prior to 2019-10-18 12:39:01Z. 2019-10-25 13:39:06,659+01 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-3) [] EVENT_ID: USER_VDC_LOGIN_FAILED(114), User username@ldapprofile connecting from '' failed to log in : 'Unable to log in. Verify your login information or contact the system administrator.'. If you need anything else let me now! Thank you! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/WAS2GMLJOVBC4DSB7DIHAKJIXZB2TCOX/
[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
I finally did it, i replicated the files from the lab to the production and it's now working. I'm gonna leave here the configuration of the files to the future someone who is with difficulties: [root@ovirt extensions.d]# cat example.com-authn.properties ovirt.engine.extension.name = example.com-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = example.com ovirt.engine.aaa.authn.authz.plugin = example.com-authz config.profile.file.1 = ../aaa/example.com.properties config.globals.baseDN.simple_baseDN = ou=people,dc=example,dc=com [root@ovirt extensions.d]# cat example.com-authz.properties ovirt.engine.extension.name = example.com-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = ../aaa/example.com.properties config.globals.baseDN.simple_baseDN = ou=people,dc=example,dc=com [root@ovirt aaa]# cat sybase.pt.properties include = vars.server = vars.user = cn=RĂºben Nunes,ou=people,dc=example,dc=com vars.password = pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} pool.default.serverset.type = single pool.default.serverset.single.server = ${global:vars.server} pool.default.socketfactory.type = java Note: The example.com.properties who is located on /etc/ovirt-engine/aaa/ needs to have as owner:group the ovirt:ovirt the other two files on extensions.d are owned by root:root. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CKUQHXHWU5CFFLALPLRVVUBLLCO7N4HS/
[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
This is kind of funny but our OpenLDAP in production doesn't have any kind of certificate. I used 8 option for the lab.local so i was trying to do the same for the OpenLDAP in production but they give the same error. Note: The machine is in Azure but we have tested a rule on the firewall of Azure that in can pass anything to that server and even with that rule it gives that error that i putted up there. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TL7NJKHFVRLRWCVZWK2SZRT7BAEW6YYA/
[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
Ok the problem is solved the users can be seen on the Web-UI, thank you! But another problem as arrived because this was only the laboratory, now when i trie to do the setup between the Ovirt and the OpenLDAP in production the error it gives is this: [root@ovirt aaa]# ovirt-engine-extension-aaa-ldap-setup [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf'] Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20190530174630-07oiqw.log Version: otopi-1.7.8 (otopi-1.7.8-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment customization Welcome to LDAP extension configuration program Available LDAP implementations: 1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IBM Security Directory Server 5 - IBM Security Directory Server RFC-2307 Schema 6 - IPA 7 - Novell eDirectory RFC-2307 Schema 8 - OpenLDAP RFC-2307 Schema 9 - OpenLDAP Standard Schema 10 - Oracle Unified Directory RFC-2307 Schema 11 - RFC-2307 Schema (Generic) 12 - RHDS 13 - RHDS RFC-2307 Schema 14 - iPlanet Please select: 8 NOTE: It is highly recommended to use DNS resolution for LDAP server. If for some reason you intend to use hosts or plain address disable DNS usage. Use DNS (Yes, No) [Yes]: no Available policy method: 1 - Single server 2 - DNS domain LDAP SRV record 3 - Round-robin between multiple hosts 4 - Failover between multiple hosts Please select: 1 Please enter host address: NOTE: It is highly recommended to use secure protocol to access the LDAP server. Protocol startTLS is the standard recommended method to do so. Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol. Use plain for test environments only. Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain [ INFO ] Connecting to LDAP using 'ldap://:389' [ ERROR ] Failed to execute stage 'Environment customization': Cannot connect using any of available options [ INFO ] Stage: Clean up Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20190530174630-07oiqw.log: [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MA6UQONQXFDSFBKJFTE25TJ5K3LG7P4D/
[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
Note: The user that i used "System Administrator (RO)" it's a user that i created for test with the id of users 1005 if i'm not mistaken. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PNPVWP6U7KXGWP44N75M2PXELWI7P35P/
[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
[root@ovirt ~]# rpm -qa ovirt-engine ovirt-engine-4.2.8.2-1.el7.noarch [root@ovirt ~]# rpm -qa ovirt-engine-extension-aaa-ldap-setup ovirt-engine-extension-aaa-ldap-setup-1.3.8-1.el7.noarch LOGS /var/log/ovirt-engine/engine.log that basically are always like this: 2019-05-30 16:27:20,594+01 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] Connecting to /192.168.17.157 2019-05-30 16:27:20,620+01 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages General SSLEngine problem 2019-05-30 16:27:20,630+01 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-30) [] EVENT_ID: VDS_BROKER_COMMAND_FAILURE(10,802), VDSM ovirt1 command Get Host Capabilities failed: General SSLEngine problem 2019-05-30 16:27:20,630+01 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedThreadFactory-engineScheduled-Thread-30) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: General SSLEngine problem 2019-05-30 16:27:43,629+01 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] Connecting to /192.168.17.157 2019-05-30 16:27:43,659+01 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages General SSLEngine problem 2019-05-30 16:27:43,662+01 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedThreadFactory-engineScheduled-Thread-94) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: General SSLEngine problem 2019-05-30 16:28:06,695+01 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] Connecting to /192.168.17.157 2019-05-30 16:28:06,721+01 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages General SSLEngine problem 2019-05-30 16:28:06,735+01 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-43) [] EVENT_ID: VDS_BROKER_COMMAND_FAILURE(10,802), VDSM ovirt1 command Get Host Capabilities failed: General SSLEngine problem 2019-05-30 16:28:06,735+01 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedThreadFactory-engineScheduled-Thread-43) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: General SSLEngine problem 2019-05-30 16:28:29,716+01 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] Connecting to /192.168.17.157 2019-05-30 16:28:29,742+01 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages General SSLEngine problem 2019-05-30 16:28:29,745+01 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedThreadFactory-engineScheduled-Thread-51) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: General SSLEngine problem 2019-05-30 16:28:52,748+01 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] Connecting to /192.168.17.157 2019-05-30 16:28:52,776+01 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages General SSLEngine problem 2019-05-30 16:28:52,789+01 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-95) [] EVENT_ID: VDS_BROKER_COMMAND_FAILURE(10,802), VDSM ovirt1 command Get Host Capabilities failed: General SSLEngine problem 2019-05-30 16:28:52,789+01 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedThreadFactory-engineScheduled-Thread-95) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: General SSLEngine problem 2019-05-30 16:29:15,779+01 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] Connecting to /192.168.17.157 2019-05-30 16:29:15,818+01 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages General SSLEngine problem 2019-05-30 16:29:15,833+01 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedThreadFactory-engineScheduled-Thread-88) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: General SSLEngine problem ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/K75Q6P55ZKL6J5JWUDWGUKMBM6GMIT5G/
[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
Even with that adjustments it gives the error of invalid credentials for the user i specified in test login flow: [root@ovirt ~]# ovirt-engine-extension-aaa-ldap-setup [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf'] Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20190530152903-9p7d86.log Version: otopi-1.7.8 (otopi-1.7.8-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment customization Welcome to LDAP extension configuration program Available LDAP implementations: 1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IBM Security Directory Server 5 - IBM Security Directory Server RFC-2307 Schema 6 - IPA 7 - Novell eDirectory RFC-2307 Schema 8 - OpenLDAP RFC-2307 Schema 9 - OpenLDAP Standard Schema 10 - Oracle Unified Directory RFC-2307 Schema 11 - RFC-2307 Schema (Generic) 12 - RHDS 13 - RHDS RFC-2307 Schema 14 - iPlanet Please select: 9 NOTE: It is highly recommended to use DNS resolution for LDAP server. If for some reason you intend to use hosts or plain address disable DNS usage. Use DNS (Yes, No) [Yes]: no Available policy method: 1 - Single server 2 - DNS domain LDAP SRV record 3 - Round-robin between multiple hosts 4 - Failover between multiple hosts Please select: 1 Please enter host address: 192.168.16.114 NOTE: It is highly recommended to use secure protocol to access the LDAP server. Protocol startTLS is the standard recommended method to do so. Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol. Use plain for test environments only. Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain [ INFO ] Connecting to LDAP using 'ldap://192.168.16.114:389' [ INFO ] Connection succeeded Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): cn=System Administrator (RO),ou=People,dc=lab,dc=local Enter search user password: [ INFO ] Attempting to bind using 'cn=System Administrator (RO),ou=People,dc=lab,dc=local' Please enter base DN (dc=lab,dc=local) [dc=lab,dc=local]: ou=People,dc=lab,dc=local Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: no Please specify profile name that will be visible to users [192.168.16.114]: lab.local [ INFO ] Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before applying it into engine. Login sequence is executed automatically, but it is recommended to also execute Search sequence manually after successful Login sequence. Please provide credentials to test login flow: Enter user name: node1 Enter user password: [ INFO ] Executing login sequence... Login output: 2019-05-30 15:30:13,585+01 INFO 2019-05-30 15:30:13,642+01 INFO Initialization 2019-05-30 15:30:13,642+01 INFO 2019-05-30 15:30:13,718+01 INFOLoading extension 'lab.local-authn' 2019-05-30 15:30:13,887+01 INFOExtension 'lab.local-authn' loaded 2019-05-30 15:30:13,890+01 INFOLoading extension 'lab.local-authz' 2019-05-30 15:30:13,901+01 INFOExtension 'lab.local-authz' loaded 2019-05-30 15:30:13,901+01 INFOInitializing extension 'lab.local-authn' 2019-05-30 15:30:13,928+01 INFO [ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] Creating LDAP pool 'authz' 2019-05-30 15:30:14,031+01 INFO [ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] LDAP pool 'authz' information: vendor='null' version='null' 2019-05-30 15:30:14,032+01 INFO [ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] Creating LDAP pool 'authn' 2019-05-30 15:30:14,050+01 INFO [ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] LDAP pool 'authn' information: vendor='null' version='null' 2019-05-30 15:30:14,051+01 INFOExtension 'lab.local-authn' initialized 2019-05-30 15:30:14,051+01 INFOInitializing extension 'lab.local-authz' 2019-05-30 15:30:14,052+01 INFO [ovirt-engine-extension-aaa-ldap.aut
[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
So when i choose to use DNS and put on Single Server the ldap.lab.local it can't be resolved for some reason but when i ping him with the hostname it can make communication. [root@ovirt ~]# ovirt-engine-extension-aaa-ldap-setup [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf'] Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20190530151423-7oj9kq.log Version: otopi-1.7.8 (otopi-1.7.8-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment customization Welcome to LDAP extension configuration program Available LDAP implementations: 1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IBM Security Directory Server 5 - IBM Security Directory Server RFC-2307 Schema 6 - IPA 7 - Novell eDirectory RFC-2307 Schema 8 - OpenLDAP RFC-2307 Schema 9 - OpenLDAP Standard Schema 10 - Oracle Unified Directory RFC-2307 Schema 11 - RFC-2307 Schema (Generic) 12 - RHDS 13 - RHDS RFC-2307 Schema 14 - iPlanet Please select: 9 NOTE: It is highly recommended to use DNS resolution for LDAP server. If for some reason you intend to use hosts or plain address disable DNS usage. Use DNS (Yes, No) [Yes]: Available policy method: 1 - Single server 2 - DNS domain LDAP SRV record 3 - Round-robin between multiple hosts 4 - Failover between multiple hosts Please select: 1 Please enter host address: ldap.lab.local [ INFO ] Trying to resolve host 'ldap.lab.local' [ ERROR ] Cannot resolve host 'ldap.lab.local' Please enter host address: ^C[ ERROR ] Failed to execute stage 'Environment customization': SIG2 [ INFO ] Stage: Clean up Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20190530151423-7oj9kq.log: [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/SH6U5FBXJ22DDPXT6QJPJLROZZXH4L2G/
[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
It gives the same error that can't connect because of invalid credentials and when i try to put the hostname on the option of Single Server it can't resolve the host but when i ping him i can resolve it. [root@ovirt ~]# ovirt-engine-extension-aaa-ldap-setup [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf'] Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20190530142721-m0p3r8.log Version: otopi-1.7.8 (otopi-1.7.8-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment customization Welcome to LDAP extension configuration program Available LDAP implementations: 1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IBM Security Directory Server 5 - IBM Security Directory Server RFC-2307 Schema 6 - IPA 7 - Novell eDirectory RFC-2307 Schema 8 - OpenLDAP RFC-2307 Schema 9 - OpenLDAP Standard Schema 10 - Oracle Unified Directory RFC-2307 Schema 11 - RFC-2307 Schema (Generic) 12 - RHDS 13 - RHDS RFC-2307 Schema 14 - iPlanet Please select: 9 NOTE: It is highly recommended to use DNS resolution for LDAP server. If for some reason you intend to use hosts or plain address disable DNS usage. Use DNS (Yes, No) [Yes]: Available policy method: 1 - Single server 2 - DNS domain LDAP SRV record 3 - Round-robin between multiple hosts 4 - Failover between multiple hosts Please select: 1 Please enter host address: 192.168.16.114 [WARNING] Detected plain IP address '192.168.16.114', disabling DNS. NOTE: It is highly recommended to use secure protocol to access the LDAP server. Protocol startTLS is the standard recommended method to do so. Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol. Use plain for test environments only. Please select protocol to use (startTLS, ldaps, plain) [startTLS]: Please select method to obtain PEM encoded CA certificate (File, URL, Inline, System, Insecure): Insecure [ INFO ] Connecting to LDAP using 'ldap://192.168.16.114:389' [ INFO ] Executing startTLS [ INFO ] Connection succeeded Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): uid=node1,ou=People,dc=lab,dc=local Enter search user password: [ INFO ] Attempting to bind using 'uid=node1,ou=People,dc=lab,dc=local' Please enter base DN (dc=lab,dc=local) [dc=lab,dc=local]: ou=People,dc=lab,dc=local Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: NOTE: Profile name has to match domain name, otherwise Single Sign-On for Virtual Machines will not work. Please specify profile name that will be visible to users [192.168.16.114]: lab.local [ INFO ] Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before applying it into engine. Login sequence is executed automatically, but it is recommended to also execute Search sequence manually after successful Login sequence. Please provide credentials to test login flow: Enter user name: node1 Enter user password: [ INFO ] Executing login sequence... Login output: 2019-05-30 14:29:03,825+01 INFO 2019-05-30 14:29:03,859+01 INFO Initialization 2019-05-30 14:29:03,859+01 INFO 2019-05-30 14:29:03,926+01 INFOLoading extension 'lab.local-authn' 2019-05-30 14:29:04,075+01 INFOExtension 'lab.local-authn' loaded 2019-05-30 14:29:04,095+01 INFOLoading extension 'lab.local' 2019-05-30 14:29:04,103+01 INFOExtension 'lab.local' loaded 2019-05-30 14:29:04,104+01 INFOInitializing extension 'lab.local-authn' 2019-05-30 14:29:04,105+01 INFO [ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] Creating LDAP pool 'authz' 2019-05-30 14:29:04,121+01 WARNING [ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] TLS/SSL insecure mode 2019-05-30 14:29:04,593+01 WARNING Exception: An error occurred while attempting to set the value of the SO_TIMEOUT socket option for connection LDAPConnection(connected to 1
[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
1 - Result of the command: [root@ovirt ~]# ldapsearch -x -b "ou=People,dc=lab,dc=local" -s sub -h 192.168.16.114 -p 389 -D "uid=node1,ou=People,dc=lab,dc=local" -W 'uid=node1' Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: uid=node1 # requesting: ALL # # node1, People, lab.local dn: uid=node1,ou=People,dc=lab,dc=local objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount sn: node1 givenName: node1 cn: node1 displayName: node1 uidNumber: 1000 gidNumber: 1000 userPassword:: e2NyeXB0fSQ2JC9TL2JnQjZUbVU4amhPRGgkU1NOVXcxYWxNaVdPd3pUamdKQjV vLlRXUTNzc3I4NWI2Sm9Kd2VVancvZDlqdVdEcElzQUI5eThmYWRkNWlEZkpnSm13cS5wNHg2ZGlQ c29YSXdyUi8= gecos: node1 loginShell: /bin/bash homeDirectory: /home/node1 shadowExpire: -1 shadowFlag: 0 shadowWarning: 7 shadowMin: 0 shadowMax: 9 shadowLastChange: 0 uid: node1 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Other output that gives result: [root@ovirt ~]# ldapsearch -x -b "ou=People,dc=lab,dc=local" -s sub -h 192.168.16.114 -p 389 -D "cn=ldapadm,dc=lab,dc=local" -W 'uid=node1' Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: uid=node1 # requesting: ALL # # node1, People, lab.local dn: uid=node1,ou=People,dc=lab,dc=local objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount sn: node1 givenName: node1 cn: node1 displayName: node1 uidNumber: 1000 gidNumber: 1000 userPassword:: e2NyeXB0fSQ2JC9TL2JnQjZUbVU4amhPRGgkU1NOVXcxYWxNaVdPd3pUamdKQjV vLlRXUTNzc3I4NWI2Sm9Kd2VVancvZDlqdVdEcElzQUI5eThmYWRkNWlEZkpnSm13cS5wNHg2ZGlQ c29YSXdyUi8= gecos: node1 loginShell: /bin/bash homeDirectory: /home/node1 shadowExpire: -1 shadowFlag: 0 shadowWarning: 7 shadowMin: 0 shadowMax: 9 shadowLastChange: 0 uid: node1 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 2 - The hostname is being resolved: [root@ovirt ~]# ping ldap.lab.local PING ldap.lab.local (192.168.16.114) 56(84) bytes of data. 64 bytes from ldap.lab.local (192.168.16.114): icmp_seq=1 ttl=64 time=1.25 ms 3 - I know it's not a good ideia with out the SSL/TLS but this ambient is just a laboratory of testes so it's alright. Thank you in advance for the help you ara giving! ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6LHCOPZXGAUVNJZYMTV6NYZ7Y3WRJPCO/
[ovirt-users] Re: Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
1 - I'm using option 9, but i already tried the users that i have on the ldap a none seems to work to bind. 2 - I was trying the 2 diferent aproaches by ip and hostname. 3 - The ldapadm is supose to be the LDAP Manager so my point is to bind that user. 4 - None of the profiles seems to work both of them don't show on the web-ui of the ovirt, the diference is that one is in production and another ias a lab test. 5 - My OpenLDAP doens't have certificate associated to him. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/IGRQBYBNGAI5LQ5ZCPHNXNDKZCVNHERO/
[ovirt-users] Ovirt-egine integration with OpenLDAP can't seem to find any users on Web-UI
Hello everyone. So i don't know what i'm doing wrong but this doesn't seem to work, i already made the confgurations needed on the ovirt-engine-extension-aaa-ldap i'm a little desperate here. I'm going to put all the commands that i already made and the errors that they give: - ovirt-engine-extension-aaa-ldap-setup Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before applying it into engine. Login sequence is executed automatically, but it is recommended to also execute Search sequence manually after successful Login sequence. Please provide credentials to test login flow: Enter user name: node1 Enter user password: [ INFO ] Executing login sequence... Login output: 2019-05-29 03:45:59,261+01 INFO 2019-05-29 03:45:59,301+01 INFO Initialization 2019-05-29 03:45:59,301+01 INFO 2019-05-29 03:45:59,385+01 INFOLoading extension '192.168.16.114-authn' 2019-05-29 03:45:59,540+01 INFOExtension '192.168.16.114-authn' loaded 2019-05-29 03:45:59,571+01 INFOLoading extension '192.168.16.114' 2019-05-29 03:45:59,585+01 INFOExtension '192.168.16.114' loaded 2019-05-29 03:45:59,585+01 INFOInitializing extension '192.168.16.114-authn' 2019-05-29 03:45:59,588+01 INFO [ovirt-engine-extension-aaa-ldap.authn::192.168.16.114-authn] Creating LDAP pool 'authz' 2019-05-29 03:45:59,734+01 INFO [ovirt-engine-extension-aaa-ldap.authn::192.168.16.114-authn] LDAP pool 'authz' information: vendor='null' version='null' 2019-05-29 03:45:59,736+01 INFO [ovirt-engine-extension-aaa-ldap.authn::192.168.16.114-authn] Creating LDAP pool 'authn' 2019-05-29 03:45:59,754+01 INFO [ovirt-engine-extension-aaa-ldap.authn::192.168.16.114-authn] LDAP pool 'authn' information: vendor='null' version='null' 2019-05-29 03:45:59,754+01 INFOExtension '192.168.16.114-authn' initialized 2019-05-29 03:45:59,755+01 INFOInitializing extension '192.168.16.114' 2019-05-29 03:45:59,756+01 INFO [ovirt-engine-extension-aaa-ldap.authz::192.168.16.114] Creating LDAP pool 'authz' 2019-05-29 03:45:59,775+01 INFO [ovirt-engine-extension-aaa-ldap.authz::192.168.16.114] LDAP pool 'authz' information: vendor='null' version='null' 2019-05-29 03:45:59,776+01 INFO [ovirt-engine-extension-aaa-ldap.authz::192.168.16.114] Available Namespaces: [ou=People,dc=lab,dc=local] 2019-05-29 03:45:59,777+01 INFOExtension '192.168.16.114' initialized 2019-05-29 03:45:59,777+01 INFOStart of enabled extensions list 2019-05-29 03:45:59,777+01 INFOInstance name: '192.168.16.114-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.8', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.8-1.el7', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmp7wX6s6/extensions.d/192.168.16.114-authn.properties', Initialized: 'true' 2019-05-29 03:45:59,778+01 INFOInstance name: '192.168.16.114', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.8', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.8-1.el7', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmp7wX6s6/extensions.d/192.168.16.114.properties', Initialized: 'true' 2019-05-29 03:45:59,778+01 INFOEnd of enabled extensions list 2019-05-29 03:45:59,778+01 INFO 2019-05-29 03:45:59,778+01 INFO== Execution === 2019-05-29 03:45:59,778+01 INFO 2019-05-29 03:45:59,779+01 INFOIteration: 0 2019-05-29 03:45:59,780+01 INFOProfile='192.168.16.114' authn='192.168.16.114-authn' authz='192.168.16.114' mapping='null' 2019-05-29 03:45:59,780+01 INFOAPI: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='192.168.16.114' user='node1' 2019-05-29 03:45:59,835+01 INFOAPI: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='192.168.16.114' result=CREDENTIALS_INVALID 2019-05-29 03:45:59,843+01 SEVERE Authn.Result code is: CREDENTIALS_INVALID [ ERROR ] Login sequence failed Please investigate details of the failure (search for lines containing SEVERE log level).