I am working on getting ovirt working with our LDAP enviornment and have
run into a few issues. Based on my googling my understanding is that ovirt
should query DNS for a ldap SRV record. However based on my wireshark
captures I never see such a request.
I ended up installing phpPgAdmin and found the vdc_options table and
someting called DomainName. I figured that was a good place to start so I
put our domain there and now I see the DNS SRV queries.
In the logs I see:
2012-02-19 12:58:26,532 ERROR
[org.ovirt.engine.core.bll.adbroker.GetRootDSETask] (pool-5-thread-47) Couldnt
deduce provider type for domain blinkmind.net
2012-02-19 12:58:26,533 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8080-10)
Failed ldap search server LDAP://ldap-master.dal.blinkmind.net:389 due to
org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: Failed to
get rootDSE record for server LDAP://ldap-master.dal.blinkmind.net:389. We
should try the next server:
org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException: Failed to
get rootDSE record for server LDAP://ldap-master.dal.blinkmind.net:389
at
org.ovirt.engine.core.bll.adbroker.GetRootDSETask.call(GetRootDSETask.java:68)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:101)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97)
[engine-bll.jar:]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
[:1.6.0_22]
at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22]
at
org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57)
[utils-3.0.0-0001.jar:]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
[:1.6.0_22]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
[:1.6.0_22]
at java.util.concurrent.FutureTask.run(FutureTask.java:166) [:1.6.0_22]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
[:1.6.0_22]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
[:1.6.0_22]
at java.lang.Thread.run(Thread.java:679) [:1.6.0_22]
2012-02-19 12:58:26,537 ERROR
[org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand]
(http--0.0.0.0-8080-10) Failed authenticating user: nathan to domain
blinkmind.net. Ldap Query Type is getUserByName
2012-02-19 12:58:26,538 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand]
(http--0.0.0.0-8080-10) USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR : nathan
2012-02-19 12:58:26,539 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand]
(http--0.0.0.0-8080-10) CanDoAction of action LoginAdminUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR
All our linux boxes use the same LDAP server without issue, so I know that
part is working.
P.S. What is LDAPSecurityAuthentication (option_id 2) and what should it
be set to?
<>
Nathan Stratton CTO, BlinkMind, Inc.
nathan at robotics.net nathan at blinkmind.com
http://www.robotics.net http://www.blinkmind.com
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
