On Sun, 19 Feb 2012, Itamar Heim wrote:
On 02/19/2012 11:11 PM, Nathan Stratton wrote:
On Sun, 19 Feb 2012, Itamar Heim wrote:
the current code supports AD, freeIPA/IPA and 389ds/RHDS.
if apache directory server is similar to any of them, you could try
hacking the code to add support for it.
Ok, will go with 389 for now, its in the family, tho Gluster is in the
family and you don't support it as a storage file system... : )
please remember you need 389ds with kerberos support.
Got it installed and setup, I am able to authenticate from linux boxes
with the new 389 LDAP so I know that works. However still running into
issues getting ovirt-engine to work with it.
http://share.robotics.net/ldap.pcap
As you can see from the pcap, I see a DNS SRV query for
_ldap._tcp.blinkmind.net and the box does talk to the LDAP box. I don't
see anyting on port 88, or a ldap query for the kerberos or does it try to
just use the same IP as ldap?
2012-02-21 16:59:48,411 ERROR
[org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
(http--0.0.0.0-8080-1) Failed ldap search server
LDAP://ldap-master.hou.blinkmind.net:389 due to
org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException. We
should not try the next server:
org.ovirt.engine.core.bll.adbroker.EngineDirectoryServiceException
at
org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticateToKDC(GSSAPIDirContextAuthenticationStrategy.java:150)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.explicitAuth(GSSAPIDirContextAuthenticationStrategy.java:119)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticate(GSSAPIDirContextAuthenticationStrategy.java:111)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.GSSAPILdapTemplateWrapper.useAuthenticationStrategy(GSSAPILdapTemplateWrapper.java:90)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.PrepareLdapConnectionTask.call(PrepareLdapConnectionTask.java:56)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:108)
[engine-bll.jar:]
at
org.ovirt.engine.core.bll.adbroker.DirectorySearcher$1.call(DirectorySearcher.java:97)
[engine-bll.jar:]
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
[:1.6.0_22]
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
[:1.6.0_22]
at
org.ovirt.engine.core.utils.threadpool.ThreadPoolUtil$InternalWrapperRunnable.run(ThreadPoolUtil.java:57)
[utils-3.0.0-0001.jar:]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
[:1.6.0_22]
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
[:1.6.0_22]
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
[:1.6.0_22]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
[:1.6.0_22]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
[:1.6.0_22]
at java.lang.Thread.run(Thread.java:679) [:1.6.0_22]
2012-02-21 16:59:48,415 ERROR
[org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand]
(http--0.0.0.0-8080-1) Failed authenticating user: nathan to domain
blinkmind.net. Ldap Query Type is getUserByName
2012-02-21 16:59:48,416 ERROR
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1)
USER_FAILED_TO_AUTHENTICATE_NO_KDCS_FOUND : nathan
2012-02-21 16:59:48,416 WARN
[org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1)
CanDoAction of action LoginAdminUser failed.
Reasons:USER_FAILED_TO_AUTHENTICATE_NO_KDCS_FOUND
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
