On 01/20/2014 11:33 PM, Yair Zaslavsky wrote: > Hi Adam, > Looks like you have problems in running the Root DSE query. > I would like you to try and troubleshoot by comparing this to the execution > of - > > ldapsearch -x -h <YOUR_IPA_SERVER_IP_ADDRESS> -s base >
I think the problem is that your LDAP server is configured with a minimum security strength factor that triggers a bug in the Kerberos support in the Java virtual machine. This is a know issue. See here for details: http://gerrit.ovirt.org/21505 > ----- Original Message ----- >> From: "Adam Litke" <ali...@redhat.com> >> To: users@ovirt.org >> Sent: Tuesday, January 21, 2014 12:12:03 AM >> Subject: [Users] Problem adding an IPA server to oVirt >> >> Hi, >> >> I am trying to set up an oVirt environment with an IPA provider and >> am hitting a GeneralException that I am unsure how to debug. I have >> configured freeIPA in a Fedora VM using the supplied configuration >> script and I can 'kinit admin' from the ovirt-engine machine. When I >> run the manage-domains command I get the following exception: >> >> I didn't realize it, but I had to add _kerberos srv records to my >> dnsmasq.conf in order for the script to even find my KDC. >> >> ./engine-manage-domains -action=add -provider=IPA -domain=alitke.net >> -user=admin -interactive -ldapServers=directory.alitke.net >> Enter password: >> General error has occurednull >> java.lang.NegativeArraySizeException >> at >> sun.security.jgss.krb5.CipherHelper.aes256Encrypt(CipherHelper.java:1367) >> at >> sun.security.jgss.krb5.CipherHelper.encryptData(CipherHelper.java:722) >> at >> sun.security.jgss.krb5.WrapToken_v2.<init>(WrapToken_v2.java:200) >> at >> sun.security.jgss.krb5.Krb5Context.wrap(Krb5Context.java:861) >> at >> sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:385) >> at >> com.sun.security.sasl.gsskerb.GssKrb5Base.wrap(GssKrb5Base.java:104) >> at >> com.sun.jndi.ldap.sasl.SaslOutputStream.write(SaslOutputStream.java:89) >> at >> com.sun.jndi.ldap.Connection.writeRequest(Connection.java:430) >> at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:555) >> at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) >> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847) >> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) >> at >> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) >> at >> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) >> at >> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) >> at >> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) >> at >> org.ovirt.engine.core.ldap.RootDSEData.<init>(RootDSEData.java:52) >> at >> org.ovirt.engine.core.utils.kerberos.JndiAction.getDomainDN(JndiAction.java:254) >> at >> org.ovirt.engine.core.utils.kerberos.JndiAction.run(JndiAction.java:87) >> at java.security.AccessController.doPrivileged(Native Method) >> at javax.security.auth.Subject.doAs(Subject.java:356) >> at >> org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.promptSuccessfulAuthentication(KerberosConfigCheck.java:174) >> at >> org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.validateKerberosInstallation(KerberosConfigCheck.java:150) >> at >> org.ovirt.engine.core.utils.kerberos.KerberosConfigCheck.checkInstallation(KerberosConfigCheck.java:135) >> at >> org.ovirt.engine.core.domains.ManageDomains.checkKerberosConfiguration(ManageDomains.java:739) >> at >> org.ovirt.engine.core.domains.ManageDomains.testConfiguration(ManageDomains.java:909) >> at >> org.ovirt.engine.core.domains.ManageDomains.addDomain(ManageDomains.java:531) >> at >> org.ovirt.engine.core.domains.ManageDomains.runCommand(ManageDomains.java:308) >> at >> org.ovirt.engine.core.domains.ManageDomains.main(ManageDomains.java:205) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:606) >> at org.jboss.modules.Module.run(Module.java:260) >> at org.jboss.modules.Main.main(Main.java:291) >> Failure while testing domain %1$s. Details: %2$s: One of the >> parameters for this error is null and no default message to show >> >> Any thoughts on what might be going wrong? >> -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users