Sorry I forgot the attachment
Nick
Il 10/10/2017 14:50, nicola.gentile.to ha scritto:
Hi,
I have a problem. Suddenly from the user portal the users of AD not
login and displays the error:
server_error: Unexpected comma or semicolon found at the end of the DN
string.
Also, from Admin Portal ->Users when I try to add a user of AD I don't
see the sub domain
Also, I try to run ovirt-engine-extension-aaa-ldap-setup but not works.
I attach the log file.
please help me
Thanks
Nick
ovirt-engine-extension-aaa-ldap-setup
[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf']
Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20171010144529-5gjttc.log
Version: otopi-1.6.2 (otopi-1.6.2-1.el7.centos)
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment customization
Welcome to LDAP extension configuration program
Available LDAP implementations:
1 - 389ds
2 - 389ds RFC-2307 Schema
3 - Active Directory
4 - IBM Security Directory Server
5 - IBM Security Directory Server RFC-2307 Schema
6 - IPA
7 - Novell eDirectory RFC-2307 Schema
8 - OpenLDAP RFC-2307 Schema
9 - OpenLDAP Standard Schema
10 - Oracle Unified Directory RFC-2307 Schema
11 - RFC-2307 Schema (Generic)
12 - RHDS
13 - RHDS RFC-2307 Schema
14 - iPlanet
Please select: 3
Please enter Active Directory Forest name: polito.it
[ INFO ] Resolving Global Catalog SRV record for polito.it
NOTE:
It is highly recommended to use secure protocol to access the LDAP server.
Protocol startTLS is the standard recommended method to do so.
Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol.
Use plain for test environments only.
Please select protocol to use (startTLS, ldaps, plain) [startTLS]:
Please select method to obtain PEM encoded CA certificate (File, URL, Inline, System, Insecure): File
File path: /root/politoca.pem
[ INFO ] Resolving SRV record 'polito.it'
[ INFO ] Connecting to LDAP using 'ldap://politodc01.polito.it:389'
[ INFO ] Executing startTLS
[ INFO ] Connection succeeded
Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): CN=TOOL_NICOLA,OU=Special_Users,DC=polito,DC=it
Enter search user password:
[ INFO ] Attempting to bind using 'CN=TOOL_NICOLA,OU=Special_Users,DC=polito,DC=it'
Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: No
Please specify profile name that will be visible to users [polito.it]:
[ INFO ] Stage: Setup validation
The following files are about to be overwritten:
/etc/ovirt-engine/extensions.d/polito.it-authn.properties
/etc/ovirt-engine/extensions.d/polito.it-authz.properties
/etc/ovirt-engine/aaa/polito.it.properties
/etc/ovirt-engine/aaa/polito.it.jks
Continue and overwrite? (Yes, No) [No]: Yes
NOTE:
It is highly recommended to test drive the configuration before applying it into engine.
Login sequence is executed automatically, but it is recommended to also execute Search sequence manually after successful Login sequence.
Please provide credentials to test login flow:
Enter user name: nicola.gent...@polito.it
Enter user password:
[ INFO ] Executing login sequence...
Login output:
2017-10-10 14:47:35,284+02 INFO ========================================================================
2017-10-10 14:47:35,297+02 INFO ============================ Initialization ============================
2017-10-10 14:47:35,298+02 INFO ========================================================================
2017-10-10 14:47:35,316+02 INFO Loading extension 'polito.it-authz'
2017-10-10 14:47:35,368+02 INFO Extension 'polito.it-authz' loaded
2017-10-10 14:47:35,370+02 INFO Loading extension 'polito.it-authn'
2017-10-10 14:47:35,377+02 INFO Extension 'polito.it-authn' loaded
2017-10-10 14:47:35,377+02 INFO Initializing extension 'polito.it-authz'
2017-10-10 14:47:35,378+02 INFO [ovirt-engine-extension-aaa-ldap.authz::polito.it-authz] Creating LDAP pool 'authz'
2017-10-10 14:47:36,199+02 INFO [ovirt-engine-extension-aaa-ldap.authz::polito.it-authz] LDAP pool 'authz' information: vendor='null' version='null'
2017-10-10 14:47:36,201+02 INFO [ovirt-engine-extension-aaa-ldap.authz::polito.it-authz] Creating LDAP pool 'gc'
2017-10-10 14:47:36,374+02 WARNING Exception: The connection reader was unable to successfully complete TLS negotiation: SSLHandshakeException(message='sun.security.validator.ValidatorException: No trusted certificate found', trace='getSSLException(Alerts.java:192) / fatal(SSLSocketImpl.java:1959) / fatalSE(Handshaker.java:302) / fatalSE(Handshaker.java:296) / serverCertificate(ClientHandshaker.java:1514) / processMessage(ClientHandshaker.java:216) / processLoop(Handshaker.java:1026) / process_record(Handshaker.java:961) / readRecord(SSLSocketImpl.java:1072) / performInitialHandshake(SSLSocketImpl.java:1385) / startHandshake(SSLSocketImpl.java:1413) / startHandshake(SSLSocketImpl.java:1397) / run(LDAPConnectionReader.java:301)', cause=ValidatorException(message='No trusted certificate found', trace='buildTrustedChain(SimpleValidator.java:397) / engineValidate(SimpleValidator.java:134) / validate(Validator.java:260) / validate(X509TrustManagerImpl.java:324) / checkTrusted(X509TrustManagerImpl.java:229) / checkServerTrusted(X509TrustManagerImpl.java:124) / serverCertificate(ClientHandshaker.java:1496) / processMessage(ClientHandshaker.java:216) / processLoop(Handshaker.java:1026) / process_record(Handshaker.java:961) / readRecord(SSLSocketImpl.java:1072) / performInitialHandshake(SSLSocketImpl.java:1385) / startHandshake(SSLSocketImpl.java:1413) / startHandshake(SSLSocketImpl.java:1397) / run(LDAPConnectionReader.java:301)', revision=0), revision=0)
2017-10-10 14:47:36,408+02 INFO [ovirt-engine-extension-aaa-ldap.authz::polito.it-authz] Creating LDAP pool 'au...@polito.it'
2017-10-10 14:47:36,470+02 WARNING Exception: The connection reader was unable to successfully complete TLS negotiation: SSLHandshakeException(message='sun.security.validator.ValidatorException: No trusted certificate found', trace='getSSLException(Alerts.java:192) / fatal(SSLSocketImpl.java:1959) / fatalSE(Handshaker.java:302) / fatalSE(Handshaker.java:296) / serverCertificate(ClientHandshaker.java:1514) / processMessage(ClientHandshaker.java:216) / processLoop(Handshaker.java:1026) / process_record(Handshaker.java:961) / readRecord(SSLSocketImpl.java:1072) / performInitialHandshake(SSLSocketImpl.java:1385) / startHandshake(SSLSocketImpl.java:1413) / startHandshake(SSLSocketImpl.java:1397) / run(LDAPConnectionReader.java:301)', cause=ValidatorException(message='No trusted certificate found', trace='buildTrustedChain(SimpleValidator.java:397) / engineValidate(SimpleValidator.java:134) / validate(Validator.java:260) / validate(X509TrustManagerImpl.java:324) / checkTrusted(X509TrustManagerImpl.java:229) / checkServerTrusted(X509TrustManagerImpl.java:124) / serverCertificate(ClientHandshaker.java:1496) / processMessage(ClientHandshaker.java:216) / processLoop(Handshaker.java:1026) / process_record(Handshaker.java:961) / readRecord(SSLSocketImpl.java:1072) / performInitialHandshake(SSLSocketImpl.java:1385) / startHandshake(SSLSocketImpl.java:1413) / startHandshake(SSLSocketImpl.java:1397) / run(LDAPConnectionReader.java:301)', revision=0), revision=0)
2017-10-10 14:47:36,470+02 WARNING Ignoring records from pool: 'au...@polito.it'
2017-10-10 14:47:36,476+02 WARNING Ignoring records from pool: 'au...@polito.it'
2017-10-10 14:47:36,476+02 INFO [ovirt-engine-extension-aaa-ldap.authz::polito.it-authz] Available Namespaces: []
2017-10-10 14:47:36,477+02 INFO Extension 'polito.it-authz' initialized
2017-10-10 14:47:36,477+02 INFO Initializing extension 'polito.it-authn'
2017-10-10 14:47:36,478+02 INFO [ovirt-engine-extension-aaa-ldap.authn::polito.it-authn] Creating LDAP pool 'authz'
2017-10-10 14:47:36,548+02 WARNING Exception: The connection reader was unable to successfully complete TLS negotiation: SSLHandshakeException(message='sun.security.validator.ValidatorException: No trusted certificate found', trace='getSSLException(Alerts.java:192) / fatal(SSLSocketImpl.java:1959) / fatalSE(Handshaker.java:302) / fatalSE(Handshaker.java:296) / serverCertificate(ClientHandshaker.java:1514) / processMessage(ClientHandshaker.java:216) / processLoop(Handshaker.java:1026) / process_record(Handshaker.java:961) / readRecord(SSLSocketImpl.java:1072) / performInitialHandshake(SSLSocketImpl.java:1385) / startHandshake(SSLSocketImpl.java:1413) / startHandshake(SSLSocketImpl.java:1397) / run(LDAPConnectionReader.java:301)', cause=ValidatorException(message='No trusted certificate found', trace='buildTrustedChain(SimpleValidator.java:397) / engineValidate(SimpleValidator.java:134) / validate(Validator.java:260) / validate(X509TrustManagerImpl.java:324) / checkTrusted(X509TrustManagerImpl.java:229) / checkServerTrusted(X509TrustManagerImpl.java:124) / serverCertificate(ClientHandshaker.java:1496) / processMessage(ClientHandshaker.java:216) / processLoop(Handshaker.java:1026) / process_record(Handshaker.java:961) / readRecord(SSLSocketImpl.java:1072) / performInitialHandshake(SSLSocketImpl.java:1385) / startHandshake(SSLSocketImpl.java:1413) / startHandshake(SSLSocketImpl.java:1397) / run(LDAPConnectionReader.java:301)', revision=0), revision=0)
2017-10-10 14:47:36,549+02 INFO [ovirt-engine-extension-aaa-ldap.authn::polito.it-authn] Creating LDAP pool 'authn'
2017-10-10 14:47:37,052+02 WARNING Exception: The connection reader was unable to successfully complete TLS negotiation: SSLHandshakeException(message='sun.security.validator.ValidatorException: No trusted certificate found', trace='getSSLException(Alerts.java:192) / fatal(SSLSocketImpl.java:1959) / fatalSE(Handshaker.java:302) / fatalSE(Handshaker.java:296) / serverCertificate(ClientHandshaker.java:1514) / processMessage(ClientHandshaker.java:216) / processLoop(Handshaker.java:1026) / process_record(Handshaker.java:961) / readRecord(SSLSocketImpl.java:1072) / performInitialHandshake(SSLSocketImpl.java:1385) / startHandshake(SSLSocketImpl.java:1413) / startHandshake(SSLSocketImpl.java:1397) / run(LDAPConnectionReader.java:301)', cause=ValidatorException(message='No trusted certificate found', trace='buildTrustedChain(SimpleValidator.java:397) / engineValidate(SimpleValidator.java:134) / validate(Validator.java:260) / validate(X509TrustManagerImpl.java:324) / checkTrusted(X509TrustManagerImpl.java:229) / checkServerTrusted(X509TrustManagerImpl.java:124) / serverCertificate(ClientHandshaker.java:1496) / processMessage(ClientHandshaker.java:216) / processLoop(Handshaker.java:1026) / process_record(Handshaker.java:961) / readRecord(SSLSocketImpl.java:1072) / performInitialHandshake(SSLSocketImpl.java:1385) / startHandshake(SSLSocketImpl.java:1413) / startHandshake(SSLSocketImpl.java:1397) / run(LDAPConnectionReader.java:301)', revision=0), revision=0)
2017-10-10 14:47:37,053+02 WARNING Ignoring records from pool: 'authz'
2017-10-10 14:47:37,054+02 WARNING [ovirt-engine-extension-aaa-ldap.authn::polito.it-authn] Cannot initialize LDAP framework, deferring initialization. Error: Unexpected comma or semicolon found at the end of the DN string.
2017-10-10 14:47:37,055+02 INFO Extension 'polito.it-authn' initialized
2017-10-10 14:47:37,055+02 INFO Start of enabled extensions list
2017-10-10 14:47:37,055+02 INFO Instance name: 'polito.it-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.4', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.4-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmp0bDnjo/extensions.d/polito.it-authz.properties', Initialized: 'true'
2017-10-10 14:47:37,056+02 INFO Instance name: 'polito.it-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.4', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.4-1.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmp0bDnjo/extensions.d/polito.it-authn.properties', Initialized: 'true'
2017-10-10 14:47:37,056+02 INFO End of enabled extensions list
2017-10-10 14:47:37,056+02 INFO ========================================================================
2017-10-10 14:47:37,056+02 INFO ============================== Execution ===============================
2017-10-10 14:47:37,057+02 INFO ========================================================================
2017-10-10 14:47:37,057+02 INFO Iteration: 0
2017-10-10 14:47:37,058+02 INFO Profile='polito.it' authn='polito.it-authn' authz='polito.it-authz' mapping='null'
2017-10-10 14:47:37,058+02 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='polito.it' user='nicola.gent...@polito.it'
2017-10-10 14:47:37,060+02 WARNING Ignoring records from pool: 'authz'
2017-10-10 14:47:37,061+02 WARNING [ovirt-engine-extension-aaa-ldap.authn::polito.it-authn] Cannot initialize LDAP framework, deferring initialization. Error: Unexpected comma or semicolon found at the end of the DN string.
2017-10-10 14:47:37,061+02 SEVERE Unexpected comma or semicolon found at the end of the DN string.
[ ERROR ] Login sequence failed
Please investigate details of the failure (search for lines containing SEVERE log level).
Select test sequence to execute (Done, Abort, Login, Search) [Abort]: Done
[ INFO ] Stage: Transaction setup
[ INFO ] Stage: Misc configuration
[ INFO ] Stage: Package installation
[ INFO ] Stage: Misc configuration
[ INFO ] Stage: Transaction commit
[ INFO ] Stage: Closing up
CONFIGURATION SUMMARY
Profile name is: polito.it
The following files were created:
/etc/ovirt-engine/aaa/polito.it.jks
/etc/ovirt-engine/aaa/polito.it.properties
[ INFO ] Stage: Clean up
Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20171010144529-5gjttc.log:
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
