Thanks. I've deleted the old roles/users and recreated them using the System Permissions tab and logins are working now.
On 06/14/2018 09:20 AM, Ondra Machacek wrote: > This error: > > The user u...@example.com@example.com is not authorized to perform login > > means that you don't have any role assigned to your user. > > Please check following documentation: > > > https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/#user-authorization > > > to understand permission model of oVirt. > > On 06/14/2018 02:39 PM, Michael Watters wrote: >> ldapsearch works correctly and I'm able to bind to AD without any >> issues. ovirt-engine-extension-aaa-ldap-setup also shows searches >> working correctly. >> >> One thing I've discovered is that I can login as "u...@domain.com" but >> then receive an error as follows. >> >>> The user u...@example.com@example.com is not authorized to perform >>> login >> >> How do I enable debug logs? The log entries from the engine.log file >> are the same as my previous message. >> >> >> On 06/14/2018 06:37 AM, Ondra Machacek wrote: >>> Can you share the debug log, and also make sure the search user you are >>> using is correct for example by running the ldapsearch command with it. >>> >>> On 06/13/2018 05:33 PM, Michael Watters wrote: >>>> I've ran the ovirt-engine-extension-aaa-ldap-setup command to >>>> configure >>>> LDAP authentication using Active Directory however I am unable to >>>> authenticate using valid credentials. Here is the output show while >>>> testing the login flow. >>>> >>>> [ INFO ] Executing login sequence... >>>> Login output: >>>> 2018-06-13 11:27:17,931-04 INFO >>>> ======================================================================== >>>> >>>> 2018-06-13 11:27:17,960-04 INFO >>>> ============================ Initialization >>>> ============================ >>>> 2018-06-13 11:27:17,960-04 INFO >>>> ======================================================================== >>>> >>>> 2018-06-13 11:27:17,999-04 INFO Loading extension >>>> 'example.com-authn' >>>> 2018-06-13 11:27:18,072-04 INFO Extension >>>> 'example.com-authn' loaded >>>> 2018-06-13 11:27:18,077-04 INFO Loading extension >>>> 'example.com-authz' >>>> 2018-06-13 11:27:18,089-04 INFO Extension >>>> 'example.com-authz' loaded >>>> 2018-06-13 11:27:18,090-04 INFO Initializing extension >>>> 'example.com-authn' >>>> 2018-06-13 11:27:18,091-04 INFO >>>> [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating >>>> LDAP >>>> pool 'authz' >>>> 2018-06-13 11:27:19,574-04 WARNING Exception: 80090308: >>>> LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data >>>> 52e, >>>> v3839 >>>> 2018-06-13 11:27:19,576-04 INFO >>>> [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] Creating >>>> LDAP >>>> pool 'authn' >>>> 2018-06-13 11:27:20,668-04 INFO >>>> [ovirt-engine-extension-aaa-ldap.authn::example.com-authn] LDAP pool >>>> 'authn' information: vendor='null' version='null' >>>> 2018-06-13 11:27:20,674-04 WARNING Ignoring records from >>>> pool: >>>> 'authz' >>>> 2018-06-13 11:27:20,676-04 WARNING Ignoring records from >>>> pool: >>>> 'authz' >>>> 2018-06-13 11:27:20,676-04 INFO Extension >>>> 'example.com-authn' initialized >>>> 2018-06-13 11:27:20,677-04 INFO Initializing extension >>>> 'example.com-authz' >>>> 2018-06-13 11:27:20,679-04 INFO >>>> [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating >>>> LDAP >>>> pool 'authz' >>>> 2018-06-13 11:27:21,270-04 WARNING Exception: 80090308: >>>> LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data >>>> 52e, >>>> v3839 >>>> 2018-06-13 11:27:21,273-04 INFO >>>> [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Creating >>>> LDAP >>>> pool 'gc' >>>> 2018-06-13 11:27:22,065-04 WARNING Exception: 80090308: >>>> LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data >>>> 52e, >>>> v1db1 >>>> 2018-06-13 11:27:22,069-04 WARNING Ignoring records from >>>> pool: >>>> 'authz' >>>> 2018-06-13 11:27:22,072-04 WARNING Ignoring records from >>>> pool: >>>> 'authz' >>>> 2018-06-13 11:27:22,085-04 WARNING Ignoring records from >>>> pool: >>>> 'authz' >>>> 2018-06-13 11:27:22,086-04 INFO >>>> [ovirt-engine-extension-aaa-ldap.authz::example.com-authz] Available >>>> Namespaces: [] >>>> 2018-06-13 11:27:22,087-04 INFO Extension >>>> 'example.com-authz' initialized >>>> 2018-06-13 11:27:22,088-04 INFO Start of enabled >>>> extensions >>>> list >>>> 2018-06-13 11:27:22,089-04 INFO Instance name: >>>> 'example.com-authz', Extension name: >>>> 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.7', Notes: >>>> 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', >>>> License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt >>>> Project', Build interface Version: '0', File: >>>> '/tmp/tmpPQluAI/extensions.d/example.com-authz.properties', >>>> Initialized: >>>> 'true' >>>> 2018-06-13 11:27:22,089-04 INFO Instance name: >>>> 'example.com-authn', Extension name: >>>> 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.7', Notes: >>>> 'Display name: ovirt-engine-extension-aaa-ldap-1.3.7-1.el7.centos', >>>> License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt >>>> Project', Build interface Version: '0', File: >>>> '/tmp/tmpPQluAI/extensions.d/example.com-authn.properties', >>>> Initialized: >>>> 'true' >>>> 2018-06-13 11:27:22,090-04 INFO End of enabled >>>> extensions list >>>> 2018-06-13 11:27:22,090-04 INFO >>>> ======================================================================== >>>> >>>> 2018-06-13 11:27:22,090-04 INFO >>>> ============================== Execution >>>> =============================== >>>> 2018-06-13 11:27:22,091-04 INFO >>>> ======================================================================== >>>> >>>> 2018-06-13 11:27:22,091-04 INFO Iteration: 0 >>>> 2018-06-13 11:27:22,093-04 INFO Profile='example.com' >>>> authn='example.com-authn' authz='example.com-authz' mapping='null' >>>> 2018-06-13 11:27:22,094-04 INFO API: >>>> -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' >>>> user='d861703' >>>> 2018-06-13 11:27:22,251-04 INFO API: >>>> <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='example.com' >>>> result=CREDENTIALS_INCORRECT >>>> 2018-06-13 11:27:22,262-04 SEVERE Authn.Result code is: >>>> CREDENTIALS_INCORRECT >>>> [ ERROR ] Login sequence failed >>>> >>>> Does anybody know what LdapErr: DSID-0C09042A, comment: >>>> AcceptSecurityContext error, data 52e, v3839 means? Is this a TLS >>>> issue? I am quite certain the password I'm using is correct. >>>> _______________________________________________ >>>> Users mailing list -- users@ovirt.org >>>> To unsubscribe send an email to users-le...@ovirt.org >>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>> oVirt Code of Conduct: >>>> https://www.ovirt.org/community/about/community-guidelines/ >>>> List Archives: >>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/7KTJZ6ID3PB764CW6LP3LYH57N742RMI/ >>>> >>>> >> _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/THIZFGNHEILYKQCOBQCGDDG6HWWNMCWJ/