Bug 1117488
Summary: | [AAA] Unable to search all users via REST or UI | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] oVirt | Reporter: | Ondra Machacek <omachace> | ||||||||||
Component: | ovirt-engine-webadmin | Assignee: | Ravi Nori <rnori> | ||||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ondra Machacek <omachace> | ||||||||||
Severity: | high | Docs Contact: | |||||||||||
Priority: | unspecified | ||||||||||||
Version: | 3.5 | CC: | alonbl, ecohen, gklein, iheim, mgoldboi, omachace, oourfali, rbalakri, rnori, yeylon | ||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | 3.5.0 | ||||||||||||
Hardware: | Unspecified | ||||||||||||
OS: | Unspecified | ||||||||||||
Whiteboard: | infra | ||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2014-10-17 12:24:40 UTC | Type: | Bug | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | |||||||||||||
Bug Blocks: | 1076964 | ||||||||||||
Attachments: |
|
Description
Ondra Machacek
2014-07-08 19:23:00 UTC
Created attachment 916544 [details] multi.properties I specified wrong Steps to reproduce. Correct are: 1) install: * ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.el6_5.noarch * unboundid-ldapsdk-2.3.7-0.0.snap.r530.el6_5.noarch 2) add files from attachment to /etc/ovirt-engine/extensions.d/ 3) service ovirt-engine restart 4) GET https://engine/ovirt-engine/api/domains/6d756c74-695a-6d75-6c74-695a6d756c74/users Created attachment 916546 [details]
multiZ.properties
2014-07-10 15:17:17,627 ERROR [org.ovirt.engine.core.bll.SearchQuery] (http--0.0.0.0-8080-3) Query SearchQuery failed. Exception message is null : java.lang.NullPointerException: java.lang.NullPointerException at org.ovirt.engine.core.bll.SearchQuery.searchDirectoryUsers(SearchQuery.java:180) [bll.jar:] at org.ovirt.engine.core.bll.SearchQuery.executeQueryCommand(SearchQuery.java:69) [bll.jar:] at org.ovirt.engine.core.bll.QueriesCommandBase.executeCommand(QueriesCommandBase.java:73) [bll.jar:] at org.ovirt.engine.core.dal.VdcCommandBase.execute(VdcCommandBase.java:31) [dal.jar:] Known issue[1] ExtensionProxy authz = AuthenticationProfileRepository.getInstance().getProfile(data.getDomain()).getAuthz();$ [1] http://gerrit.ovirt.org/#/c/28722/ Has to be merged to ovirt-3.5 branch. Created attachment 922100 [details]
engine.log
Now getting NPE on 3 lines below.
2014-07-29 12:19:55,702 ERROR [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-1) Query SearchQuery failed. Exception message is null : java.lang.NullPointerException: java.lang.NullPointerException
at org.ovirt.engine.core.bll.SearchQuery.searchDirectoryUsers(SearchQuery.java:183) [bll.jar:]
at org.ovirt.engine.core.bll.SearchQuery.executeQueryCommand(SearchQuery.java:70) [bll.jar:]
at org.ovirt.engine.core.bll.QueriesCommandBase.executeCommand(QueriesCommandBase.java:73) [bll.jar:]
at org.ovirt.engine.core.dal.VdcCommandBase.execute(VdcCommandBase.java:31) [dal.jar:]
what version do you use? there was a mess in moving to on qa. please use latest nightly to check aaa I tried: * ovirt-engine-backend-3.5.0-0.0.master.20140726172544.git8e1babc.el6.noarch.rpm from http://ovirt-mirror.eng.lab.tlv.redhat.com/pub/ovirt-3.5-snapshot and * ovirt-engine-backend-3.5.0-0.0.master.20140722232058.git8e1babc.el6.noarch.rpm from http://ovirt-mirror.eng.lab.tlv.redhat.com/pub/ovirt-3.5-pre/ nor of them worked, same NPE is printed. Please state exact environment and configuration to allow reproduction, comment#0 is confusing, either you use legacy or new provider... if you tested this using the legacy provider, please also try to test using the new provider. I have this working correctly with this domain and new provider, so maybe this is a bug in the legacy provider and this one is resolved. ovirt-engine-extension-aaa-ldap-0.0.0-0.0.1.master.el6_5.noarch ovirt-engine-backend-3.5.0-0.0.master.20140726172544.git8e1babc.el6.noarch Using new provider. Just specify you want to use SSL/TLS. Set insecure = false, and don't provide trustore. In general when wrong configuration is specified, and provider is added(not ignored on startup), then it causes this NPE when searching for users in this LDAP. Steps: $ cat > /etc/ovirt-engine/extensions.d/ldap-authn-ipa1.properties << "EOT" ovirt.engine.extension.enabled = true ovirt.engine.extension.name = ldap-authn-ipa1 ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn config.profile.file.1 = /tmp/brq-ipa.rhev.lab.eng.brq.redhat.com.properties ovirt.engine.aaa.authn.profile.name = ldap-ipa1 ovirt.engine.aaa.authn.authz.plugin = ldap-authz-ipa1 EOT $ cat > /etc/ovirt-engine/extensions.d/ldap-authz-ipa1.properties << "EOT" ovirt.engine.extension.enabled = true ovirt.engine.extension.name = ldap-authz-ipa1 ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /tmp/brq-ipa.rhev.lab.eng.brq.redhat.com.properties $ cat > /tmp/brq-ipa.rhev.lab.eng.brq.redhat.com.properties << "EOT" include = <ipa.properties> vars.user = uid=vdcadmin,cn=users,cn=accounts,dc=brq-ipa,dc=rhev,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com vars.password = 123456 vars.domain = rhev.lab.eng.brq.redhat.com vars.server = brq-ipa.${global:vars.domain} pool.default.serverset.single.server = ${global:vars.server} pool.default.serverset.single.port = 636 pool.default.ssl.enable = true pool.default.ssl.insecure = false #pool.default.ssl.truststore.file = /tmp/ipa.ts #pool.default.ssl.truststore.password = 123456 EOT $ service ovirt-engine restart Go to API/webadmin and search for users in this domain. > In general when wrong configuration is specified,
and provider is added(not ignored on startup), then it causes this NPE when
searching for users in this LDAP.
so if provider is valid there is no issue?
if so, this is a different bug... please close this one... and open a new...
BTW: I applied configuration of comment#11 I get: <fault><reason>Operation Failed</reason><detail>trust store must be provided</detail></fault> using ovirt-engine-3.5 branch commit e7700b8b from Thu Jun 19 09:35:23 2014 Verified. With correctly configured ldap provider, users can be searched. *** Bug 1118251 has been marked as a duplicate of this bug. *** oVirt 3.5 has been released and should include the fix for this issue. |