Bug 1124478
| Summary: | [AAA] NPE when searching for users/groups in incorrecly configured external provider | ||
|---|---|---|---|
| Product: | [Retired] oVirt | Reporter: | Ondra Machacek <omachace> |
| Component: | ovirt-engine-core | Assignee: | Alon Bar-Lev <alonbl> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ondra Machacek <omachace> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.5 | CC: | alonbl, ecohen, gklein, iheim, rbalakri, tscherf, yeylon |
| Target Milestone: | --- | ||
| Target Release: | 3.5.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | infra | ||
| Fixed In Version: | ovirt-engine-3.5.0_rc1 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-10-17 12:42:51 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1076964 | ||
Cannot reproduce, with clean installation and comment#0 settings. I get: <fault><reason>Operation Failed</reason><detail>trust store must be provided</detail></fault> There cannot by UI search as there is no authn, search by internal works. Testing using ovirt-engine-3.5 branch: commit 2e0a396c4c119acd4820e20bb915268db66a217b Date: Mon Jul 28 13:30:32 2014 -0400 setting as modified to re-check in next cycle. AuthN is anonymous bind.
I got :
<fault>
<reason>Operation Failed</reason>
<detail></detail>
</fault>
with
ovirt-engine-backend-3.5.0-0.0.master.20140729052058.git8e1babc.el6.noarch
ovirt-engine-3.5.0-0.0.master.20140729052058.git8e1babc.el6.noarch
So if it's working for you on lastest ovirt-engine-3.5 branch,
please add this to MODIFIED and I will retest it in another QE build.
works OK in ovirt-engine-3.5.0_rc1 oVirt 3.5 has been released and should include the fix for this issue. |
Description of problem: Using new provider. Just specify you want to use SSL/TLS. Set insecure = false, and don't provide trustore. In general when wrong configuration is specified, and provider is added(not ignored on startup), then it causes this NPE when searching for users in this LDAP. Version-Release number of selected component (if applicable): ovirt-engine-extension-aaa-ldap-0.0.0-0.0.1.master.el6_5.noarch ovirt-engine-backend-3.5.0-0.0.master.20140726172544.git8e1babc.el6.noarch How reproducible: always Steps to Reproduce: 1. install ovirt-engine-extension-aaa-ldap-0.0.0-0.0.1.master.el6_5.noarch unboundid-ldapsdk-2.3.7-0.0.snap.r530.el6_5.noarch 2) $ cat > /etc/ovirt-engine/extensions.d/ldap-authn-ipa1.properties << "EOT" ovirt.engine.extension.enabled = true ovirt.engine.extension.name = ldap-authn-ipa1 ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn config.profile.file.1 = /tmp/brq-ipa.rhev.lab.eng.brq.redhat.com.properties ovirt.engine.aaa.authn.profile.name = ldap-ipa1 ovirt.engine.aaa.authn.authz.plugin = ldap-authz-ipa1 EOT $ cat > /etc/ovirt-engine/extensions.d/ldap-authz-ipa1.properties << "EOT" ovirt.engine.extension.enabled = true ovirt.engine.extension.name = ldap-authz-ipa1 ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = /tmp/brq-ipa.rhev.lab.eng.brq.redhat.com.properties $ cat > /tmp/brq-ipa.rhev.lab.eng.brq.redhat.com.properties << "EOT" include = <ipa.properties> vars.user = uid=vdcadmin,cn=users,cn=accounts,dc=brq-ipa,dc=rhev,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com vars.password = 123456 vars.domain = rhev.lab.eng.brq.redhat.com vars.server = brq-ipa.${global:vars.domain} pool.default.serverset.single.server = ${global:vars.server} pool.default.serverset.single.port = 636 pool.default.ssl.enable = true pool.default.ssl.insecure = false #pool.default.ssl.truststore.file = /tmp/ipa.ts #pool.default.ssl.truststore.password = 123456 EOT $ service ovirt-engine restart 3) Go to API/webadmin and search for users in this domain. Actual results: NPE and blank output. 2014-07-29 16:28:08,941 ERROR [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-8) Query SearchQuery failed. Exception message is null : java.lang.NullPointerException: java.lang.NullPointerException at org.ovirt.engine.core.bll.SearchQuery.searchDirectoryUsers(SearchQuery.java:183) [bll.jar:] at org.ovirt.engine.core.bll.SearchQuery.executeQueryCommand(SearchQuery.java:70) [bll.jar:] at org.ovirt.engine.core.bll.QueriesCommandBase.executeCommand(QueriesCommandBase.java:73) [bll.jar:] 2014-07-29 16:28:09,028 ERROR [org.ovirt.engine.core.bll.SearchQuery] (ajp--127.0.0.1-8702-8) Query SearchQuery failed. Exception message is null : java.lang.NullPointerException: java.lang.NullPointerException at org.ovirt.engine.core.bll.SearchQuery.searchDirectoryGroups(SearchQuery.java:199) [bll.jar:] at org.ovirt.engine.core.bll.SearchQuery.executeQueryCommand(SearchQuery.java:66) [bll.jar:] Expected results: No NPE and error message shown to user. Additional info: