Bug 1158042

Summary: [AAA] Adding an LDAP domain against ldap installed on rhel 6.6 fails
Product: Red Hat Enterprise Virtualization Manager Reporter: rhev-integ
Component: ovirt-engineAssignee: Yair Zaslavsky <yzaslavs>
Status: CLOSED ERRATA QA Contact: Ondra Machacek <omachace>
Severity: urgent Docs Contact:
Priority: medium    
Version: 3.4.0CC: akotov, alonbl, bazulay, bmcclain, chhudson, ecohen, fjayalat, iheim, jraju, lpeer, lsurette, mkeir, mtessun, mwest, ngupta, nyechiel, omachace, oourfali, pstehlik, rbalakri, Rhev-m-bugs, yeylon, yzaslavs
Target Milestone: ---Keywords: ZStream
Target Release: 3.4.4   
Hardware: All   
OS: Linux   
Whiteboard: infra
Fixed In Version: org.ovirt.engine-root-3.4.3-4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1156577 Environment:
Last Closed: 2014-12-02 20:37:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1156577    
Bug Blocks:    

Comment 1 Oved Ourfali 2014-10-30 11:31:20 UTC 
*** Bug 1157888 has been marked as a duplicate of this bug. ***
Comment 5 Alon Bar-Lev 2014-11-05 16:19:54 UTC 
> Gil Klein 2014-11-05 11:16:40 EST
> Depends On: 1153323

Hi Gil,
Not sure I understand how it is related.
Alon
Comment 6 Ondra Machacek 2014-11-11 09:15:00 UTC 
# rhevm-config -s SASL_QOP=auth
# rhevm-manage-domains add --domain=brq-ipa-rh66.rhev.lab.eng.brq.redhat.com --user=vdcadmin --provider=ipa
Enter password:
The domain brq-ipa-rh66.rhev.lab.eng.brq.redhat.com has been added to the engine as an authentication source but no users from that domain have been granted permissions within the oVirt Manager.
Users from this domain can be granted permissions by editing the domain using action edit and specifying --add-permissions or from the Web administration interface logging in as admin@internal user.
oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart).
Manage Domains completed successfully
Comment 9 Alon Bar-Lev 2014-11-19 12:35:14 UTC 
Effects all consumers of cyrus-sasl.
Comment 11 Alon Bar-Lev 2014-11-25 09:53:07 UTC 
not sure why comment is private.

please use and retry:

# engine-config -s SASL_QOP auth
Comment 12 akotov 2014-11-25 10:06:33 UTC 
Hi, because there was exposure of internal domain names and also internal brew link. It works now, thanks, it was not apparent that SASL_QOP had to be set explicitly, i assumed manage-domains will auto-negotiate best QOP level.

With "# engine-config -s SASL_QOP=auth" domain was added successfully.
Comment 13 Yair Zaslavsky 2014-11-25 11:38:07 UTC 
(In reply to akotov from comment #12)
> Hi, because there was exposure of internal domain names and also internal
> brew link. It works now, thanks, it was not apparent that SASL_QOP had to be
> set explicitly, i assumed manage-domains will auto-negotiate best QOP level.
> 
> With "# engine-config -s SASL_QOP=auth" domain was added successfully.

I was unnder impression I already added a fix to the description in the case of negative size array exception, I will check.
Comment 14 Alon Bar-Lev 2014-11-25 11:50:28 UTC 
(In reply to Yair Zaslavsky from comment #13)
> (In reply to akotov from comment #12)
> > Hi, because there was exposure of internal domain names and also internal
> > brew link. It works now, thanks, it was not apparent that SASL_QOP had to be
> > set explicitly, i assumed manage-domains will auto-negotiate best QOP level.
> > 
> > With "# engine-config -s SASL_QOP=auth" domain was added successfully.
> 
> I was unnder impression I already added a fix to the description in the case
> of negative size array exception, I will check.

this is in 3.5.
3.4 contains the fix no more and no less.
Comment 15 Yair Zaslavsky 2014-11-25 11:57:05 UTC 
(In reply to Alon Bar-Lev from comment #14)
> (In reply to Yair Zaslavsky from comment #13)
> > (In reply to akotov from comment #12)
> > > Hi, because there was exposure of internal domain names and also internal
> > > brew link. It works now, thanks, it was not apparent that SASL_QOP had to be
> > > set explicitly, i assumed manage-domains will auto-negotiate best QOP level.
> > > 
> > > With "# engine-config -s SASL_QOP=auth" domain was added successfully.
> > 
> > I was unnder impression I already added a fix to the description in the case
> > of negative size array exception, I will check.
> 
> this is in 3.5.
> 3.4 contains the fix no more and no less.

Correct, indeed was fixed for 3.5, thanks
Comment 21 errata-xmlrpc 2014-12-02 20:37:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2014-1945.html