| Summary: | Authentication against ldap does not work. | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-engine-extension-aaa-ldap | Reporter: | Piotr Gbyliczek <peemhq> | ||||||||||||
| Component: | Core | Assignee: | Ondra Machacek <omachace> | ||||||||||||
| Status: | CLOSED NOTABUG | QA Contact: | Gonza <grafuls> | ||||||||||||
| Severity: | unspecified | Docs Contact: | |||||||||||||
| Priority: | unspecified | ||||||||||||||
| Version: | 1.2.1 | CC: | bugs, peemhq, pstehlik | ||||||||||||
| Target Milestone: | --- | Flags: | rule-engine:
planning_ack?
rule-engine: devel_ack? rule-engine: testing_ack? |
||||||||||||
| Target Release: | --- | ||||||||||||||
| Hardware: | x86_64 | ||||||||||||||
| OS: | Linux | ||||||||||||||
| Whiteboard: | |||||||||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||
| Clone Of: | Environment: | ||||||||||||||
| Last Closed: | 2016-10-05 07:15:42 UTC | Type: | Bug | ||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||
| Documentation: | --- | CRM: | |||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
| Attachments: |
|
||||||||||||||
Created attachment 1206306 [details]
properties file
Created attachment 1206307 [details]
authn file
Created attachment 1206309 [details]
authz file
It seems that a workaround is to change the following in properties file : pool.default.socketfactory.type = java to pool.default.socketfactory.resolver.enableAddressOnly = true Hello Piotr, I can't reproduce this issue. Would it be possible to send DEBUG log? I mean output of the following command: $ ovirt-engine-extensions-tool --log-level=FINEST --log-file=/tmp/aaa.log aaa login-user --profile=company.co.uk --user-name=username Before running the command please add the 'pool.default.socketfactory.type = java' line to your properties file and remove 'pool.default.socketfactory.resolver.enableAddressOnly = true'. Please note that when you change the properties file, you don't have to restart the ovirt-engine service to run the 'ovirt-engine-extensions-tool'. So you can just change it, run the tool and then change it back, without restarting oVirt. Created attachment 1207252 [details]
Requested log file
Hi Ondra, Surely enough, it seems that it works fine now. I've looked through the output from the command and it seemed to me that it was successful, so I have restarted ovirt-engine to see if that issue is still visible via Tomcat app. It is not. Now, only changes I did was adding more users to LDAP and adding these users to oVirt as specific roles, so I can test quotas. I guess that sorts it out, unless this will resurface in my test environment. I keep it set to "pool.default.socketfactory.type = java", so a reboot may bring it back. Regards, Piotr Thank you for info, I will close bug for now, feel free to reopen if problem will come back. |
Created attachment 1206305 [details] logs Description of problem: Authentication against openldap server fails with connection error while ldapsearch from command line is successful. Version-Release number of selected component (if applicable): CentOS 7.2.1511 ovirt-engine-4.0.1.1-1.el7 ovirt-engine-extension-aaa-ldap-1.2.1-1.el7 ovirt-engine-extension-aaa-jdbc-1.1.0-1.el7 java-1.8.0-openjdk-1.8.0.102-1.b14.el7_2 java-1.7.0-openjdk-1.7.0.111-2.6.7.2.el7_2 How reproducible: Always Steps to Reproduce: 1. Configure ovirt to authenticate against ldap. 2. Log in Actual results: Java exception visible in logs and on login page Expected results: Successful log in or invalid credentials message Additional info: