Bug 1887458
| Summary: | Unable to LDAP integration with IPv6 enable | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-engine-extension-aaa-ldap | Reporter: | Renaud RAKOTOMALALA <redhat.bugzilla> |
| Component: | Core | Assignee: | Martin Perina <mperina> |
| Status: | CLOSED DUPLICATE | QA Contact: | Lukas Svaty <lsvaty> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 1.4.1 | CC: | bugs |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-25 20:06:54 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
(In reply to Renaud RAKOTOMALALA from comment #0) > Additional info: > I linked another ticket with the same issue and same solution. However our > server doesn't resolve an IPv6 at all. Could you please verify that by executing below command on engine machine and attaching the output? host -v ldap2.XXXXXXX.fr Please find bellow the result # host -v ldap2.XXXXXXXXXXX.fr Trying "ldap2.XXXXXXXXXXX.fr" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65320 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ldap2.XXXXXXXXXXX.fr. IN A ;; ANSWER SECTION: ldap2.XXXXXXXXXXX.fr. 12383 IN CNAME ldap2.XXXXXXXXXXX.fr. ldap2.XXXXXXXXXXX.fr. 12985 IN A 91.XXX.XXX.XXX Received 87 bytes from 9.9.9.9#53 in 6 ms Trying "ldap2.XXXXXXXXXXX.fr" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 630 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;ldap2.XXXXXXXXXXX.fr. IN AAAA ;; AUTHORITY SECTION: XXXXXXXXXXX.fr. 1799 IN SOA ns0.XXXXXXXXXXX.fr. admsys.XXXXXXXXXXX.fr. 2020090901 28800 7200 1857600 14400 Received 84 bytes from 9.9.9.9#53 in 13 ms Trying "ldap2.XXXXXXXXXXX.fr" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62923 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;ldap2.XXXXXXXXXXX.fr. IN MX ;; AUTHORITY SECTION: XXXXXXXXXXX.fr. 1799 IN SOA ns0.XXXXXXXXXXX.fr. admsys.XXXXXXXXXXX.fr. 2020090901 28800 7200 1857600 14400 Received 84 bytes from 9.9.9.9#53 in 13 ms ``` I haven't been able to reproduce this issue in any other scenario that the one described at BZ1880149. So please try to check of ovirt-engine-extension-aaa-ldap-1.4.2 will resolve this issue. If not, please describe in detail you setup including sensitive information like IP addresses, DNS names, ... Anyway for now closing as duplicate *** This bug has been marked as a duplicate of bug 1880149 *** |
Description of problem: Unable to configure aaa-ldap if IPv6 is enable. logs show: ___________ WARNING: [ovirt-engine-extension-aaa-ldap.authn::XXXXXX.fr-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to connect to server ldap2.XXXXXX.fr:636: IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap2.XXXXX.fr/91.XXX.XXX.XXX:636: UnknownHostException(ldap2.XXXXXX.fr), ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb')) Oct 12, 2020 1:34:38 PM org.ovirt.engine.exttool.core.ExtensionsToolExecutor main SEVERE: An error occurred while attempting to connect to server ldap2.XXXXXX.fr:636: IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server ldap2.XXXXXX.fr/91.XXX.XXX.XXX:636: UnknownHostException(ldap2.XXXXXX.fr), ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb')) ___________ ldap properties have ___________ include = <rfc2307-openldap.properties> vars.server = ldap2.XXXXXXX.fr pool.authz.auth.type = none pool.default.serverset.type = single pool.default.serverset.single.server = ${global:vars.server} pool.default.serverset.single.port = 636 pool.default.ssl.enable = true ____________ Version-Release number of selected component (if applicable): 1.4.1-1.el8 How reproducible: OS fresh install: - CentOS Linux 8 (Core) Ovirt-engine (fresh install): - ovirt-engine.noarch 4.4.2.6-1.el8 Steps to Reproduce: 1. ovirt-engine-extension-aaa-ldap-setup 2. standard configuration (ldaps in my case) Everything works as expected until the first test at the end of the setup. It's 100% reproductible. If I save the config and change the profile-ldap.properties by adding: - pool.default.socketfactory.resolver.supportIPv6 = false Everything works as expected. Actual results: Unable to login using LDAP athentification Expected results: Login with LDAP authentification Additional info: I linked another ticket with the same issue and same solution. However our server doesn't resolve an IPv6 at all.