Bug 1941541

Summary: ldap setup fails to login with connection error when use dns is specified
Product: [oVirt] ovirt-engine-extension-aaa-ldap Reporter: Petr Matyáš <pmatyas>
Component: SetupAssignee: Martin Perina <mperina>
Status: CLOSED CURRENTRELEASE QA Contact: Petr Matyáš <pmatyas>
Severity: high Docs Contact:
Priority: high    
Version: 1.4.2CC: bugs, mburman, michal.skrivanek, mperina, msheena
Target Milestone: ovirt-4.4.6-1Keywords: Automation, AutomationBlocker, Regression
Target Release: 1.4.3Flags: pm-rhel: ovirt-4.4+
pm-rhel: blocker?
pmatyas: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-extension-aaa-ldap-1.4.3 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-05-14 07:30:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Matyáš 2021-03-22 10:42:58 UTC 
Description of problem:
When setting up openldap connection with ovirt-engine-extension-aaa-ldap-setup and having the use dns True (default) login will fail with Unable to establish a connection to server fqdn/ip:389 within the configured timeout of 5000 milliseconds.
Setting 'pool.default.socketfactory.type = java' on the config file in tmp and rerunning the login fixes the issue.
Same issue is with AD where question about dns is not raised.

Version-Release number of selected component (if applicable):
ovirt-engine-extension-aaa-ldap-1.4.2-1.el8ev.noarch
ovirt-engine-extension-aaa-ldap-setup-1.4.2-1.el8ev.noarch

How reproducible:
always

Steps to Reproduce:
1. add ad or add openldap with use dns in ovirt-engine-extension-aaa-ldap-setup
2. try to login in setup flow
3.

Actual results:
fails with connection issue

Expected results:
should succeed with default values

Additional info:
maybe related to https://bugzilla.redhat.com/show_bug.cgi?id=1456352
Comment 2 RHEL Program Management 2021-04-29 09:26:52 UTC 
This bug report has Keywords: Regression or TestBlocker.
Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
Comment 3 Petr Matyáš 2021-05-10 11:45:55 UTC 
Verified on ovirt-engine-extension-aaa-ldap-1.4.3-1.el8ev.noarch
Comment 4 msheena 2021-05-18 14:06:20 UTC 
This issue reproduces for us with
=================================
ovirt-engine-4.4.6.8-0.1.el8ev.noarch
ovirt-engine-extension-aaa-ldap-1.4.3-1.el8ev.noarch

The scenario
============
1. Create a provider

POST ../ovirt-engine/api/openstacknetworkproviders
<openstack_network_provider>
    <name>ovirt-provider-ovn-auth-test</name>
    <authentication_url>ENGINE_FQDN:35357/v2.0</authentication_url>
    <password>PASSWORD</password>
    <requires_authentication>true</requires_authentication>
    <url>ENGINE_FQDN:9696</url>
    <username>admin@internal</username>
    <external_plugin_type>OVIRT_PROVIDER_OVN</external_plugin_type>
    <read_only>false</read_only>
    <type>external</type>
    <unmanaged>false</unmanaged>
</openstack_network_provider>

2. systemctl restart ovirt-provider-ovn.service

3. PUT /ovirt-engine/api/openstacknetworkproviders/UUID
<openstack_network_provider>
    <password>PASSWORD</password>
    <username>UNAME@SERVER@USER</username>
</openstack_network_provider>

4. POST /ovirt-engine/api/openstacknetworkproviders/UUID/testconnectivity
<action>
    <async>false</async>
    <grace_period>
        <expiry>10</expiry>
    </grace_period>
</action>

|
|
---> 2021-05-18 15:59:48,729 - MainThread - api_utils - ERROR - Failed to syncAction element NOT as expected:
        Status: 400
        Reason: Bad Request
        Detail: [Failed to communicate with the external provider, see log for additional details.]