Bug 879721

Summary: Backend: incomplete error message in engine.log: "Failed to query rootDSE for LDAP server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to qa2-tlv.qa.lab.tlv.redhat.com:389"
Product: Red Hat Enterprise Virtualization Manager Reporter: Chris Pelland <cpelland>
Component: ovirt-engineAssignee: Yair Zaslavsky <yzaslavs>
Status: CLOSED ERRATA QA Contact: Pavel Stehlik <pstehlik>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: bazulay, dyasny, iheim, lpeer, oourfali, Rhev-m-bugs, sgrinber, yeylon, ykaul, yzaslavs, zdover
Target Milestone: ---Keywords: ZStream
Target Release: 3.1.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Previously, LDAP query errors were poorly logged, which made troubleshooting difficult. LDAP query errors are now thoroughly logged, making troubleshooting easier.
 Story Points: ---
Clone Of: 865098 Environment:
Last Closed: 2013-01-15 15:12:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 865098    
Bug Blocks:    

Description Chris Pelland 2012-11-23 22:18:24 UTC 
+++ This bug was initially created as a clone of Bug #865098 +++

Description of problem:
When failing to contact the AD domain controller, the following event can be seen in the engine.log, which is missing the real cause:

"Failed to query rootDSE for LDAP server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to qa2-tlv.qa.lab.tlv.redhat.com:389"

Part of the code relevant to this is probably

} catch (NamingException e) {
            log.errorFormat("Failed to query rootDSE for LDAP server {0} due to {1}", ldapURI, e.getMessage());

(from upstream's backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/GetRootDSE.java)

Version-Release number of selected component (if applicable):
SI20

How reproducible:


Steps to Reproduce:
1. Make sure the first AD domain controller you try to connect to does not respond, and try to login with a user from the AD domain to the system.
2.
3.
  
Actual results:


Expected results:


Additional info:
2012-10-10 09:30:37,888 INFO  [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (ajp-/127.0.0.1:8702-3) Trying to auto-detect the LDAP provider type for domain qa.lab.tlv.redhat.com
2012-10-10 09:30:37,894 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp-/127.0.0.1:8702-2) Failed ldap search server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to javax.naming.CommunicationException: qa2-tlv.qa.lab.tlv.redhat.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out]. We should try the next server
2012-10-10 09:31:07,921 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (ajp-/127.0.0.1:8702-3) Failed to query rootDSE for LDAP server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to qa2-tlv.qa.lab.tlv.redhat.com:389

--- Additional comment from Yair Zaslavsky on 2012-11-05 10:57:07 EST ---

http://gerrit.ovirt.org/#/c/9028/

http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=a665ec3af7b2dd04e80007b1c062868d3e049fce
Comment 4 errata-xmlrpc 2013-01-15 15:12:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0003.html