Hide Forgot
Created attachment 812772 [details] engine log Description of problem: Add a domain using rhevm-manage-domain tool, with domain in lower case login fail. change domain to upper case - login succeed. Version-Release number of selected component (if applicable): Steps to Reproduce: 1. Add a domain, in lower case, for example: rhevm-manage-domains -action=add -addPermissions -domain=qa.lab.tlv.redhat.com -user=vdcadmin -interactive -provider=activeDirectory 2. Try to login in web admin with this user - login fail 3. Remove the added domain, for example: rhevm-manage-domains -action=delete -addPermissions -domain=qa.lab.tlv.redhat.com -user=vdcadmin -interactive -provider=activeDirectory 4. Add a domain, in Upper case, for example: rhevm-manage-domains -action=add -addPermissions -domain=QA.LAB.TLV.REDHAT.COM -user=vdcadmin -interactive -provider=activeDirectory Expected results: domain should not be case sensitive. Additional info: engine.log \ login error: 2013-10-15 20:08:57,043 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (QuartzScheduler_Worker-42) Failed to query rootDSE for LDAP server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to connection timeout 2013-10-15 20:08:57,044 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (QuartzScheduler_Worker-42) Failed ldap search server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 using user vdcadmin.TLV.REDHAT.COM due to connection timeout. We should try the next server 2013-10-15 20:08:57,044 ERROR [org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase] (QuartzScheduler_Worker-42) Failed to run command LdapSearchUserByQueryCommand. Domain is qa.lab.tlv.redhat.com. User is vdcadmin.TLV.REDHAT.COM. 2013-10-15 20:43:13,671 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (ajp-/127.0.0.1:8702-11) Failed to query rootDSE for LDAP server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to connection timeout 2013-10-15 20:43:13,673 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp-/127.0.0.1:8702-11) Failed ldap search server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 using user vdcadmin.TLV.REDHAT.COM due to connection timeout. We should try the next server 2013-10-15 20:43:13,673 ERROR [org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase] (ajp-/127.0.0.1:8702-11) Failed to run command LdapAuthenticateUserCommand. Domain is qa.lab.tlv.redhat.com. User is vdcadmin. 2013-10-15 20:43:13,673 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/127.0.0.1:8702-11) USER_FAILED_TO_AUTHENTICATE : vdcadmin 2013-10-15 20:43:13,674 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/127.0.0.1:8702-11) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE
I'm not sure this is a bug. i remember IPA is case sensitive to that.
Waiting for answer on "if IPA domain names are case-sensitive" from Dmitri Pal (question sent by email), will update BZ ASAP
Kerberos domains are in general case sensitive. By convention they should be all upper case but it is not generally true.
due to the reply comment 3 I suggest to close as NOTABUG, Barak ???
Ravi - we need to make sure that once an authentication domain was added successfully using rhevm-manage-domains, we should not fail ligging into the webAdmin/UP In case this is a real issue we may be required to validate the case in rhevm-manage-domains.
I am unable to reproduce this on current master and is19 (3.3) I was able to add Active Directory and IPA domains with both upper and lower case domain names and login to webadmin portal using the admin user. Please see if you can reproduce this bug with the latest build
Tested on oVirt Engine Version: 3.5.0-0.0.master.20140804172041.git23b558e.el6, This bug seem not relevant anymore.