Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1106435

Summary: [AAA] builtin kerbldap provider does not show error if search fails
Product: [Retired] oVirt Reporter: Ondra Machacek <omachace>
Component: ovirt-engine-coreAssignee: Ondra Machacek <omachace>
Status: CLOSED CURRENTRELEASE QA Contact: Ondra Machacek <omachace>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.5CC: alonbl, bugs, gklein, iheim, oourfali, rbalakri, yeylon
Target Milestone: ---Keywords: Regression
Target Release: 3.5.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-21 16:04:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1076964    

Description Ondra Machacek 2014-06-09 10:38:45 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
ovirt-engine-3.5.0-0.0.master.20140605145557.git3ddd2de.el6.noarch

How reproducible:
always

Steps to Reproduce:
1. add domain via engine-manage domains command (i tested openldap)
2. change password for domain user
3. login as admin@internal and try to search for users in domain.

Actual results:
empty result with no error

Expected results:
informative error apears.

Additional info:
engine.log:

2014-06-09 12:38:03,560 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-4) Kerberos error: Checksum failed
2014-06-09 12:38:03,562 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-4) Failed ldap search server ldap://brq-openldap.rhev.lab.eng.brq.redhat.com:389 using user user0.LAB.ENG.BRQ.REDHAT.COM due to Kerberos error. Please check log for further details.. We should not try the next server
2014-06-09 12:38:03,565 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-4) Failed to run command LdapSearchUserByQueryCommand. Domain is brq-openldap.rhev.lab.eng.brq.redhat.com. User is user0.LAB.ENG.BRQ.REDHAT.COM.
2014-06-09 12:38:03,602 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.GSSAPIDirContextAuthenticationStrategy] (ajp--127.0.0.1-8702-4) Kerberos error: Checksum failed
2014-06-09 12:38:03,604 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.DirectorySearcher] (ajp--127.0.0.1-8702-4) Failed ldap search server ldap://brq-openldap.rhev.lab.eng.brq.redhat.com:389 using user user0.LAB.ENG.BRQ.REDHAT.COM due to Kerberos error. Please check log for further details.. We should not try the next server
2014-06-09 12:38:03,607 ERROR [org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerCommandBase] (ajp--127.0.0.1-8702-4) Failed to run command LdapSearchGroupsByQueryCommand. Domain is brq-openldap.rhev.lab.eng.brq.redhat.com. User is user0.LAB.ENG.BRQ.REDHAT.COM.
Comment 1 Oved Ourfali 2014-06-12 05:54:28 UTC 
This is not a regression.
As far as I remember there was never an error in the dialog.
Comment 2 Ondra Machacek 2014-06-12 06:31:39 UTC 
(In reply to Oved Ourfali from comment #1)
> This is not a regression.
> As far as I remember there was never an error in the dialog.

There was, see bug 903786.
Comment 3 Oved Ourfali 2014-06-12 06:39:04 UTC 
(In reply to Ondra Machacek from comment #2)
> (In reply to Oved Ourfali from comment #1)
> > This is not a regression.
> > As far as I remember there was never an error in the dialog.
> 
> There was, see bug 903786.

Okay.
This bug refers to the searching users in the Configure dialog.
Can you check that the issue happens both when searching users from the Configure dialog, and searching from the Users main tab?
Hopefully it happens in both, as I think they have the exact same logic.
Just making sure that's the case.
Comment 4 Ondra Machacek 2014-06-12 07:23:44 UTC 
(In reply to Oved Ourfali from comment #3)
> Okay.
> This bug refers to the searching users in the Configure dialog.
> Can you check that the issue happens both when searching users from the
> Configure dialog, and searching from the Users main tab?
> Hopefully it happens in both, as I think they have the exact same logic.
> Just making sure that's the case.

Yes. Error doesn't appear in configure dialog, Users main tab, even in permissions sub tab.
Comment 5 Ondra Machacek 2014-07-31 15:19:34 UTC 
Just a note that I can see error message when searching in external ldap 
provider, but I can't see any error message when searching in
provider which is added via engine-manage-domains command.
Comment 6 Alon Bar-Lev 2014-11-06 09:16:12 UTC 
setting to 3.5.1 as Ondra has a solution.
Comment 7 Ondra Machacek 2014-12-05 12:36:34 UTC 
Works OK in vt13.1.
Comment 8 Sandro Bonazzola 2015-01-21 16:04:40 UTC 
oVirt 3.5.1 has been released. If problems still persist, please make note of it in this bug report.