Bug 1158042 - [AAA] Adding an LDAP domain against ldap installed on rhel 6.6 fails
Summary: [AAA] Adding an LDAP domain against ldap installed on rhel 6.6 fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 3.4.0
Hardware: All
OS: Linux
medium
urgent
Target Milestone: ---
: 3.4.4
Assignee: Yair Zaslavsky
QA Contact: Ondra Machacek
URL:
Whiteboard: infra
: 1157888 (view as bug list)
Depends On: 1156577
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-28 11:56 UTC by rhev-integ
Modified: 2019-04-28 09:12 UTC (History)
23 users (show)

Fixed In Version: org.ovirt.engine-root-3.4.3-4
Doc Type: Bug Fix
Doc Text:
Clone Of: 1156577
Environment:
Last Closed: 2014-12-02 20:37:40 UTC
oVirt Team: Infra
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 1247363 0 None None None Never
Red Hat Product Errata RHBA-2014:1945 0 normal SHIPPED_LIVE Red Hat Enterprise Virtualization Manager 3.4.4 update 2014-12-03 01:37:09 UTC
oVirt gerrit 34466 0 None None None Never
oVirt gerrit 34506 0 None None None Never

Comment 1 Oved Ourfali 2014-10-30 11:31:20 UTC 
*** Bug 1157888 has been marked as a duplicate of this bug. ***
Comment 5 Alon Bar-Lev 2014-11-05 16:19:54 UTC 
> Gil Klein 2014-11-05 11:16:40 EST
> Depends On: 1153323

Hi Gil,
Not sure I understand how it is related.
Alon
Comment 6 Ondra Machacek 2014-11-11 09:15:00 UTC 
# rhevm-config -s SASL_QOP=auth
# rhevm-manage-domains add --domain=brq-ipa-rh66.rhev.lab.eng.brq.redhat.com --user=vdcadmin --provider=ipa
Enter password:
The domain brq-ipa-rh66.rhev.lab.eng.brq.redhat.com has been added to the engine as an authentication source but no users from that domain have been granted permissions within the oVirt Manager.
Users from this domain can be granted permissions by editing the domain using action edit and specifying --add-permissions or from the Web administration interface logging in as admin@internal user.
oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart).
Manage Domains completed successfully
Comment 9 Alon Bar-Lev 2014-11-19 12:35:14 UTC 
Effects all consumers of cyrus-sasl.
Comment 11 Alon Bar-Lev 2014-11-25 09:53:07 UTC 
not sure why comment is private.

please use and retry:

# engine-config -s SASL_QOP auth
Comment 12 akotov 2014-11-25 10:06:33 UTC 
Hi, because there was exposure of internal domain names and also internal brew link. It works now, thanks, it was not apparent that SASL_QOP had to be set explicitly, i assumed manage-domains will auto-negotiate best QOP level.

With "# engine-config -s SASL_QOP=auth" domain was added successfully.
Comment 13 Yair Zaslavsky 2014-11-25 11:38:07 UTC 
(In reply to akotov from comment #12)
> Hi, because there was exposure of internal domain names and also internal
> brew link. It works now, thanks, it was not apparent that SASL_QOP had to be
> set explicitly, i assumed manage-domains will auto-negotiate best QOP level.
> 
> With "# engine-config -s SASL_QOP=auth" domain was added successfully.

I was unnder impression I already added a fix to the description in the case of negative size array exception, I will check.
Comment 14 Alon Bar-Lev 2014-11-25 11:50:28 UTC 
(In reply to Yair Zaslavsky from comment #13)
> (In reply to akotov from comment #12)
> > Hi, because there was exposure of internal domain names and also internal
> > brew link. It works now, thanks, it was not apparent that SASL_QOP had to be
> > set explicitly, i assumed manage-domains will auto-negotiate best QOP level.
> > 
> > With "# engine-config -s SASL_QOP=auth" domain was added successfully.
> 
> I was unnder impression I already added a fix to the description in the case
> of negative size array exception, I will check.

this is in 3.5.
3.4 contains the fix no more and no less.
Comment 15 Yair Zaslavsky 2014-11-25 11:57:05 UTC 
(In reply to Alon Bar-Lev from comment #14)
> (In reply to Yair Zaslavsky from comment #13)
> > (In reply to akotov from comment #12)
> > > Hi, because there was exposure of internal domain names and also internal
> > > brew link. It works now, thanks, it was not apparent that SASL_QOP had to be
> > > set explicitly, i assumed manage-domains will auto-negotiate best QOP level.
> > > 
> > > With "# engine-config -s SASL_QOP=auth" domain was added successfully.
> > 
> > I was unnder impression I already added a fix to the description in the case
> > of negative size array exception, I will check.
> 
> this is in 3.5.
> 3.4 contains the fix no more and no less.

Correct, indeed was fixed for 3.5, thanks
Comment 21 errata-xmlrpc 2014-12-02 20:37:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2014-1945.html
Note You need to log in before you can comment on or make changes to this bug.