Red Hat Bugzilla – Bug 1327041
[RFE] [z-stream clone - 3.6.7] AAA - Make Kerberos work with Java Authentication Framework
Last modified: 2016-06-29 12:19:49 EDT
Correcting Target milestone
One of the patches would introduce regression to manage domains, adding back to POST, until fixed.
Changes were done only on engine side, so moving to ovirt-engine component
Verified with: rhevm-3.6.7.2-0.1.el6.noarch ovirt-engine-extension-aaa-ldap-1.1.4-1.el6ev.noarch # ovirt-engine-extensions-tool aaa search --entity-name=vdcadmin --extension-name=ipa-authz 2016-06-13 18:33:09 INFO ======================================================================== 2016-06-13 18:33:09 INFO ============================ Initialization ============================ 2016-06-13 18:33:09 INFO ======================================================================== 2016-06-13 18:33:09 INFO Loading extension 'ipa-authz' 2016-06-13 18:33:09 INFO Extension 'ipa-authz' loaded 2016-06-13 18:33:09 INFO Loading extension 'ipa-authn' 2016-06-13 18:33:10 INFO Extension 'ipa-authn' loaded 2016-06-13 18:33:10 INFO Initializing extension 'ipa-authz' 2016-06-13 18:33:10 INFO [ovirt-engine-extension-aaa-ldap.authz::ipa-authz] Creating LDAP pool 'authz' 2016-06-13 18:33:10 INFO [ovirt-engine-extension-aaa-ldap.authz::ipa-authz] LDAP pool 'authz' information: vendor='389 Project' version='389-Directory/1.2.11.15 B2013.289.33' 2016-06-13 18:33:10 INFO [ovirt-engine-extension-aaa-ldap.authz::ipa-authz] Available Namespaces: [dc=brq-ipa,dc=rhev,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com] 2016-06-13 18:33:10 INFO Extension 'ipa-authz' initialized 2016-06-13 18:33:20 INFO Initializing extension 'ipa-authn' 2016-06-13 18:33:20 INFO [ovirt-engine-extension-aaa-ldap.authn::ipa-authn] Creating LDAP pool 'authz' 2016-06-13 18:33:20 INFO [ovirt-engine-extension-aaa-ldap.authn::ipa-authn] LDAP pool 'authz' information: vendor='389 Project' version='389-Directory/1.2.11.15 B2013.289.33' 2016-06-13 18:33:20 INFO [ovirt-engine-extension-aaa-ldap.authn::ipa-authn] Creating LDAP pool 'authn' 2016-06-13 18:33:20 INFO [ovirt-engine-extension-aaa-ldap.authn::ipa-authn] LDAP pool 'authn' information: vendor='389 Project' version='389-Directory/1.2.11.15 B2013.289.33' 2016-06-13 18:33:20 INFO Extension 'ipa-authn' initialized 2016-06-13 18:33:20 INFO Start of enabled extensions list 2016-06-13 18:33:20 INFO Instance name: 'ipa-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.1.4', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.4-1.el6ev', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/etc/ovirt-engine/extensions.d/ipa-authn.properties', Initialized: 'true' 2016-06-13 18:33:20 INFO Instance name: 'ipa-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.1.4', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.1.4-1.el6ev', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/etc/ovirt-engine/extensions.d/ipa-authz.properties', Initialized: 'true' 2016-06-13 18:33:20 INFO End of enabled extensions list 2016-06-13 18:33:20 INFO ======================================================================== 2016-06-13 18:33:20 INFO ============================== Execution =============================== 2016-06-13 18:33:20 INFO ======================================================================== 2016-06-13 18:33:20 INFO --- Begin QueryFilterRecord --- 2016-06-13 18:33:20 INFO AAA_AUTHZ_QUERY_ENTITY: AAA_AUTHZ_QUERY_ENTITY_PRINCIPAL[1695cd36-4656-474f-b7bc-4466e12634e4] 2016-06-13 18:33:20 INFO AAA_AUTHZ_QUERY_FILTER_OPERATOR: 102 2016-06-13 18:33:20 INFO --- Begin QueryFilterRecord --- 2016-06-13 18:33:20 INFO AAA_AUTHZ_PRINCIPAL_NAME: vdcadmin 2016-06-13 18:33:20 INFO AAA_AUTHZ_QUERY_FILTER_KEY: Extkey[name=AAA_AUTHZ_PRINCIPAL_NAME;type=class java.lang.String;uuid=AAA_AUTHZ_PRINCIPAL_NAME[a0df5bcc-6ead-40a2-8565-2f5cc8773bdd];] 2016-06-13 18:33:20 INFO AAA_AUTHZ_QUERY_FILTER_OPERATOR: 0 2016-06-13 18:33:20 INFO --- End QueryFilterRecord --- 2016-06-13 18:33:20 INFO --- End QueryFilterRecord --- 2016-06-13 18:33:20 INFO API: -->Authz.InvokeCommands.QUERY_OPEN namespace='dc=brq-ipa,dc=rhev,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com' 2016-06-13 18:33:20 INFO API: <--Authz.InvokeCommands.QUERY_OPEN 2016-06-13 18:33:20 INFO API: -->Authz.InvokeCommands.QUERY_EXECUTE 2016-06-13 18:33:20 INFO API: <--Authz.InvokeCommands.QUERY_EXECUTE count=1 2016-06-13 18:33:20 INFO --- Begin PrincipalRecord --- 2016-06-13 18:33:20 INFO AAA_AUTHZ_PRINCIPAL_DISPLAY_NAME: nas ucet 2016-06-13 18:33:20 INFO AAA_AUTHZ_PRINCIPAL_EMAIL: xxx@redhat.com 2016-06-13 18:33:20 INFO AAA_AUTHZ_PRINCIPAL_LAST_NAME: ucet 2016-06-13 18:33:20 INFO AAA_AUTHZ_PRINCIPAL_PRINCIPAL: vdcadmin 2016-06-13 18:33:20 INFO AAA_LDAP_UNBOUNDID_DN: uid=vdcadmin,cn=users,cn=accounts,dc=brq-ipa,dc=rhev,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com 2016-06-13 18:33:20 INFO AAA_AUTHZ_PRINCIPAL_ID: e32a2998-e85b-11e0-ade4-001a4a013f11 2016-06-13 18:33:20 INFO AAA_AUTHZ_PRINCIPAL_NAME: vdcadmin 2016-06-13 18:33:20 INFO AAA_AUTHZ_PRINCIPAL_FIRST_NAME: nas 2016-06-13 18:33:20 INFO AAA_AUTHZ_PRINCIPAL_NAMESPACE: dc=brq-ipa,dc=rhev,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com 2016-06-13 18:33:20 INFO --- End PrincipalRecord --- 2016-06-13 18:33:20 INFO API: -->Authz.InvokeCommands.QUERY_EXECUTE 2016-06-13 18:33:20 INFO API: <--Authz.InvokeCommands.QUERY_EXECUTE count=END 2016-06-13 18:33:20 INFO API: -->Authz.InvokeCommands.QUERY_CLOSE 2016-06-13 18:33:20 INFO API: <--Authz.InvokeCommands.QUERY_CLOSE
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1364