Bug 1464140 - RHV: Unexpected comma or semicolon found at the end of the DN string when login with AD account [NEEDINFO]
RHV: Unexpected comma or semicolon found at the end of the DN string when log...
Status: CLOSED INSUFFICIENT_DATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-extension-aaa-ldap (Show other bugs)
4.1.0
Unspecified Unspecified
high Severity medium
: ovirt-4.1.6
: ---
Assigned To: Ondra Machacek
Gonza
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-22 09:49 EDT by Marian Jankular
Modified: 2017-08-23 09:15 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-17 08:12:51 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
omachace: needinfo? (mjankula)
mperina: needinfo? (mjankula)


Attachments (Terms of Use)
log from aaa extension tool for successful login (4.91 MB, text/plain)
2017-06-22 09:49 EDT, Marian Jankular
no flags Details

  None (edit)
Description Marian Jankular 2017-06-22 09:49:42 EDT
Created attachment 1290727 [details]
log from aaa extension tool for successful login

Description of problem:
ovirt-engine-extensions-tool login is finished successfully while login to UI fails with error "Unexpected comma or semicolon found at the end of the DN string when login with AD account"

Version-Release number of selected component (if applicable):
rhevm-4.1.0.4-0.1.el7.noarch
ovirt-engine-extension-aaa-ldap-1.3.1-1.el7ev.noarch

How reproducible:
everytime

Steps to Reproduce:
1.install and setup engine
2.install and setup ovirt-engine-extension-aaa-ldap
3, properties file
-------------------------------------------------------------
cat /etc/ovirt-engine/aaa/mjankula.test.properties 
include = <ad.properties>

vars.domain = mjankula.test
vars.user = CN=Cloud Forms Service Acc2,CN=Users,DC=mjankula,DC=test
vars.password = password!23

pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = single
pool.default.serverset.single.server = 10.34.86.202
pool.default.socketfactory.resolver.enableAddressOnly = true
pool.default.dc-resolve.default.serverset.type = single
pool.default.dc-resolve.serverset.single.server = 10.34.86.202
-----------------------------------------------------------------------------



Actual results:
engine.log
2017-06-22 15:23:09,663+02 WARN  [org.ovirt.engineextensions.aaa.ldap.Framework] (default task-54) [] Ignoring records from pool: 'authz'
2017-06-22 15:23:09,664+02 WARN  [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (default task-54) [] [ovirt-engine-extension-aaa-ldap.authn::mjankula.test-authn] Cannot initialize LDAP framework, deferring initialization. Error: Unexpected comma or semicolon found at the end of the DN string.
2017-06-22 15:23:09,664+02 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-54) [] Internal Server Error: Unexpected comma or semicolon found at the end of the DN string.
2017-06-22 15:23:09,665+02 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-54) [] Unexpected comma or semicolon found at the end of the DN string.
2017-06-22 15:23:09,739+02 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-55) [] server_error: Unexpected comma or semicolon found at the end of the DN string.
2017-06-22 15:24:09,962+02 WARN  [org.ovirt.engineextensions.aaa.ldap.Framework] (default task-64) [] Ignoring records from pool: 'authz'
2017-06-22 15:24:09,962+02 WARN  [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (default task-64) [] [ovirt-engine-extension-aaa-ldap.authn::mjankula.test-authn] Cannot initialize LDAP framework, deferring initialization. Error: Unexpected comma or semicolon found at the end of the DN string.
2017-06-22 15:24:09,962+02 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-64) [] Internal Server Error: Unexpected comma or semicolon found at the end of the DN string.
2017-06-22 15:24:09,962+02 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-64) [] Unexpected comma or semicolon found at the end of the DN string.
2017-06-22 15:24:09,996+02 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-2) [] server_error: Unexpected comma or semicolon found at the end of the DN string.


Expected results:
as ovirt-engine-extension-tool succeeded to login to ad i would expect same from Web UI


Additional info:
i have tried following - again, login was successful in extension tool bot not in web UI
vars.user = CN=Cloud\ Forms\ Service\ Acc2,CN=Users,DC=mjankula,DC=test
vars.user = CN="Cloud Forms Service Acc2",CN=Users,DC=mjankula,DC=test
Comment 1 Ondra Machacek 2017-06-22 10:42:39 EDT
There is warning in the log :

 2017-06-22 15:28:29 WARNING Exception: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1�

When running:

  $ ldapsearch -D 'CN=Cloud Forms Service Acc2,CN=Users,DC=mjankula,DC=test' -w 'password!23' -h 10.34.86.202 -b '' -p 3268

It returns the same, so the username or password is incorrect I guess. Can you re-check?
Comment 6 Martin Perina 2017-08-03 08:38:14 EDT
Hi Marian, could you please provide non-working configuration Ondra requested in Comment 5?
Comment 7 Martin Perina 2017-08-17 08:12:51 EDT
Closing this as insufficient data, feel free to reopen once you get requested non-working configuration

Note You need to log in before you can comment on or make changes to this bug.