Description of problem: When running setup for openldap or ipa, bind is successful with the provided user and pass but login fails. Version-Release number of selected component (if applicable): ovirt-engine-extension-aaa-ldap-setup-1.3.4-0.0.master.git2db902e.el7.centos.noarch How reproducible: 100% Steps to Reproduce: 1. run ovirt-engine-extension-aaa-ldap-setup for openldap or ipa Actual results: [ INFO ] Attempting to bind using 'uid=user1,ou=Users,dc=openldap,dc=lab,dc=com' Please enter base DN (dc=openldap,dc=lab,dc=com) [dc=openldap,dc=lab,dc=com]: Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: NOTE: Profile name has to match domain name, otherwise Single Sign-On for Virtual Machines will not work. Please specify profile name that will be visible to users [openldap.lab.com]: [ INFO ] Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before applying it into engine. Perform at least one Login sequence and one Search sequence. [ INFO ] Executing login sequence... Login output: 2017-08-18 14:27:03,406+02 INFO ======================================================================== 2017-08-18 14:27:03,652+02 INFO ============================ Initialization ============================ 2017-08-18 14:27:03,652+02 INFO ======================================================================== 2017-08-18 14:27:03,787+02 INFO Loading extension 'openldap.lab.com-authn' 2017-08-18 14:27:04,065+02 INFO Extension 'openldap.lab.com-authn' loaded 2017-08-18 14:27:04,100+02 INFO Loading extension 'openldap.lab.com' 2017-08-18 14:27:04,225+02 INFO Extension 'openldap.lab.com' loaded 2017-08-18 14:27:04,228+02 INFO Initializing extension 'openldap.lab.com-authn' 2017-08-18 14:27:04,252+02 INFO [ovirt-engine-extension-aaa-ldap.authn::openldap.lab.com-authn] Creating LDAP pool 'authz' 2017-08-18 14:27:05,519+02 INFO [ovirt-engine-extension-aaa-ldap.authn::openldap.lab.com-authn] LDAP pool 'authz' information: vendor='null' version='null' 2017-08-18 14:27:05,524+02 INFO [ovirt-engine-extension-aaa-ldap.authn::openldap.lab.com-authn] Creating LDAP pool 'authn' 2017-08-18 14:27:05,618+02 INFO [ovirt-engine-extension-aaa-ldap.authn::openldap.lab.com-authn] LDAP pool 'authn' information: vendor='null' version='null' 2017-08-18 14:27:05,621+02 INFO Extension 'openldap.lab.com-authn' initialized 2017-08-18 14:27:05,623+02 INFO Initializing extension 'openldap.lab.com' 2017-08-18 14:27:05,626+02 INFO [ovirt-engine-extension-aaa-ldap.authz::openldap.lab.com] Creating LDAP pool 'authz' 2017-08-18 14:27:05,697+02 INFO [ovirt-engine-extension-aaa-ldap.authz::openldap.lab.com] LDAP pool 'authz' information: vendor='null' version='null' 2017-08-18 14:27:05,701+02 INFO [ovirt-engine-extension-aaa-ldap.authz::openldap.lab.com] Available Namespaces: [dc=openldap,dc=lab,dc=com] 2017-08-18 14:27:05,702+02 INFO Extension 'openldap.lab.com' initialized 2017-08-18 14:27:05,703+02 INFO Start of enabled extensions list 2017-08-18 14:27:05,721+02 INFO Instance name: 'openldap.lab.com-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.4_master', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.4-0.0.master.git2db902e.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmp5wH9gz/extensions.d/openldap.lab.com-authn.properties', Initialized: 'true' 2017-08-18 14:27:05,723+02 INFO Instance name: 'openldap.lab.com', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.4_master', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.4-0.0.master.git2db902e.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmp5wH9gz/extensions.d/openldap.lab.com.properties', Initialized: 'true' 2017-08-18 14:27:05,724+02 INFO End of enabled extensions list 2017-08-18 14:27:05,724+02 INFO ======================================================================== 2017-08-18 14:27:05,725+02 INFO ============================== Execution =============================== 2017-08-18 14:27:05,726+02 INFO ======================================================================== 2017-08-18 14:27:05,727+02 INFO Iteration: 0 2017-08-18 14:27:05,734+02 INFO Profile='openldap.lab.com' authn='openldap.lab.eng.com-authn' authz='openldap.lab.com' mapping='null' 2017-08-18 14:27:05,735+02 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='openldap.lab.com' user='uid=user1,ou=Users,dc=openldap,dc=lab,dc=com' 2017-08-18 14:27:05,898+02 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='openldap.lab.com' result=CREDENTIALS_INVALID 2017-08-18 14:27:05,929+02 SEVERE Authn.Result code is: CREDENTIALS_INVALID [ ERROR ] Login sequence failed Expected results: Successful login on setup. Additional info: Failure is caused by sending whole DN for authentication instead of just uid.
Fix is included in ovirt-engine-extension-aaa-ldap-1.3.4
Verified with: ovirt-engine-extension-aaa-ldap-setup-1.3.5-0.0.master.git7230cd9.el7.centos.noarch ... [ INFO ] Login sequence executed successfully ...