Bug 1482940
| Summary: | [aaa-ldap-setup] Login sequence fails on setup | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-engine-extension-aaa-ldap | Reporter: | Gonza <grafuls> |
| Component: | Setup | Assignee: | Martin Perina <mperina> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Gonza <grafuls> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | master | CC: | bugs, gveitmic, omachace, sali |
| Target Milestone: | ovirt-4.1.6 | Keywords: | Regression |
| Target Release: | 1.3.4 | Flags: | rule-engine:
ovirt-4.1+
rule-engine: blocker+ |
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovirt-engine-extension-aaa-ldap-1.3.4 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-09-19 10:02:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1476980 | ||
Fix is included in ovirt-engine-extension-aaa-ldap-1.3.4 Verified with: ovirt-engine-extension-aaa-ldap-setup-1.3.5-0.0.master.git7230cd9.el7.centos.noarch ... [ INFO ] Login sequence executed successfully ... |
Description of problem: When running setup for openldap or ipa, bind is successful with the provided user and pass but login fails. Version-Release number of selected component (if applicable): ovirt-engine-extension-aaa-ldap-setup-1.3.4-0.0.master.git2db902e.el7.centos.noarch How reproducible: 100% Steps to Reproduce: 1. run ovirt-engine-extension-aaa-ldap-setup for openldap or ipa Actual results: [ INFO ] Attempting to bind using 'uid=user1,ou=Users,dc=openldap,dc=lab,dc=com' Please enter base DN (dc=openldap,dc=lab,dc=com) [dc=openldap,dc=lab,dc=com]: Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: NOTE: Profile name has to match domain name, otherwise Single Sign-On for Virtual Machines will not work. Please specify profile name that will be visible to users [openldap.lab.com]: [ INFO ] Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before applying it into engine. Perform at least one Login sequence and one Search sequence. [ INFO ] Executing login sequence... Login output: 2017-08-18 14:27:03,406+02 INFO ======================================================================== 2017-08-18 14:27:03,652+02 INFO ============================ Initialization ============================ 2017-08-18 14:27:03,652+02 INFO ======================================================================== 2017-08-18 14:27:03,787+02 INFO Loading extension 'openldap.lab.com-authn' 2017-08-18 14:27:04,065+02 INFO Extension 'openldap.lab.com-authn' loaded 2017-08-18 14:27:04,100+02 INFO Loading extension 'openldap.lab.com' 2017-08-18 14:27:04,225+02 INFO Extension 'openldap.lab.com' loaded 2017-08-18 14:27:04,228+02 INFO Initializing extension 'openldap.lab.com-authn' 2017-08-18 14:27:04,252+02 INFO [ovirt-engine-extension-aaa-ldap.authn::openldap.lab.com-authn] Creating LDAP pool 'authz' 2017-08-18 14:27:05,519+02 INFO [ovirt-engine-extension-aaa-ldap.authn::openldap.lab.com-authn] LDAP pool 'authz' information: vendor='null' version='null' 2017-08-18 14:27:05,524+02 INFO [ovirt-engine-extension-aaa-ldap.authn::openldap.lab.com-authn] Creating LDAP pool 'authn' 2017-08-18 14:27:05,618+02 INFO [ovirt-engine-extension-aaa-ldap.authn::openldap.lab.com-authn] LDAP pool 'authn' information: vendor='null' version='null' 2017-08-18 14:27:05,621+02 INFO Extension 'openldap.lab.com-authn' initialized 2017-08-18 14:27:05,623+02 INFO Initializing extension 'openldap.lab.com' 2017-08-18 14:27:05,626+02 INFO [ovirt-engine-extension-aaa-ldap.authz::openldap.lab.com] Creating LDAP pool 'authz' 2017-08-18 14:27:05,697+02 INFO [ovirt-engine-extension-aaa-ldap.authz::openldap.lab.com] LDAP pool 'authz' information: vendor='null' version='null' 2017-08-18 14:27:05,701+02 INFO [ovirt-engine-extension-aaa-ldap.authz::openldap.lab.com] Available Namespaces: [dc=openldap,dc=lab,dc=com] 2017-08-18 14:27:05,702+02 INFO Extension 'openldap.lab.com' initialized 2017-08-18 14:27:05,703+02 INFO Start of enabled extensions list 2017-08-18 14:27:05,721+02 INFO Instance name: 'openldap.lab.com-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.4_master', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.4-0.0.master.git2db902e.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmp5wH9gz/extensions.d/openldap.lab.com-authn.properties', Initialized: 'true' 2017-08-18 14:27:05,723+02 INFO Instance name: 'openldap.lab.com', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.4_master', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.4-0.0.master.git2db902e.el7.centos', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmp5wH9gz/extensions.d/openldap.lab.com.properties', Initialized: 'true' 2017-08-18 14:27:05,724+02 INFO End of enabled extensions list 2017-08-18 14:27:05,724+02 INFO ======================================================================== 2017-08-18 14:27:05,725+02 INFO ============================== Execution =============================== 2017-08-18 14:27:05,726+02 INFO ======================================================================== 2017-08-18 14:27:05,727+02 INFO Iteration: 0 2017-08-18 14:27:05,734+02 INFO Profile='openldap.lab.com' authn='openldap.lab.eng.com-authn' authz='openldap.lab.com' mapping='null' 2017-08-18 14:27:05,735+02 INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='openldap.lab.com' user='uid=user1,ou=Users,dc=openldap,dc=lab,dc=com' 2017-08-18 14:27:05,898+02 INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='openldap.lab.com' result=CREDENTIALS_INVALID 2017-08-18 14:27:05,929+02 SEVERE Authn.Result code is: CREDENTIALS_INVALID [ ERROR ] Login sequence failed Expected results: Successful login on setup. Additional info: Failure is caused by sending whole DN for authentication instead of just uid.