Bug 1941541 - ldap setup fails to login with connection error when use dns is specified
Summary: ldap setup fails to login with connection error when use dns is specified
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine-extension-aaa-ldap
Classification: oVirt
Component: Setup
Version: 1.4.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ovirt-4.4.6-1
: 1.4.3
Assignee: Martin Perina
QA Contact: Petr Matyáš
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-22 10:42 UTC by Petr Matyáš
Modified: 2021-05-19 10:28 UTC (History)
5 users (show)

Fixed In Version: ovirt-engine-extension-aaa-ldap-1.4.3
Clone Of:
Environment:
Last Closed: 2021-05-14 07:30:22 UTC
oVirt Team: Infra
Embargoed:
pm-rhel: ovirt-4.4+
pm-rhel: blocker?
pmatyas: testing_ack+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 114519 0 None MERGED Fix detection of IP version available 2021-05-05 07:57:56 UTC

Description Petr Matyáš 2021-03-22 10:42:58 UTC 
Description of problem:
When setting up openldap connection with ovirt-engine-extension-aaa-ldap-setup and having the use dns True (default) login will fail with Unable to establish a connection to server fqdn/ip:389 within the configured timeout of 5000 milliseconds.
Setting 'pool.default.socketfactory.type = java' on the config file in tmp and rerunning the login fixes the issue.
Same issue is with AD where question about dns is not raised.

Version-Release number of selected component (if applicable):
ovirt-engine-extension-aaa-ldap-1.4.2-1.el8ev.noarch
ovirt-engine-extension-aaa-ldap-setup-1.4.2-1.el8ev.noarch

How reproducible:
always

Steps to Reproduce:
1. add ad or add openldap with use dns in ovirt-engine-extension-aaa-ldap-setup
2. try to login in setup flow
3.

Actual results:
fails with connection issue

Expected results:
should succeed with default values

Additional info:
maybe related to https://bugzilla.redhat.com/show_bug.cgi?id=1456352
Comment 2 RHEL Program Management 2021-04-29 09:26:52 UTC 
This bug report has Keywords: Regression or TestBlocker.
Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
Comment 3 Petr Matyáš 2021-05-10 11:45:55 UTC 
Verified on ovirt-engine-extension-aaa-ldap-1.4.3-1.el8ev.noarch
Comment 4 msheena 2021-05-18 14:06:20 UTC 
This issue reproduces for us with
=================================
ovirt-engine-4.4.6.8-0.1.el8ev.noarch
ovirt-engine-extension-aaa-ldap-1.4.3-1.el8ev.noarch

The scenario
============
1. Create a provider

POST ../ovirt-engine/api/openstacknetworkproviders
<openstack_network_provider>
    <name>ovirt-provider-ovn-auth-test</name>
    <authentication_url>ENGINE_FQDN:35357/v2.0</authentication_url>
    <password>PASSWORD</password>
    <requires_authentication>true</requires_authentication>
    <url>ENGINE_FQDN:9696</url>
    <username>admin@internal</username>
    <external_plugin_type>OVIRT_PROVIDER_OVN</external_plugin_type>
    <read_only>false</read_only>
    <type>external</type>
    <unmanaged>false</unmanaged>
</openstack_network_provider>

2. systemctl restart ovirt-provider-ovn.service

3. PUT /ovirt-engine/api/openstacknetworkproviders/UUID
<openstack_network_provider>
    <password>PASSWORD</password>
    <username>UNAME@SERVER@USER</username>
</openstack_network_provider>

4. POST /ovirt-engine/api/openstacknetworkproviders/UUID/testconnectivity
<action>
    <async>false</async>
    <grace_period>
        <expiry>10</expiry>
    </grace_period>
</action>

|
|
---> 2021-05-18 15:59:48,729 - MainThread - api_utils - ERROR - Failed to syncAction element NOT as expected:
        Status: 400
        Reason: Bad Request
        Detail: [Failed to communicate with the external provider, see log for additional details.]
Note You need to log in before you can comment on or make changes to this bug.