Bug 835980 - Change to IPA server in RHEL 6.3 appears to break rhevm-manage-domains IPA autodetection logic?
Change to IPA server in RHEL 6.3 appears to break rhevm-manage-domains IPA au...
Status: CLOSED DUPLICATE of bug 808129
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
Unspecified Unspecified
high Severity high
: ---
: ---
Assigned To: Nobody's working on this, feel free to take it
: Regression
Depends On:
  Show dependency treegraph
Reported: 2012-06-27 14:02 EDT by Stephen Gordon
Modified: 2015-09-22 09 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-27 21:37:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 1 Stephen Gordon 2012-06-27 14:04:07 EDT
Sanatized summary (original description contains internal only machine addresses):

I've been trying to run up a RHEV environment here in Toronto for the local engineering teams and run into an issue which I think relates to a change made to IPA in RHEL 6.3. I have installed RHEVM on a RHEL 6.3 machine, and IPA server on another RHEL 6.3 machine. When I do rhevm-manage-domains I get the following response (note I do have PTR and SRV records even though it's a usersys address, I'm providing them  locally using dnsmasq)

No user in Directory was found for admin@<snip>. Trying next LDAP server in list
Failure while testing domain <snip>. Details: No user information was found for user

The log does not provide much insight:

2012-06-27 13:22:07,635 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): <snip>
2012-06-27 13:22:07,635 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: <snip>

I did find a docspace article in my travels that suggested that perhaps the UPN in IPA didn't match what rhevm-manage-domains expects but that doesn't appear to be the case here, I am able to kinit as the given UPN. I did a bit more searching and came across this:


Essentially it appears a change in FreeIPA (yes, which I know we don't support, stay with me here) throws off the logic in rhevm-manage-domains that autodetects whether IPA or AD is in use, causing the error that I am running into. Clicking through that discussion to the FreeIPA ticket, and then to a RHEL bugzilla you end up here:


To me it looks like this change to ipa-server, known to break rhevm-manage-domains, was deployed as part of RHEL 6.3? Has anyone successfully used rhevm-manage-domains to add an IPA domain that is hosted on a RHEL 6.3 box?
Comment 2 Stephen Gordon 2012-06-27 14:43:50 EDT
Should also note I did come across and follow the steps here:


As I said though I get to the end of this and can still kinit as the given user@domain so not sure this is the issue.
Comment 3 Stephen Gordon 2012-06-27 16:05:36 EDT
I've since installed a RHEL 6.2 VM and pointed the DNS entries at it (my IPA instances are VMs), ran ipa-server-install, and was able to successfully add the domain using rhevm-manage-domains. This definitely looks like it was introduced in  RHEL 6.3 to me.

RHEL 6.2: ipa server-2.1.3-9.el6.x86_64
RHEL 6.3: ipa-server-2.2.0-16.el6.x86_64
Comment 5 Itamar Heim 2012-06-27 21:37:59 EDT

*** This bug has been marked as a duplicate of bug 808129 ***

Note You need to log in before you can comment on or make changes to this bug.