835980 – Change to IPA server in RHEL 6.3 appears to break rhevm-manage-domains IPA autodetection logic?

Bug 835980 - Change to IPA server in RHEL 6.3 appears to break rhevm-manage-domains IPA autodetection logic?

Summary: Change to IPA server in RHEL 6.3 appears to break rhevm-manage-domains IPA au...

Keywords:
Status:	CLOSED DUPLICATE of bug 808129
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	3.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Nobody's working on this, feel free to take it
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-06-27 18:02 UTC by Stephen Gordon
Modified:	2018-11-28 20:56 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-06-28 01:37:59 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 1 Stephen Gordon 2012-06-27 18:04:07 UTC

Sanatized summary (original description contains internal only machine addresses):

I've been trying to run up a RHEV environment here in Toronto for the local engineering teams and run into an issue which I think relates to a change made to IPA in RHEL 6.3. I have installed RHEVM on a RHEL 6.3 machine, and IPA server on another RHEL 6.3 machine. When I do rhevm-manage-domains I get the following response (note I do have PTR and SRV records even though it's a usersys address, I'm providing them  locally using dnsmasq)

No user in Directory was found for admin@<snip>. Trying next LDAP server in list
Failure while testing domain <snip>. Details: No user information was found for user

The log does not provide much insight:

2012-06-27 13:22:07,635 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): <snip>
2012-06-27 13:22:07,635 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: <snip>

I did find a docspace article in my travels that suggested that perhaps the UPN in IPA didn't match what rhevm-manage-domains expects but that doesn't appear to be the case here, I am able to kinit as the given UPN. I did a bit more searching and came across this:

    https://access.redhat.com/discussion/freeipa-integration-problem

Essentially it appears a change in FreeIPA (yes, which I know we don't support, stay with me here) throws off the logic in rhevm-manage-domains that autodetects whether IPA or AD is in use, causing the error that I am running into. Clicking through that discussion to the FreeIPA ticket, and then to a RHEL bugzilla you end up here:

    https://bugzilla.redhat.com/show_bug.cgi?id=766322

To me it looks like this change to ipa-server, known to break rhevm-manage-domains, was deployed as part of RHEL 6.3? Has anyone successfully used rhevm-manage-domains to add an IPA domain that is hosted on a RHEL 6.3 box?

Comment 2 Stephen Gordon 2012-06-27 18:43:50 UTC

Should also note I did come across and follow the steps here:

https://access.redhat.com/knowledge/ko/node/70496

As I said though I get to the end of this and can still kinit as the given user@domain so not sure this is the issue.

Comment 3 Stephen Gordon 2012-06-27 20:05:36 UTC

I've since installed a RHEL 6.2 VM and pointed the DNS entries at it (my IPA instances are VMs), ran ipa-server-install, and was able to successfully add the domain using rhevm-manage-domains. This definitely looks like it was introduced in  RHEL 6.3 to me.

RHEL 6.2: ipa server-2.1.3-9.el6.x86_64
RHEL 6.3: ipa-server-2.2.0-16.el6.x86_64

Comment 5 Itamar Heim 2012-06-28 01:37:59 UTC


*** This bug has been marked as a duplicate of bug 808129 ***

Note You need to log in before you can comment on or make changes to this bug.