Description of problem: In case javax.naming.AuthenticationException is thrown - engine code does log the reason this exception was thrown. For this exception, the following log appears - "Ldap authentication failed. Please check that the login name , password and path are correct". A more detailed reason should appear in order to help troubleshooting of login problems. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
The above mention code is not used in upstream anymore. Here are test results for specific cases: 1) Non existing user 2013-12-12 13:30:48,782 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (http--0.0.0.0-8080-1) Kerberos error: Client not found in Kerberos database (6) 2013-12-12 13:30:48,783 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (http--0.0.0.0-8080-1) Authentication Failed. Client not found in kerberos database. 2013-12-12 13:30:48,785 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8080-1) Failed ldap search server ldap://dc-02.ad2.rhev.lab.eng.brq.redhat.com:389 using user mperina3.LAB.ENG.BRQ.REDHAT.COM due to Authentication Failed. Client not found in kerberos database.. We should not try the next server 2013-12-12 13:30:48,787 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-1) Failed authenticating user: mperina3 to domain ad2.rhev.lab.eng.brq.redhat.com. Ldap Query Type is getUserByName 2013-12-12 13:30:48,788 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-1) Authentication Failed. Client not found in kerberos database. 2013-12-12 13:30:48,789 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1) USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD : mperina3 2013-12-12 13:30:48,791 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD 2) Wrong password 2013-12-12 13:45:44,231 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (http--0.0.0.0-8080-1) Kerberos error: Pre-authentication information was invalid (24) 2013-12-12 13:45:44,232 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (http--0.0.0.0-8080-1) Authentication Failed. Please verify the username and password. 2013-12-12 13:45:44,234 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8080-1) Failed ldap search server ldap://dc-02.ad2.rhev.lab.eng.brq.redhat.com:389 using user mperina2.LAB.ENG.BRQ.REDHAT.COM due to Authentication Failed. Please verify the username and password.. We should not try the next server 2013-12-12 13:45:44,235 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-1) Failed authenticating user: mperina2 to domain ad2.rhev.lab.eng.brq.redhat.com. Ldap Query Type is getUserByName 2013-12-12 13:45:44,237 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-1) Authentication Failed. Please verify the username and password. 2013-12-12 13:45:44,238 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1) USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD : mperina2 2013-12-12 13:45:44,238 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD 3) Account expired 2013-12-12 13:40:11,723 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (http--0.0.0.0-8080-1) Kerberos error: Clients credentials have been revoked (18) 2013-12-12 13:40:11,724 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (http--0.0.0.0-8080-1) Authentication failed. The user is either locked or disabled 2013-12-12 13:40:11,726 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http--0.0.0.0-8080-1) Failed ldap search server ldap://dc-02.ad2.rhev.lab.eng.brq.redhat.com:389 using user mperina2.LAB.ENG.BRQ.REDHAT.COM due to Authentication failed. The user is either locked or disabled. We should not try the next server 2013-12-12 13:40:11,728 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-1) Failed authenticating user: mperina2 to domain ad2.rhev.lab.eng.brq.redhat.com. Ldap Query Type is getUserByName 2013-12-12 13:40:11,729 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (http--0.0.0.0-8080-1) Authentication failed. The user is either locked or disabled 2013-12-12 13:40:11,729 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1) USER_FAILED_TO_AUTHENTICATE_ACCOUNT_IS_LOCKED_OR_DISABLED : mperina2 2013-12-12 13:40:11,730 WARN [org.ovirt.engine.core.bll.LoginAdminUserCommand] (http--0.0.0.0-8080-1) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_ACCOUNT_IS_LOCKED_OR_DISABLED