[ovirt-users] Issue with oVirt aaa-ldap connector on fresh install of 4.3.3

Wed, 05 Jun 2019 06:01:54 -0700 

________________________________
From: Vrgotic, Marko
Sent: Tuesday, June 4, 2019 4:44:08 PM
To: [email protected]
Cc: Stojchev, Darko
Subject: Issue with aaa-ldap connector on fresh install of 4.3.3


Dear oVIrt,



We are running 4.3.3 latest with SHE.



Tried to connect our domain users using aaa-ldap extension tool provided.



We tried multiple different accounts, with multiple dn search tree syntaxes and 
verified the passwords.

The error is always the same:

`2019-06-04 14:03:30,763+0000 ERROR 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common 
common._customization_late:835 Cannot authenticate using 
'uid=**FILTERED**,ou=ABC Users,dc=example,dc=com': {'info': '80090308: LdapErr: 
DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc': 
'Invalid credentials'}`



The log file is showing the following:



2019-06-04 14:02:31,666+0000 DEBUG 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common common._getURLs:283 
URLs: [u'ldap://hqdc2.example.com:389', u'ldap://eudc1.example.com:389', 
u'ldap://eudc2.example.com:389', u'ldap://hqdc1.example.com:389']

2019-06-04 14:02:31,666+0000 INFO 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common 
common._connectLDAP:393 Connecting to LDAP using 'ldap://hqdc2.example.com:389'

2019-06-04 14:02:31,675+0000 INFO 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common 
common._connectLDAP:444 Executing startTLS

2019-06-04 14:02:32,420+0000 DEBUG 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common 
common._connectLDAP:447 Perform search

2019-06-04 14:02:32,567+0000 DEBUG 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common 
common._connectLDAP:455 Result: [('', {'supportedLDAPVersion': ['3', '2']})]

2019-06-04 14:02:32,568+0000 INFO 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common 
common._connectLDAP:457 Connection succeeded

2019-06-04 14:02:32,568+0000 DEBUG otopi.plugins.otopi.dialog.human 
human.queryString:159 query OVAAALDAP_LDAP_USER

2019-06-04 14:02:32,568+0000 DEBUG otopi.plugins.otopi.dialog.human 
dialog.__logString:204 DIALOG:SEND                 Enter search user DN (for 
example uid=username,dc=example,dc=com or leave empty for anonymous):

2019-06-04 14:02:57,540+0000 DEBUG otopi.plugins.otopi.dialog.human 
dialog.__logString:204 DIALOG:RECEIVE    
uid=da-dstojchev,ou=Users,dc=example,dc=com

2019-06-04 14:02:57,541+0000 DEBUG otopi.plugins.otopi.dialog.human 
human.queryString:159 query OVAAALDAP_LDAP_PASSWORD

2019-06-04 14:02:57,541+0000 DEBUG otopi.plugins.otopi.dialog.human 
dialog.__logString:204 DIALOG:SEND                 Enter search user password:

2019-06-04 14:03:00,713+0000 INFO 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common common._bindLDAP:478 
Attempting to bind using 'uid=da-dstojchev,ou=Users,dc=example,dc=com'

2019-06-04 14:03:00,862+0000 ERROR 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common 
common._customization_late:835 Cannot authenticate using 
'uid=da-dstojchev,ou=Users,dc=example,dc=com': {'info': '80090308: LdapErr: 
DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc': 
'Invalid credentials'}

2019-06-04 14:03:00,863+0000 DEBUG otopi.plugins.otopi.dialog.human 
human.queryString:159 query OVAAALDAP_LDAP_USER

2019-06-04 14:03:00,863+0000 DEBUG otopi.plugins.otopi.dialog.human 
dialog.__logString:204 DIALOG:SEND                 Enter search user DN (for 
example uid=username,dc=example,dc=com or leave empty for anonymous):

2019-06-04 14:03:27,376+0000 DEBUG otopi.plugins.otopi.dialog.human 
dialog.__logString:204 DIALOG:RECEIVE    uid=openstack-test,ou=ABC 
Users,dc=example,dc=com

2019-06-04 14:03:27,376+0000 DEBUG otopi.plugins.otopi.dialog.human 
human.queryString:159 query OVAAALDAP_LDAP_PASSWORD

2019-06-04 14:03:27,377+0000 DEBUG otopi.plugins.otopi.dialog.human 
dialog.__logString:204 DIALOG:SEND                 Enter search user password:

2019-06-04 14:03:30,616+0000 INFO 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common common._bindLDAP:478 
Attempting to bind using 'uid=**FILTERED**,ou=ABC Users,dc=example,dc=com'

2019-06-04 14:03:30,763+0000 ERROR 
otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap.common 
common._customization_late:835 Cannot authenticate using 
'uid=**FILTERED**,ou=ABC Users,dc=example,dc=com': {'info': '80090308: LdapErr: 
DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1', 'desc': 
'Invalid credentials'}

2019-06-04 14:03:30,764+0000 DEBUG otopi.plugins.otopi.dialog.human 
human.queryString:159 query OVAAALDAP_LDAP_USER

2019-06-04 14:03:30,764+0000 DEBUG otopi.plugins.otopi.dialog.human 
dialog.__logString:204 DIALOG:SEND                 Enter search user DN (for 
example uid=username,dc=example,dc=com or leave empty for anonymous):

2019-06-04 14:03:41,055+0000 DEBUG otopi.context context._executeMethod:145 
method exception

Traceback (most recent call last):

  File "/usr/lib/python2.7/site-packages/otopi/context.py", line 132, in 
_executeMethod

    method['method']()

  File 
"/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py",
 line 812, in _customization_late

    default='',

  File "/usr/share/otopi/plugins/otopi/dialog/human.py", line 211, in 
queryString

    value = self._readline(hidden=hidden)

  File "/usr/lib/python2.7/site-packages/otopi/dialog.py", line 246, in 
_readline

    value = self.__input.readline()

  File "/usr/lib/python2.7/site-packages/otopi/main.py", line 53, in _signal

    raise RuntimeError("SIG%s" % signum)

RuntimeError: SIG2

2019-06-04 14:03:41,057+0000 ERROR otopi.context context._executeMethod:154 
Failed to execute stage 'Environment customization': SIG2

2019-06-04 14:03:41,057+0000 DEBUG otopi.context context.dumpEnvironment:731 
ENVIRONMENT DUMP – BEGIN



This is fresh install of oVIrt 4.3.3 latest, assigned for our prod env.



Kindly awaiting your reply,



Marko Vrgotic

ActiveVideo

_______________________________________________
Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/[email protected]/message/FPTQ3NUF3TRB26BWCPOV76TMQPQFS3PD/

Reply via email to