OLVM:Setting up openLDAP Fails During authentication with Error "AUTHENTICATE_CREDENTIALS profile='<profile name>' result=CREDENTIALS_INVALID
(Doc ID 2695139.1)
Last updated on JULY 30, 2020
Applies to:
Linux OS - Version Oracle Linux 7.6 with Unbreakable Enterprise Kernel [4.14.35] and laterLinux x86-64
Symptoms
Setting up openldap in OLVM fails with credentials invalid despite giving the correct one:
[root@<hostname>]# ovirt-engine-extension-aaa-ldap-setup [ INFO ] Stage: Initializing [ INFO ] Stage: Environment setup Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d/10-packaging.conf'] Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20190322130822-xxyeuc.log Version: otopi-1.7.8 (otopi-1.7.8-1.el7) [ INFO ] Stage: Environment packages setup [ INFO ] Stage: Programs detection [ INFO ] Stage: Environment customization Welcome to LDAP extension configuration program Available LDAP implementations: 1 - 389ds 2 - 389ds RFC-2307 Schema 3 - Active Directory 4 - IBM Security Directory Server 5 - IBM Security Directory Server RFC-2307 Schema 6 - IPA 7 - Novell eDirectory RFC-2307 Schema 8 - OpenLDAP RFC-2307 Schema 9 - OpenLDAP Standard Schema 10 - Oracle Unified Directory RFC-2307 Schema 11 - RFC-2307 Schema (Generic) 12 - RHDS 13 - RHDS RFC-2307 Schema 14 - iPlanet Please select: 9 NOTE: It is highly recommended to use DNS resolution for LDAP server. If for some reason you intend to use hosts or plain address disable DNS usage. Use DNS (Yes, No) [Yes]: Available policy method: 1 - Single server 2 - DNS domain LDAP SRV record 3 - Round-robin between multiple hosts 4 - Failover between multiple hosts Please select: 1 Please enter host address:xxxx [WARNING] Detected plain IP address 'xxxx', disabling DNS. NOTE: It is highly recommended to use secure protocol to access the LDAP server. Protocol startTLS is the standard recommended method to do so. Only in cases in which the startTLS is not supported, fallback to non standard ldaps protocol. Use plain for test environments only. Please select protocol to use (startTLS, ldaps, plain) [startTLS]: plain [ INFO ] Connecting to LDAP using 'ldap://<IP-address>:389' [ INFO ] Connection succeeded Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): cn=ldapadm,dc=itzgeek,dc=local Enter search user password: [ INFO ] Attempting to bind using 'cn=ldapadm,dc=itzgeek,dc=local' Please enter base DN (dc=itzgeek,dc=local) [dc=itzgeek,dc=local]: Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: NOTE: Profile name has to match domain name, otherwise Single Sign-On for Virtual Machines will not work. Please specify profile name that will be visible to users [<Profile name>] [ INFO ] Stage: Setup validation NOTE: It is highly recommended to test drive the configuration before applying it into engine. Login sequence is executed automatically, but it is recommended to also execute Search sequence manually after successful Login sequence. Please provide credentials to test login flow: Enter user name: admin Enter user password: [ INFO ] Executing login sequence... Login output: 2019-03-22 13:09:13,234Z INFO ======================================================================== 2019-03-22 13:09:13,657Z INFO ============================ Initialization ============================ 2019-03-22 13:09:13,658Z INFO ======================================================================== 2019-03-22 13:09:13,876Z INFO Loading extension 'xxxx-authn' <@DATE>,155Z INFO Extension 'xxxx-authn' loaded <@DATE>,162Z INFO Loading extension 'xxxx' <@DATE>,173Z INFO Extension 'xxxx' loaded <@DATE>,173Z INFO Initializing extension 'xxxx-authn' <@DATE>,174Z INFO [ovirt-engine-extension-aaa-ldap.authn::xxxx-authn] Creating LDAP pool 'authz' <@DATE>,382Z INFO [ovirt-engine-extension-aaa-ldap.authn::xxxx-authn] LDAP pool 'authz' information: vendor='null' version='null' <@DATE>,383Z INFO [ovirt-engine-extension-aaa-ldap.authn::xxxx-authn] Creating LDAP pool 'authn' <@DATE>,393Z INFO [ovirt-engine-extension-aaa-ldap.authn::xxxx-authn] LDAP pool 'authn' information: vendor='null' version='null' <@DATE>,394Z INFO Extension 'xxxx-authn' initialized <@DATE>,395Z INFO Initializing extension 'xxxx' <@DATE>,396Z INFO [ovirt-engine-extension-aaa-ldap.authz::xxxx] Creating LDAP pool 'authz' <@DATE>,406Z INFO [ovirt-engine-extension-aaa-ldap.authz::xxxx] LDAP pool 'authz' information: vendor='null' version='null' <@DATE>,407Z INFO [ovirt-engine-extension-aaa-ldap.authz::xxxx] Available Namespaces: [dc=itzgeek,dc=local] <@DATE>,407Z INFO Extension 'xxxx' initialized <@DATE>,408Z INFO Start of enabled extensions list <@DATE>,408Z INFO Instance name: 'xxxx', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.3.8', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.8-1.el7', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpoArgRM/extensions.d/xxxx.properties', Initialized: 'true' <@DATE>,408Z INFO Instance name: 'xxxx-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.3.8', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.3.8-1.el7', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/tmp/tmpoArgRM/extensions.d/xxxx-authn.properties', Initialized: 'true' <@DATE>,409Z INFO End of enabled extensions list <@DATE>,409Z INFO ======================================================================== <@DATE>,409Z INFO ============================== Execution =============================== <@DATE>,409Z INFO ======================================================================== <@DATE>,409Z INFO Iteration: 0 <@DATE>,410Z INFO Profile='xxxx' authn='xxxx-authn' authz='xxxx' mapping='null' <@DATE>,411Z INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='xxxx' user='admin'441Z INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='xxxx' result=CREDENTIALS_INVALID <@DATE>,455Z SEVERE Authn.Result code is: CREDENTIALS_INVALID [ ERROR ] Login sequence failed Please investigate details of the failure (search for lines containing SEVERE log level). Select test sequence to execute (Done, Abort, Login, Search) [Abort]: [ ERROR ] Failed to execute stage 'Setup validation': Aborted by user [ INFO ] Stage: Clean up Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-<date>.log: [ INFO ] Stage: Pre-termination [ INFO ] Stage: Termination
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |