OLVM : "ovirt-engine-extension-aaa-ldap-setup" fails with "Cannot resolve principal ".
(Doc ID 2779066.1)
Last updated on OCTOBER 02, 2024
Applies to:
Linux OS - Version Oracle Linux 7.9 and laterx86_64
Symptoms
When configuring the OLVM with AD through Script: ovirt-engine-extension-aaa-ldap-setup
With Options:
3 - Active Directory
Please enter Active Directory Forest name: testad.local
Please select protocol to use (startTLS, ldaps, plain) [startTLS]: ldaps
Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): CN=svcoraclekvm,OU=Service Accounts,OU=ICC,DC=TESTAD,DC=LOCAL
Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]:
Please provide credentials to test login flow:
Enter user name: <username>
Enter user password:
The following error is seen :
INFO Iteration: 0
INFO Profile='testad.local' authn='testad.local-authn' authz='testad.local' mapping='null'
INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='testad.local' user='svcoraclekvm'
INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='testad.local' result=SUCCESS
INFO --- Begin AuthRecord ---
INFO AAA_AUTHN_AUTH_RECORD_PRINCIPAL: svcoraclekvm@TESTAD.LOCAL
INFO --- End AuthRecord ---
INFO API: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='svcoraclekvm@TESTAD.LOCAL'
SEVERE Cannot resolve principal '<username>@TESTAD.LOCAL'
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |