My Oracle Support Banner

OLVM : "ovirt-engine-extension-aaa-ldap-setup" fails with "Cannot resolve principal ". (Doc ID 2779066.1)

Last updated on JUNE 07, 2021

Applies to:

Linux OS - Version Oracle Linux 7.9 and later
x86_64

Symptoms

 When configuring the OLVM with AD through Script: ovirt-engine-extension-aaa-ldap-setup
With Options:
3 - Active Directory
Please enter Active Directory Forest name: testad.local
Please select protocol to use (startTLS, ldaps, plain) [startTLS]: ldaps
Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): CN=svcoraclekvm,OU=Service Accounts,OU=ICC,DC=TESTAD,DC=LOCAL
Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]:
Please provide credentials to test login flow:
Enter user name: <username>
Enter user password:

The following error is seen :

INFO Iteration: 0
INFO Profile='testad.local' authn='testad.local-authn' authz='testad.local' mapping='null'
INFO API: -->Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='testad.local' user='svcoraclekvm'
INFO API: <--Authn.InvokeCommands.AUTHENTICATE_CREDENTIALS profile='testad.local' result=SUCCESS
INFO --- Begin AuthRecord ---
INFO AAA_AUTHN_AUTH_RECORD_PRINCIPAL: svcoraclekvm@TESTAD.LOCAL
INFO --- End AuthRecord ---
INFO API: -->Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD principal='svcoraclekvm@TESTAD.LOCAL'
SEVERE Cannot resolve principal '<username>@TESTAD.LOCAL'

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.