vPV 2.10 OpenLDAP with CSA
I installed vPV 2.10 for a customer in his vCenter with the vPV2.10 .ova file. The deployment went well, I could access vPV through https. I went on the admin tab and filled out the CSA Integration form correctly.
CSA is installed on a POC Appliance VM01 and is on the same VLAN as vPV. CSA is in version 4.1. Both machines, vPV and CSA, can communicate.
I modified the /var/opt/OV/conf/perf/PVconfig.ini LDAP section and restarted vPV service. Here is how the section looks like:
;BIND_DN_MEMBER_TYPE=<Type of member for group validation for e.g. member, uniqueMember,
;SSL_KEYSTORE=<Absolute path of keystore file>
After restarting the service, I could log in as vPV admin with the csaadmin default account from the integrated openLDAP of VM01. I could see all my CSA organisations as well. But when I tried to log on as a CSA user, in the CSA context, I always got the same error : "Invalid username/password".
Same error points out in the log file.
I retried the same credentials on the CSA marketplace and saw I could log in, so my credentials are correct. However I checked the header sent after submitting the form in the vPV logging page and I could see that the password of the form is somehow encrypted. Is that normal ?
I'm definately doing something wrong here in my csa integration but cannot see where. Any advice/help would be much appreciated.
Thank you !
All your configuration looks to be correct.
I would request you to enable the vPV trace and try the login again(which failed). Capture the trace and send it back which would help us to troubleshoot it further.
Please note that password is always encrypted.
Steps to be done:
- To enable trace go to PVconfig.ini, set TRACELEVEL as 11 and restart Server. Restart the Server by giving following command:
- /opt/OV/bin/ovc -restart ovtomcatB
- #pv trace --> This command will show you trace file name and location.
Please send the trace fiel back to us.
Thank you Saifu for your reply,
I actually found the solution in the logs generated with the trace.
I actually used the fqdn of the LDAP instead of it's IP in CSA organization LDAP panel and vPV couldn't resolve it.
After the fix, I could connect normally as a CSA user.
Thank you for your help !
Its great that you could figure out the problem from the log/trace file generated by vPV.
If the LDAP is not reachable or not reslovable from vPV, ideally vPV should be giving proper error message in the UI, instead of "invalid username/password. Its a known issue, we will try to address in future release.