<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"\FF2D\FF33 \30B4\30B7\30C3\30AF";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"\FF2D\FF33 \30B4\30B7\30C3\30AF";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"\@\FF2D\FF33 \30B4\30B7\30C3\30AF";
panose-1:2 11 6 9 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0mm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Arial","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Arial","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Arial","sans-serif";}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:99.25pt 30.0mm 30.0mm 30.0mm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026">
<v:textbox inset="5.85pt,.7pt,5.85pt,.7pt" />
</o:shapedefaults></xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="JA" link="blue" vlink="purple" style="text-justify-trim:punctuation">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">Hello Alon,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">I am having some trouble using the new aaa released in version 3.5 of oVirt.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">include = <ad.properties><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"># Active directory domain name.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">vars.domain = jp.co.xxxxx.com<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"># Search user and its password.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#vars.user = CN=username,OU=UserAccounts,DC=jp,DC=co,DC=xxx,DC=com<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">vars.user = xxx<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">vars.password = xxxxxx<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"># Optional DNS servers, if enterprise<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"># DNS server cannot resolve the domain srvrecord.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">vars.dns = dns://xxx.jp.co.xxxx.com<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">pool.default.serverset.type = srvrecord<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">pool.default.serverset.srvrecord.domain = ${global:vars.domain}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">pool.default.auth.simple.bindDN = ${global:vars.user}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">pool.default.auth.simple.password = ${global:vars.password}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"># Uncomment if using custom DNS<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#pool.default.socketfactory.resolver.uRL = ${global:vars.dns}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"># Create keystore, import certificate chain and uncomment<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"># if using ssl/tls.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#pool.default.ssl.startTLS = true<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">#pool.default.ssl.truststore.password = changeit<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.extension.name = sqex-authn<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.extension.bindings.method = jbossmodule<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.aaa.authn.profile.name = sqex<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.aaa.authn.authz.plugin = sqex-authz<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">config.profile.file.1 = /etc/ovirt-engine/aaa/sqex.properties<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.extension.name = sqex-authz<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.extension.bindings.method = jbossmodule<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">config.profile.file.1 = /etc/ovirt-engine/aaa/sqex.properties<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">The error in the engine log is as follows:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">2014-12-15 13:39:12,828 INFO [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (MSC service thread 1-4) Loaded file "/etc/ovirt-engine/engine.conf.d/50-ovirt-engine-extension-aaa-ldap.conf".<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">2014-12-15 13:39:12,855 INFO [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (MSC service thread 1-4) Value of property "ENGINE_JAVA_MODULEPATH" is "/usr/share/ovirt-engine/modules:/usr/share/ovirt-engine-extension-aaa-ldap/modules".<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">2014-12-15 13:39:14,053 INFO [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Creating LDAP pool 'authz'<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">2014-12-15 13:39:27,259 INFO [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Creating LDAP pool 'gc'<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">2014-12-15 13:39:28,265 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Cannot initialize LDAP framework,
deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_gc._tcp.jp.co.square-enix.com': javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_gc._tcp.jp.co.square-enix.com'<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">2014-12-15 13:39:28,271 INFO [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authn::sqex-authn] Creating LDAP pool 'authz'<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">2014-12-15 13:39:36,316 INFO [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authn::sqex-authn] Creating LDAP pool 'authn'<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">2014-12-15 13:39:39,384 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-6) Instance name: 'sqex-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz',
Version: '1.0.0', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/etc/ovirt-engine/extensions.d/sqex-authz.properties',
Initialized: 'true'<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">2014-12-15 13:39:39,388 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-6) Instance name: 'sqex-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn',
Version: '1.0.0', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/etc/ovirt-engine/extensions.d/sqex-authn.properties',
Initialized: 'true'<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">The ovirt server can find the dns in cli.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">J Tang<o:p></o:p></span></p>
</div>
</body>
</html>