<div dir="ltr"><div>Big thanks for your help, but still the same:<br><br>#<br># Active directory domain name.<br>#<br>vars.domain = <a href="http://mydomain.com">mydomain.com</a><br><br>#<br># Search user and its password.<br>#<br>vars.user = admin@${global:vars.domain}<br>vars.password = *****<br><br>#<br># Optional DNS servers, if enterprise<br># DNS server cannot resolve the domain srvrecord.<br>#<br>vars.dns = dns://srvdc03.${global:vars.domain} dns://srvdc04.${global:vars.domain}<br><br>pool.default.serverset.type = srvrecord<br>pool.default.serverset.srvrecord.domain = ${global:vars.domain}<br>pool.default.auth.simple.bindDN = ${global:vars.user}<br>pool.default.auth.simple.password = ${global:vars.password}<br><br># Uncomment if using custom DNS<br>pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns}<br>pool.default.socketfactory.resolver.uRL = ${global:vars.dns}<br><br><br><br> [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initialize LDAP framework, deferring initialization. Error: No DNS SRV records were found with record name '_gc._tcp.brussels.airport'.<br><br></div>And I can't put '_gc._<a href="http://tcp.mydomain.com">tcp.mydomain.com</a> in the dns... Isn't there another way it just resolves the dns servers I gave him?<br><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-01-29 13:02 GMT+01:00 Alon Bar-Lev <span dir="ltr"><<a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
----- Original Message -----<br>
> From: "Ondra Machacek" <<a href="mailto:omachace@redhat.com">omachace@redhat.com</a>><br>
> To: "Koen Vanoppen" <<a href="mailto:vanoppen.koen@gmail.com">vanoppen.koen@gmail.com</a>>, <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> Sent: Thursday, January 29, 2015 1:49:00 PM<br>
> Subject: Re: [ovirt-users] AAA<br>
><br>
><br>
> On 01/29/2015 12:30 PM, Koen Vanoppen wrote:<br>
> > No, I don't. and I wouldn't know how he got to this name...<br>
><br>
> Well, then you have to, if you want to use 'pool.default.serverset.type<br>
> = srvrecord'.<br>
><br>
> It just need to know where your global catalog is running, since it's<br>
> needed for new provider.<br>
><br>
> It searches for global catalog like this:<br>
> dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}<br>
><br>
> So you need to have this SRV record in DNS, if you want to use srvrecord<br>
> serverset type. Or you don't have to if you use single server type.<br>
<br>
</span>active directory will not work without access to global catalog.<br>
please set one or more of the domain controllers as dns server, for example:<br>
<br>
vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}<br>
<br>
please also uncomment/add these lines to make vars.dns effective.<br>
<br>
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns}<br>
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}<br>
<br>
Thanks!<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
> ><br>
> > Thanks for the reply!<br>
> ><br>
> > 2015-01-29 11:53 GMT+01:00 Ondra Machacek <<a href="mailto:omachace@redhat.com">omachace@redhat.com</a><br>
> > <mailto:<a href="mailto:omachace@redhat.com">omachace@redhat.com</a>>>:<br>
> ><br>
> > On 01/29/2015 11:41 AM, Koen Vanoppen wrote:<br>
> ><br>
> > Can somebody help me setting up AAA for ovirt 3.5.1?<br>
> ><br>
> > I'm getting this now:<br>
> ><br>
> > 2015-01-29 11:35:36,889 WARN<br>
> > [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC<br>
> > service thread<br>
> > 1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]<br>
> > Cannot<br>
> > initialize LDAP framework, deferring initialization. Error: An<br>
> > error<br>
> > occurred while attempting to query DNS in order to retrieve SRV<br>
> > records<br>
> > with name '_gc._tcp.brussels.airport':<br>
> > javax.naming.__NameNotFoundException: DNS name not found<br>
> > [response code<br>
> > 3]; remaining name '_gc._tcp.brussels.airport'<br>
> ><br>
> ><br>
> > Do you have this '_gc._tcp.brussels.airport' SRV record in DNS ?<br>
> ><br>
> ><br>
> > my 3 configs:<br>
> > _*BRU_AIR-authn.properties*_<br>
> > <a href="http://ovirt.engine.extension.name" target="_blank">ovirt.engine.extension.name</a> <<a href="http://ovirt.engine.extension.name" target="_blank">http://ovirt.engine.extension.name</a>><br>
> > <<a href="http://ovirt.engine." target="_blank">http://ovirt.engine.</a>__<a href="http://extension.name" target="_blank">extension.name</a><br>
> > <<a href="http://ovirt.engine.extension.name" target="_blank">http://ovirt.engine.extension.name</a>>> =<br>
> > BRU_AIR-authn<br>
> > ovirt.engine.extension.__bindings.method = jbossmodule<br>
> > ovirt.engine.extension.__binding.jbossmodule.module =<br>
> > org.ovirt.engine-extensions.__aaa.ldap<br>
> > ovirt.engine.extension.__binding.jbossmodule.class =<br>
> > org.ovirt.engineextensions.__aaa.ldap.AuthnExtension<br>
> > ovirt.engine.extension.__provides =<br>
> > org.ovirt.engine.api.__extensions.aaa.Authn<br>
> > ovirt.engine.aaa.authn.__<a href="http://profile.name" target="_blank">profile.name</a><br>
> > <<a href="http://ovirt.engine.aaa.authn.profile.name" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>><br>
> > <<a href="http://ovirt.engine.aaa." target="_blank">http://ovirt.engine.aaa.</a>__<a href="http://authn.profile.name" target="_blank">authn.profile.name</a><br>
> > <<a href="http://ovirt.engine.aaa.authn.profile.name" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>>> = BRU-AIR<br>
> > ovirt.engine.aaa.authn.authz.__plugin = BRU_AIR-authz<br>
> > config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.__properties<br>
> ><br>
> > _*BRU_AIR-authz.properties*_<br>
> > <a href="http://ovirt.engine.extension.name" target="_blank">ovirt.engine.extension.name</a> <<a href="http://ovirt.engine.extension.name" target="_blank">http://ovirt.engine.extension.name</a>><br>
> > <<a href="http://ovirt.engine." target="_blank">http://ovirt.engine.</a>__<a href="http://extension.name" target="_blank">extension.name</a><br>
> > <<a href="http://ovirt.engine.extension.name" target="_blank">http://ovirt.engine.extension.name</a>>> =<br>
> > BRU_AIR-authz<br>
> > ovirt.engine.extension.__bindings.method = jbossmodule<br>
> > ovirt.engine.extension.__binding.jbossmodule.module =<br>
> > org.ovirt.engine-extensions.__aaa.ldap<br>
> > ovirt.engine.extension.__binding.jbossmodule.class =<br>
> > org.ovirt.engineextensions.__aaa.ldap.AuthzExtension<br>
> > ovirt.engine.extension.__provides =<br>
> > org.ovirt.engine.api.__extensions.aaa.Authz<br>
> > config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.__properties<br>
> ><br>
> > _*BRU_AIR.properties*_<br>
> > include = <ad.properties><br>
> ><br>
> > #<br>
> > # Active directory domain name.<br>
> > #<br>
> > vars.domain = <a href="http://mydomain.com" target="_blank">mydomain.com</a> <<a href="http://mydomain.com" target="_blank">http://mydomain.com</a>><br>
> > <<a href="http://mydomain.com" target="_blank">http://mydomain.com</a>><br>
> ><br>
> > #<br>
> > # Search user and its password.<br>
> > #<br>
> > vars.user = admin@${global:vars.domain}<br>
> > vars.password = ***********<br>
> ><br>
> > #<br>
> > # Optional DNS servers, if enterprise<br>
> > # DNS server cannot resolve the domain srvrecord.<br>
> > #<br>
> > vars.dns = dns://<a href="http://dc01.mydomain.com" target="_blank">dc01.mydomain.com</a> <<a href="http://dc01.mydomain.com" target="_blank">http://dc01.mydomain.com</a>><br>
> > <<a href="http://dc01.mydomain.com" target="_blank">http://dc01.mydomain.com</a>><br>
> ><br>
> > pool.default.serverset.type = srvrecord<br>
> > pool.default.serverset.__srvrecord.domain = ${global:vars.domain}<br>
> > pool.default.auth.simple.__bindDN = ${global:vars.user}<br>
> > pool.default.auth.simple.__password = ${global:vars.password<br>
> ><br>
> > In the GUI for adding user I get this:<br>
> ><br>
> > An error occurred while attempting to query DNS in order to<br>
> > retrieve SRV<br>
> > records with name '_gc__tcp_brussels_airport':<br>
> > javax_naming___NameNotFoundException: DNS name not found<br>
> > [response code<br>
> > 3]; remaining name '_gc__tcp_brussels_airport'<br>
> ><br>
> > Any ideas? I ran out...<br>
> ><br>
> > Kind regards,<br>
> ><br>
> > Koen<br>
> ><br>
> ><br>
> > _________________________________________________<br>
> > Users mailing list<br>
> > <a href="mailto:Users@ovirt.org">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org">Users@ovirt.org</a>><br>
> > <a href="http://lists.ovirt.org/__mailman/listinfo/users" target="_blank">http://lists.ovirt.org/__mailman/listinfo/users</a><br>
> > <<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a>><br>
> ><br>
> ><br>
</div></div><div class="HOEnZb"><div class="h5">> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> <a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
><br>
</div></div></blockquote></div><br></div>