Re: [ovirt-devel] oVirt AAA LDAP
----- Original Message -----
From: "Tang Jackson" <tangjack(a)square-enix.com>
To: devel(a)ovirt.org
Sent: Monday, December 15, 2014 11:55:22 AM
Subject: [ovirt-devel] oVirt AAA LDAP
Hello Alon,
I am having some trouble using the new aaa released in version 3.5 of oVirt.
include = <ad.properties>
#
# Active directory domain name.
#
vars.domain = jp.co.xxxxx.com
#
# Search user and its password.
#
#vars.user = CN=username,OU=UserAccounts,DC=jp,DC=co,DC=xxx,DC=com
vars.user = xxx
user should be username@${global:vars.domain}
vars.password = xxxxxx
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://xxx.jp.co.xxxx.com
this must point to active directory dns implementation, all srv records should be
available, you can choose one or more domain controllers or remove this if your default
dns is referring the microsoft dns.
<snip>
2014-12-15 13:39:28,265 ERROR
[org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Cannot initialize
LDAP framework, deferring initialization. Error: An error occurred while
attempting to query DNS in order to retrieve SRV records with name
'_gc._tcp.jp.co.square-enix.com': javax.naming.NameNotFoundException: DNS
name not found [response code 3]; remaining name
'_gc._tcp.jp.co.square-enix.com'
this states that the jp.co.square-enix.com is either:
1. not active directory domain name, missing component or similar, or spelled
incorrectly.
2. the ldap you refer to is missing active directory srv records.
Alon