Re: [ovirt-devel] oVirt AAA LDAP
Hello Alon,
Thanks I've figured it out yesterday, it was due to the global catalog pointer being
wrong as you said.
-----Original Message-----
From: Alon Bar-Lev [mailto:alonbl@redhat.com]
Sent: Wednesday, December 17, 2014 8:23 AM
To: Tang Jackson
Cc: devel(a)ovirt.org
Subject: Re: [ovirt-devel] oVirt AAA LDAP
----- Original Message -----
From: "Tang Jackson" <tangjack(a)square-enix.com>
To: devel(a)ovirt.org
Sent: Monday, December 15, 2014 11:55:22 AM
Subject: [ovirt-devel] oVirt AAA LDAP
Hello Alon,
I am having some trouble using the new aaa released in version 3.5 of oVirt.
include = <ad.properties>
#
# Active directory domain name.
#
vars.domain = jp.co.xxxxx.com
#
# Search user and its password.
#
#vars.user = CN=username,OU=UserAccounts,DC=jp,DC=co,DC=xxx,DC=com
vars.user = xxx
user should be username@${global:vars.domain}
vars.password = xxxxxx
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://xxx.jp.co.xxxx.com
this must point to active directory dns implementation, all srv records should be
available, you can choose one or more domain controllers or remove this if your default
dns is referring the microsoft dns.
<snip>
2014-12-15 13:39:28,265 ERROR
[org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service
thread
1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV
records with name
'_gc._tcp.jp.co.square-enix.com': javax.naming.NameNotFoundException:
DNS name not found [response code 3]; remaining name
'_gc._tcp.jp.co.square-enix.com'
this states that the jp.co.square-enix.com is either:
1. not active directory domain name, missing component or similar, or spelled
incorrectly.
2. the ldap you refer to is missing active directory srv records.
Alon