11:55 a.m.
--_000_HK2PR03MB0820946F4AC0D92860236DC69C6F0HK2PR03MB0820apcp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hello Alon,
I am having some trouble using the new aaa released in version 3.5 of oVirt=
.
include =3D <ad.properties
#
# Active directory domain name.
#
vars.domain =3D jp.co.xxxxx.com
#
# Search user and its password.
#
#vars.user =3D CN=3Dusername,OU=3DUserAccounts,DC=3Djp,DC=3Dco,DC=3Dxxx,DC=
=3Dcom
vars.user =3D xxx
vars.password =3D xxxxxx
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns =3D dns://xxx.jp.co.xxxx.com
pool.default.serverset.type =3D srvrecord
pool.default.serverset.srvrecord.domain =3D ${global:vars.domain}
pool.default.auth.simple.bindDN =3D ${global:vars.user}
pool.default.auth.simple.password =3D ${global:vars.password}
# Uncomment if using custom DNS
#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
=3D ${global:vars.dns}
#pool.default.socketfactory.resolver.uRL =3D ${global:vars.dns}
# Create keystore, import certificate chain and uncomment
# if using ssl/tls.
#pool.default.ssl.startTLS =3D true
#pool.default.ssl.truststore.file =3D ${local:_basedir}/${global:vars.domai=
n}.jks
#pool.default.ssl.truststore.password =3D changeit
ovirt.engine.extension.name =3D sqex-authn
ovirt.engine.extension.bindings.method =3D jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =3D org.ovirt.engine-exte=
nsions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =3D org.ovirt.engineextens=
ions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides =3D org.ovirt.engine.api.extensions.aaa.Aut=
hn
ovirt.engine.aaa.authn.profile.name =3D sqex
ovirt.engine.aaa.authn.authz.plugin =3D sqex-authz
config.profile.file.1 =3D /etc/ovirt-engine/aaa/sqex.properties
ovirt.engine.extension.name =3D sqex-authz
ovirt.engine.extension.bindings.method =3D jbossmodule
ovirt.engine.extension.binding.jbossmodule.module =3D org.ovirt.engine-exte=
nsions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class =3D org.ovirt.engineextens=
ions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides =3D org.ovirt.engine.api.extensions.aaa.Aut=
hz
config.profile.file.1 =3D /etc/ovirt-engine/aaa/sqex.properties
The error in the engine log is as follows:
2014-12-15 13:39:12,828 INFO [org.ovirt.engine.core.uutils.config.ShellLik=
eConfd] (MSC service thread 1-4) Loaded file "/etc/ovirt-engine/engine.conf=
.d/50-ovirt-engine-extension-aaa-ldap.conf".
2014-12-15 13:39:12,855 INFO [org.ovirt.engine.core.uutils.config.ShellLik=
eConfd] (MSC service thread 1-4) Value of property "ENGINE_JAVA_MODULEPATH"=
is "/usr/share/ovirt-engine/modules:/usr/share/ovirt-engine-extension-aaa-=
ldap/modules".
2014-12-15 13:39:14,053 INFO [org.ovirt.engineextensions.aaa.ldap.Framewor=
k] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-au=
thz] Creating LDAP pool 'authz'
2014-12-15 13:39:27,259 INFO [org.ovirt.engineextensions.aaa.ldap.Framewor=
k] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-au=
thz] Creating LDAP pool 'gc'
2014-12-15 13:39:28,265 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthzExt=
ension] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sq=
ex-authz] Cannot initialize LDAP framework, deferring initialization. Error=
: An error occurred while attempting to query DNS in order to retrieve SRV =
records with name '_gc._tcp.jp.co.square-enix.com': javax.naming.NameNotFo=
undException: DNS name not found [response code 3]; remaining name '_gc._tc=
p.jp.co.square-enix.com'
2014-12-15 13:39:28,271 INFO [org.ovirt.engineextensions.aaa.ldap.Framewor=
k] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authn::sqex-au=
thn] Creating LDAP pool 'authz'
2014-12-15 13:39:36,316 INFO [org.ovirt.engineextensions.aaa.ldap.Framewor=
k] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authn::sqex-au=
thn] Creating LDAP pool 'authn'
2014-12-15 13:39:39,384 INFO [org.ovirt.engine.core.extensions.mgr.Extensi=
onsManager] (MSC service thread 1-6) Instance name: 'sqex-authz', Extension=
name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.0.0', Notes:
'D=
isplay name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6', License: 'ASL 2.=
0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interfa=
ce Version: '0', File: '/etc/ovirt-engine/extensions.d/sqex-authz.properti=
es', Initialized: 'true'
2014-12-15 13:39:39,388 INFO [org.ovirt.engine.core.extensions.mgr.Extensi=
onsManager] (MSC service thread 1-6) Instance name: 'sqex-authn', Extension=
name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.0.0', Notes:
'D=
isplay name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6', License: 'ASL 2.=
0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build
interfa=
ce Version: '0', File: '/etc/ovirt-engine/extensions.d/sqex-authn.properti=
es', Initialized: 'true'
The ovirt server can find the dns in cli.
Regards,
J Tang
--_000_HK2PR03MB0820946F4AC0D92860236DC69C6F0HK2PR03MB0820apcp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml"
xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word"
=
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"
xmlns=3D"http:=
//www.w3.org/TR/REC-html40" <head <meta http-equiv=3D"Content-Type"
content=3D"text/html; charset=3Dus-ascii"=
<meta name=3D"Generator" content=3D"Microsoft
Word 14 (filtered medium)" <style><!--
/* Font Definitions */
@font-face
{font-family:"\FF2D\FF33 \30B4\30B7\30C3\30AF";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"\FF2D\FF33 \30B4\30B7\30C3\30AF";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"\@\FF2D\FF33 \30B4\30B7\30C3\30AF";
panose-1:2 11 6 9 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0mm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Arial","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Arial","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Arial","sans-serif";}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:99.25pt 30.0mm 30.0mm 30.0mm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" <v:textbox inset=3D"5.85pt,.7pt,5.85pt,.7pt" /
</o:shapedefaults></xml><![endif]--><!--[if gte mso
9]><xml <o:shapelayout
v:ext=3D"edit" <o:idmap v:ext=3D"edit"
data=3D"1" /
</o:shapelayout></xml><![endif]--
</head <body lang=3D"JA"
link=3D"blue" vlink=3D"purple" style=3D"text-justify-trim=
:punctuation" <div
class=3D"WordSection1" <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">Hell=
o Alon,<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">I am=
having some trouble using the new aaa released in version 3.5 of oVirt.<o:=
p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">incl=
ude =3D <ad.properties><o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">#<o:=
p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"># Ac=
tive directory domain name.<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">#<o:=
p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">vars=
.domain =3D jp.co.xxxxx.com<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">#<o:=
p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"># Se=
arch user and its password.<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">#<o:=
p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">#var=
s.user =3D CN=3Dusername,OU=3DUserAccounts,DC=3Djp,DC=3Dco,DC=3Dxxx,DC=3Dco=
m<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">vars=
.user =3D xxx<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">vars=
.password =3D xxxxxx<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">#<o:=
p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"># Op=
tional DNS servers, if enterprise<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt"># DN=
S server cannot resolve the domain
srvrecord.<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">#<o:=
p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">vars=
.dns =3D dns://xxx.jp.co.xxxx.com<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">pool=
.default.serverset.type =3D srvrecord<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">pool=
.default.serverset.srvrecord.domain =3D
${global:vars.domain}<o:p></o:p></s=
pan></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">pool=
.default.auth.simple.bindDN =3D
${global:vars.user}<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">pool=
.default.auth.simple.password =3D
${global:vars.password}<o:p></o:p></span>=
</p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"># Un=
comment if using custom DNS<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">#poo=
l.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =3D =
${global:vars.dns}<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">#poo=
l.default.socketfactory.resolver.uRL =3D
${global:vars.dns}<o:p></o:p></spa=
n></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"># Cr=
eate keystore, import certificate chain and
uncomment<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"># if=
using ssl/tls.<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">#poo=
l.default.ssl.startTLS =3D true<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">#poo=
l.default.ssl.truststore.file =3D ${local:_basedir}/${global:vars.domain}.j=
ks<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">#poo=
l.default.ssl.truststore.password =3D
changeit<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">ovir=
t.engine.extension.name =3D sqex-authn<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">ovir=
t.engine.extension.bindings.method =3D
jbossmodule<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">ovir=
t.engine.extension.binding.jbossmodule.module =3D org.ovirt.engine-extensio=
ns.aaa.ldap<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">ovir=
t.engine.extension.binding.jbossmodule.class =3D org.ovirt.engineextensions=
.aaa.ldap.AuthnExtension<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">ovir=
t.engine.extension.provides =3D org.ovirt.engine.api.extensions.aaa.Authn<o=
:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">ovir=
t.engine.aaa.authn.profile.name =3D sqex<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">ovir=
t.engine.aaa.authn.authz.plugin =3D
sqex-authz<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">conf=
ig.profile.file.1 =3D
/etc/ovirt-engine/aaa/sqex.properties<o:p></o:p></spa=
n></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">ovir=
t.engine.extension.name =3D sqex-authz<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">ovir=
t.engine.extension.bindings.method =3D
jbossmodule<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">ovir=
t.engine.extension.binding.jbossmodule.module =3D org.ovirt.engine-extensio=
ns.aaa.ldap<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">ovir=
t.engine.extension.binding.jbossmodule.class =3D org.ovirt.engineextensions=
.aaa.ldap.AuthzExtension<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">ovir=
t.engine.extension.provides =3D org.ovirt.engine.api.extensions.aaa.Authz<o=
:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">conf=
ig.profile.file.1 =3D
/etc/ovirt-engine/aaa/sqex.properties<o:p></o:p></spa=
n></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">The =
error in the engine log is as follows:<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">2014=
-12-15 13:39:12,828 INFO [org.ovirt.engine.core.uutils.config.ShellLi=
keConfd] (MSC service thread 1-4) Loaded file "/etc/ovirt-engine/engin=
e.conf.d/50-ovirt-engine-extension-aaa-ldap.conf".<o:p></o:p></span></=
p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">2014=
-12-15 13:39:12,855 INFO [org.ovirt.engine.core.uutils.config.ShellLi=
keConfd] (MSC service thread 1-4) Value of property "ENGINE_JAVA_MODUL=
EPATH" is "/usr/share/ovirt-engine/modules:/usr/share/ovirt-engin=
e-extension-aaa-ldap/modules".<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">2014=
-12-15 13:39:14,053 INFO [org.ovirt.engineextensions.aaa.ldap.Framewo=
rk] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-a=
uthz] Creating LDAP pool 'authz'<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">2014=
-12-15 13:39:27,259 INFO [org.ovirt.engineextensions.aaa.ldap.Framewo=
rk] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-a=
uthz] Creating LDAP pool 'gc'<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">2014=
-12-15 13:39:28,265 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthzExtensi=
on] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-a=
uthz] Cannot initialize LDAP framework,
deferring initialization. Error: An error occurred while attempting to que=
ry DNS in order to retrieve SRV records with name '_gc._tcp.jp.co.square-en=
ix.com': javax.naming.NameNotFoundException: DNS name not found [resp=
onse code 3]; remaining name
'_gc._tcp.jp.co.square-enix.com'<o:p></o:p></s=
pan></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">2014=
-12-15 13:39:28,271 INFO [org.ovirt.engineextensions.aaa.ldap.Framewo=
rk] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authn::sqex-a=
uthn] Creating LDAP pool 'authz'<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">2014=
-12-15 13:39:36,316 INFO [org.ovirt.engineextensions.aaa.ldap.Framewo=
rk] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authn::sqex-a=
uthn] Creating LDAP pool 'authn'<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">2014=
-12-15 13:39:39,384 INFO [org.ovirt.engine.core.extensions.mgr.Extens=
ionsManager] (MSC service thread 1-6) Instance name: 'sqex-authz', Extensio=
n name: 'ovirt-engine-extension-aaa-ldap.authz',
Version: '1.0.0', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.=
0.0-1.el6', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author
'The o=
Virt Project', Build interface Version: '0', File:
'/etc/ovirt-engine=
/extensions.d/sqex-authz.properties',
Initialized: 'true'<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt">2014=
-12-15 13:39:39,388 INFO [org.ovirt.engine.core.extensions.mgr.Extens=
ionsManager] (MSC service thread 1-6) Instance name: 'sqex-authn', Extensio=
n name: 'ovirt-engine-extension-aaa-ldap.authn',
Version: '1.0.0', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.=
0.0-1.el6', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author
'The o=
Virt Project', Build interface Version: '0', File:
'/etc/ovirt-engine=
/extensions.d/sqex-authn.properties',
Initialized: 'true'<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">The =
ovirt server can find the dns in cli.<o:p></o:p></span></p <p class=3D"MsoNormal"><span
lang=3D"EN-US" style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">Rega=
rds,<o:p></o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt"><o:p=
> </o:p></span></p <p
class=3D"MsoNormal"><span lang=3D"EN-US"
style=3D"font-size:10.0pt">J Ta=
ng<o:p></o:p></span></p
</div </body </html
--_000_HK2PR03MB0820946F4AC0D92860236DC69C6F0HK2PR03MB0820apcp_--
1:23 a.m.
----- Original Message -----
From: "Tang Jackson" <tangjack(a)square-enix.com>
To: devel(a)ovirt.org
Sent: Monday, December 15, 2014 11:55:22 AM
Subject: [ovirt-devel] oVirt AAA LDAP
Hello Alon,
I am having some trouble using the new aaa released in version 3.5 of oVirt.
include = <ad.properties>
#
# Active directory domain name.
#
vars.domain = jp.co.xxxxx.com
#
# Search user and its password.
#
#vars.user = CN=username,OU=UserAccounts,DC=jp,DC=co,DC=xxx,DC=com
vars.user = xxx
user should be username@${global:vars.domain}
vars.password = xxxxxx
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://xxx.jp.co.xxxx.com
this must point to active directory dns implementation, all srv records should be
available, you can choose one or more domain controllers or remove this if your default
dns is referring the microsoft dns.
<snip>
2014-12-15 13:39:28,265 ERROR
[org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Cannot initialize
LDAP framework, deferring initialization. Error: An error occurred while
attempting to query DNS in order to retrieve SRV records with name
'_gc._tcp.jp.co.square-enix.com': javax.naming.NameNotFoundException: DNS
name not found [response code 3]; remaining name
'_gc._tcp.jp.co.square-enix.com'
this states that the jp.co.square-enix.com is either:
1. not active directory domain name, missing component or similar, or spelled
incorrectly.
2. the ldap you refer to is missing active directory srv records.
Alon
4:37 a.m.
Hello Alon,
Thanks I've figured it out yesterday, it was due to the global catalog pointer being
wrong as you said.
-----Original Message-----
From: Alon Bar-Lev [mailto:alonbl@redhat.com]
Sent: Wednesday, December 17, 2014 8:23 AM
To: Tang Jackson
Cc: devel(a)ovirt.org
Subject: Re: [ovirt-devel] oVirt AAA LDAP
----- Original Message -----
From: "Tang Jackson" <tangjack(a)square-enix.com>
To: devel(a)ovirt.org
Sent: Monday, December 15, 2014 11:55:22 AM
Subject: [ovirt-devel] oVirt AAA LDAP
Hello Alon,
I am having some trouble using the new aaa released in version 3.5 of oVirt.
include = <ad.properties>
#
# Active directory domain name.
#
vars.domain = jp.co.xxxxx.com
#
# Search user and its password.
#
#vars.user = CN=username,OU=UserAccounts,DC=jp,DC=co,DC=xxx,DC=com
vars.user = xxx
user should be username@${global:vars.domain}
vars.password = xxxxxx
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://xxx.jp.co.xxxx.com
this must point to active directory dns implementation, all srv records should be
available, you can choose one or more domain controllers or remove this if your default
dns is referring the microsoft dns.
<snip>
2014-12-15 13:39:28,265 ERROR
[org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service
thread
1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV
records with name
'_gc._tcp.jp.co.square-enix.com': javax.naming.NameNotFoundException:
DNS name not found [response code 3]; remaining name
'_gc._tcp.jp.co.square-enix.com'
this states that the jp.co.square-enix.com is either:
1. not active directory domain name, missing component or similar, or spelled
incorrectly.
2. the ldap you refer to is missing active directory srv records.
Alon
3624
days inactive
3626
days old
2 comments
2 participants
participants (2)
-
Alon Bar-Lev -
Tang Jackson