Re: [Users] ldap
----- Original Message -----
From: "Ryan Wilkinson" <ryanwilk(a)gmail.com>
To: users(a)ovirt.org
Sent: Thursday, March 28, 2013 2:42:56 PM
Subject: [Users] ldap
I'm able to set up Active Directory authentication if my ovirt engine
is set to use dns that is hosted on the same system as Active
Directory. However, if I use static host entries in my engine
"hosts" file instead of using dns I'm getting the error "ldap server
for domain not found" when I issue the command:
"engine-manage-domains -action=add -domain=’ovirt.local'
-user='admin' -provider=ActiveDirectory -interactive" from the
engine. I've googled to death how to configure static entries on my
engine system for the ldap server and it seems that I need to
configure my nsswitch and ldap.conf files but still no luck... Any
ideas??
Hi Ryan,
To work with LDAP you currently need to have both LDAP and Kerberos SRV records in the
DNS, as well as PTR record.
If you would like to work locally I can suggest working with dnsmasq (lightweight DHCP and
caching DNS server) locally, defining these entries there, and setting /etc/resolv.conf
properly, so that it would access it.
The configuration is in /etc/dnsmasq.conf (or in /etc/dnsmasq.d/...).
Example for LDAP and Kerberos records:
srv-host=_ldap._tcp.my_domain.com,ad.my_domain.com,389
srv-host=_kerberos._tcp.my_domain.com,ad.my_domain.com,88
and, afaik it also takes /etc/hosts and creates PTR records for the entries there, so that
should be enough, if you add your AD host in /etc/hosts (I guess you can also add those
manually in dnsmasq).
Let me know if you need further assistance.
Oved
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users