Re: [ovirt-users] Can't perform search after setting up an Active Directory

>You use 389 with SSL? I guess you wrongly specified it. >But, if you want to use SSL and you have it on 636, then you should >create new SRV dns >records for example: _ldaps._tcp.university.mydomain.com ... 636 Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On the DNS server I'm using ? >and then change: > pool.default.serverset.srvrecord.service=ldaps >But I guess you wanted to use startTLS with 389, which you can enable by >adding: > pool.default.ssl.startTLS=true >and remove line: > pool.default.ssl.enable=true >Does it solve your issue? Actually, it's using ldaps yes. It doesnt solve my issue but I don't know where this DNS server comes from, I think it doesn't exist... I tried to configure it by adding vars.dns = dns:// one_of_the_adservers.com and the same with ":636" at the end, but none of them works, it's still trying to reach this weird address with underlines : _ldaps._tcp.university.mydomain.com

"2016-05-26 09:54:52,872 WARN [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (ajp-/127.0.0.1:8702-7) [] [ovirt-engine-extension-aaa-ldap.authn::AD-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldaps._ tcp.university.mydomain.com': javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_ldaps._ tcp.campus.enst-bretagne.fr'" >> I meant I had to disable the LDAP (openLDAP) profile, renaming the file with .save so ovirt doesn't detect them. If both profiles are activated, ovirt-web interface propose >>me the DN of the LDAP into AD (in namespace field)... Is that a bug or normal behavior ? >> >Hmm, that's strange, because only files with *.properties suffix should >be detected and used. So yes please open bz that also other suffixes are >loaded. Actually that's what I said : only .properties file are detected. The problem is about the namespaces : when LDAP.properties file and AD.properties file are activated, the namespace suggested in the web interface in the user tab, when choosing AD, is the DN of the LDAP...Which seems to be a bug....Namespaces of everything are mixed...And if I select internal and then select again AD, a new namespace appears : * (from internal). This a weird behavior, right ? _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users