Re: [ovirt-users] ldap servers configuration can be misleading with AD
Le 20 avr. 2016 à 10:16, Ondra Machacek <omachace(a)redhat.com> a
écrit :
On 04/19/2016 07:46 PM, Fabrice Bacchella wrote:
>
>> Le 19 avr. 2016 à 17:35, Ondra Machacek <omachace(a)redhat.com> a écrit :
>>
>> On 04/19/2016 04:37 PM, Fabrice Bacchella wrote:
>>> I tried to plug ovirt using my company AD.
>>>
>>> But I have a problem, the DNS srv records are not well managed and I
can't use them so I changed pool.default.serverset.type from srvrecord to failover.
>>
>> With AD you should use srvrecord, unless you have somehow miscofigured AD.
>> Can you please elaborate more what does it mean 'DNS srv records are not well
managed'?
>
> The command
> dig +short _ldap._tcp.dsone.3ds.com any | wc -l
> return 122 lines. Out of that, I can only use less than 10, all other generates
timeout. I don't know if it's firewall or forgotten DC that generate that. There
is no way I can use srvrecord.
> This domain is totally out of my reach, I have to take it as is.
ok, that's not good, but if some of the domains which are working are in same site,
you can use 'domain-conversion'(works only with srvrecord):
pool.default.serverset.srvrecord.domain-conversion.type = regex
pool.default.serverset.srvrecord.domain-conversion.regex.pattern = ^(?<domain>.*)$
pool.default.serverset.srvrecord.domain-conversion.regex.replacement =
WORKING-SITE._sites.${domain}
What is that supposed to do ? All my DC are in the form xx-xxx-dcs99.${domain} and I have
to pick a in this list. dig _sites.${domain} return nothing for me
what a regex will do ?
Is that your case? Can you please share log of extensions-tool, so we
can better understand
your problem and provide better help.
I have no knowledge about AD, I'm a 100% linux sysadmin and just use AD as an LDAP
server, so all those forest/GC are unknown things for me.
I will send that in a private mail.