I saw that when I pressed the send button. If I do that i again get the following:

2015-01-29 14:28:35,891 WARN  [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldap._tcp.ldap.mydomain.com':  javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_ldap._tcp.ldap.mydomain.com'
2015-01-29 14:28:35,924 WARN  [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread 1-1) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldap._tcp.ldap.mydomain.com':  javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_ldap._tcp.ldap.mydomain.com'

And yes I replayed mydomain with the correct one... :-)

2015-01-29 14:40 GMT+01:00 Ondra Machacek <omachace@redhat.com>:


On 01/29/2015 02:18 PM, Koen Vanoppen wrote:
OK... Now I have this one :-)
WARN  [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service
thread 1-2) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn]
Cannot initialize LDAP framework, deferring initialization. Error:
Invalid DNS pseudo-URL(s):

uncomment vars.dns


Changed the properties file to this:

include = <ad.properties>

#
# Active directory domain name.
#
vars.domain = ldap.mydomain.com <http://ldap.mydomain.com> (this one
resolves to and gives ping back, front end of the pool)

#
# Search user and its password.
#
vars.user = juniper-admin@mydomain.com <mailto:juniper-admin@mydomain.com>
vars.password = *****

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
#vars.dns = dns://srvdc03.my.domain dns://srvdc04.my.domain (these
resolve and give a ping back)

pool.default.serverset.type = srvrecord
#pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

# Uncomment if using custom DNS
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}


Thanks for your effort!


2015-01-29 13:50 GMT+01:00 Alon Bar-Lev <alonbl@redhat.com
<mailto:alonbl@redhat.com>>:



    ----- Original Message -----
    > From: "Koen Vanoppen" <vanoppen.koen@gmail.com <mailto:vanoppen.koen@gmail.com>>
    > To: "Alon Bar-Lev" <alonbl@redhat.com <mailto:alonbl@redhat.com>>
    > Cc:users@ovirt.org <mailto:users@ovirt.org>
    > Sent: Thursday, January 29, 2015 2:41:52 PM
    > Subject: Re: [ovirt-users] AAA
    >
    > Yes We have:
    >
    > [root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com <http://srvdc03.mydomain.com> SRV  _gc._
    >tcp.mydomain.com <http://tcp.mydomain.com>
    >
    > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @srvdc03.mydomain.com <http://srvdc03.mydomain.com>
    > SRV _gc._tcp.mydomain.com <http://tcp.mydomain.com>
    > ; (1 server found)
    > ;; global options: +cmd
    > ;; Got answer:
    > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33340
    > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    >
    > ;; QUESTION SECTION:
    > ;_gc._tcp.mydomain.com <http://tcp.mydomain.com>. IN      SRV

    this ^^^^^^^ means that you do not have srv record. are you sure you
    replace mydomain.com <http://mydomain.com> with your actual active
    directory domain name?
    have you tried to look into your dns manager for this information as
    well?

     >
     > ;; AUTHORITY SECTION:
     > mydomain.com <http://mydomain.com>.   3600    IN      SOA
    srvdc03.mydomain.com <http://srvdc03.mydomain.com>.
     > hostmaster.airport. 1398582 900 600 86400 3600
     >
     > ;; Query time: 12 msec
     > ;; SERVER: 10.110.3.123#53(10.110.3.123)
     > ;; WHEN: Thu Jan 29 13:40:41 2015
     > ;; MSG SIZE  rcvd: 98
     >
     >
     >
     > 2015-01-29 13:33 GMT+01:00 Alon Bar-Lev <alonbl@redhat.com
    <mailto:alonbl@redhat.com>>:
     >
     > >
     > >
     > > ----- Original Message -----
     > > > From: "Koen Vanoppen" <vanoppen.koen@gmail.com
    <mailto:vanoppen.koen@gmail.com>>
     > > > To: "Alon Bar-Lev" <alonbl@redhat.com
    <mailto:alonbl@redhat.com>>, users@ovirt.org <mailto:users@ovirt.org>
     > > > Sent: Thursday, January 29, 2015 2:19:32 PM
     > > > Subject: Re: [ovirt-users] AAA
     > > >
     > > > Big thanks for your help, but still the same:
     > > >
     > > > #
     > > > # Active directory domain name.
     > > > #
     > > > vars.domain = mydomain.com <http://mydomain.com>
     > > >
     > > > #
     > > > # Search user and its password.
     > > > #
     > > > vars.user = admin@${global:vars.domain}
     > > > vars.password = *****
     > > >
     > > > #
     > > > # Optional DNS servers, if enterprise
     > > > # DNS server cannot resolve the domain srvrecord.
     > > > #
     > > > vars.dns = dns://srvdc03.${global:vars.domain}
     > > > dns://srvdc04.${global:vars.domain}
     > > >
     > > > pool.default.serverset.type = srvrecord
     > > > pool.default.serverset.srvrecord.domain = ${global:vars.domain}
     > > > pool.default.auth.simple.bindDN = ${global:vars.user}
     > > > pool.default.auth.simple.password = ${global:vars.password}
     > > >
     > > > # Uncomment if using custom DNS
     > > >
     > >
    pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
    =
     > > > ${global:vars.dns}
     > > > pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
     > > >
     > > >
     > > >
     > > >  [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz]
    Cannot initialize
     > > > LDAP framework, deferring initialization. Error: No DNS SRV
    records were
     > > > found with record name '_gc._tcp.brussels.airport'.
     > > >
     > > > And I can't put '_gc._tcp.mydomain.com
    <http://tcp.mydomain.com> in the dns... Isn't there another
     > > > way it just resolves the dns servers I gave him?
     > > >
     > >
     > > Microsoft Domain controller must have gc service entry within
    DNS to work
     > > properly.
     > > 1. Are you sure you have Microsoft DNS installed on
    srvdc03.mydomain.com <http://srvdc03.mydomain.com> ?
     > > 2. Can you please execute:
     > > $ dig @srvdc03.mydomain.com <http://srvdc03.mydomain.com> SRV
    _gc._tcp.mydomain.com <http://tcp.mydomain.com>
     > > 3. Can you please open the DNS manager within your domain and
    search for
     > > srv records? Maybe you have DNS installed only on few servers,
    using the
     > > DNS manager you can also see which.
     > >
     > > >
     > > > 2015-01-29 13:02 GMT+01:00 Alon Bar-Lev <alonbl@redhat.com
    <mailto:alonbl@redhat.com>>:
     > > >
     > > > >
     > > > >
     > > > > ----- Original Message -----
     > > > > > From: "Ondra Machacek" <omachace@redhat.com
    <mailto:omachace@redhat.com>>
     > > > > > To: "Koen Vanoppen" <vanoppen.koen@gmail.com
    <mailto:vanoppen.koen@gmail.com>>, users@ovirt.org
    <mailto:users@ovirt.org>
     > > > > > Sent: Thursday, January 29, 2015 1:49:00 PM
     > > > > > Subject: Re: [ovirt-users] AAA
     > > > > >
     > > > > >
     > > > > > On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
     > > > > > > No, I don't. and I wouldn't know how he got to this name...
     > > > > >
     > > > > > Well, then you have to, if you want to use
     > > 'pool.default.serverset.type
     > > > > > = srvrecord'.
     > > > > >
     > > > > > It just need to know where your global catalog is
    running, since it's
     > > > > > needed for new provider.
     > > > > >
     > > > > > It searches for global catalog like this:
     > > > > > dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}
     > > > > >
     > > > > > So you need to have this SRV record in DNS, if you want
    to use
     > > srvrecord
     > > > > > serverset type. Or you don't have to if you use single
    server type.
     > > > >
     > > > > active directory will not work without access to global
    catalog.
     > > > > please set one or more of the domain controllers as dns
    server, for
     > > > > example:
     > > > >
     > > > > vars.dns = dns://dc1.${global:vars.domain}
     > > dns://dc2.${global:vars.domain}
     > > > >
     > > > > please also uncomment/add these lines to make vars.dns
    effective.
     > > > >
     > > > >
     > >
    pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
     > > > > = ${global:vars.dns}
     > > > > pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
     > > > >
     > > > > Thanks!
     > > > >
     > > > > >
     > > > > > >
     > > > > > > Thanks for the reply!
     > > > > > >
     > > > > > > 2015-01-29 11:53 GMT+01:00 Ondra Machacek
    <omachace@redhat.com <mailto:omachace@redhat.com>
     > > > > > > <mailto:omachace@redhat.com <mailto:omachace@redhat.com>>>:

     > > > > > >
     > > > > > >     On 01/29/2015 11:41 AM, Koen Vanoppen wrote:
     > > > > > >
     > > > > > >         Can somebody help me setting up AAA for ovirt
    3.5.1?
     > > > > > >
     > > > > > >         I'm getting this now:
     > > > > > >
     > > > > > >         2015-01-29 11:35:36,889 WARN
     > > > > > >
      [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
     > > > > > >         service thread
     > > > > > >         1-1)
     > > [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
     > > > > > >         Cannot
     > > > > > >         initialize LDAP framework, deferring
    initialization.
     > > Error: An
     > > > > > >         error
     > > > > > >         occurred while attempting to query DNS in order to
     > > retrieve SRV
     > > > > > >         records
     > > > > > >         with name '_gc._tcp.brussels.airport':
     > > > > > >         javax.naming.__NameNotFoundException: DNS name
    not found
     > > > > > >         [response code
     > > > > > >         3]; remaining name '_gc._tcp.brussels.airport'
     > > > > > >
     > > > > > >
     > > > > > >     Do you have this '_gc._tcp.brussels.airport' SRV
    record in DNS
     > > ?
     > > > > > >
     > > > > > >
     > > > > > >         my 3 configs:
     > > > > > >         _*BRU_AIR-authn.properties*_
     > > > > > > ovirt.engine.extension.name
    <http://ovirt.engine.extension.name> <
     > > > > http://ovirt.engine.extension.name>
     > > > > > >         <http://ovirt.engine.__extension.name
    <http://extension.name>
     > > > > > >         <http://ovirt.engine.extension.name>> =
     > > > > > >         BRU_AIR-authn
     > > > > > >         ovirt.engine.extension.__bindings.method =
    jbossmodule
     > > > > > >
      ovirt.engine.extension.__binding.jbossmodule.module =
     > > > > > >         org.ovirt.engine-extensions.__aaa.ldap
     > > > > > >
      ovirt.engine.extension.__binding.jbossmodule.class =
     > > > > > >
      org.ovirt.engineextensions.__aaa.ldap.AuthnExtension
     > > > > > >         ovirt.engine.extension.__provides =
     > > > > > >         org.ovirt.engine.api.__extensions.aaa.Authn
     > > > > > >         ovirt.engine.aaa.authn.__profile.name
    <http://profile.name>
     > > > > > >         <http://ovirt.engine.aaa.authn.profile.name>
     > > > > > >         <http://ovirt.engine.aaa.__authn.profile.name
    <http://authn.profile.name>
     > > > > > >         <http://ovirt.engine.aaa.authn.profile.name>> =
    BRU-AIR
     > > > > > >         ovirt.engine.aaa.authn.authz.__plugin =
    BRU_AIR-authz
     > > > > > >         config.profile.file.1 =
     > > > > /etc/ovirt-engine/aaa/BRU_AIR.__properties
     > > > > > >
     > > > > > >         _*BRU_AIR-authz.properties*_
     > > > > > > ovirt.engine.extension.name
    <http://ovirt.engine.extension.name> <
     > > > > http://ovirt.engine.extension.name>
     > > > > > >         <http://ovirt.engine.__extension.name
    <http://extension.name>

     > > > > > >         <http://ovirt.engine.extension.name>> =
     > > > > > >         BRU_AIR-authz
     > > > > > >         ovirt.engine.extension.__bindings.method =
    jbossmodule
     > > > > > >
      ovirt.engine.extension.__binding.jbossmodule.module =
     > > > > > >         org.ovirt.engine-extensions.__aaa.ldap
     > > > > > >
      ovirt.engine.extension.__binding.jbossmodule.class =
     > > > > > >
      org.ovirt.engineextensions.__aaa.ldap.AuthzExtension
     > > > > > >         ovirt.engine.extension.__provides =
     > > > > > >         org.ovirt.engine.api.__extensions.aaa.Authz
     > > > > > >         config.profile.file.1 =
     > > > > /etc/ovirt-engine/aaa/BRU_AIR.__properties
     > > > > > >
     > > > > > >         _*BRU_AIR.properties*_
     > > > > > >         include = <ad.properties>
     > > > > > >
     > > > > > >         #
     > > > > > >         # Active directory domain name.
     > > > > > >         #
     > > > > > >         vars.domain = mydomain.com
    <http://mydomain.com> <http://mydomain.com>
     > > > > > >         <http://mydomain.com>
     > > > > > >
     > > > > > >         #
     > > > > > >         # Search user and its password.
     > > > > > >         #
     > > > > > >         vars.user = admin@${global:vars.domain}
     > > > > > >         vars.password = ***********
     > > > > > >
     > > > > > >         #
     > > > > > >         # Optional DNS servers, if enterprise
     > > > > > >         # DNS server cannot resolve the domain srvrecord.
     > > > > > >         #
     > > > > > >         vars.dns = dns://dc01.mydomain.com
    <http://dc01.mydomain.com> <
     > > http://dc01.mydomain.com>
     > > > > > >         <http://dc01.mydomain.com>
     > > > > > >
     > > > > > >         pool.default.serverset.type = srvrecord
     > > > > > >         pool.default.serverset.__srvrecord.domain =
     > > > > ${global:vars.domain}
     > > > > > >         pool.default.auth.simple.__bindDN =
    ${global:vars.user}
     > > > > > >         pool.default.auth.simple.__password =
     > > ${global:vars.password
     > > > > > >
     > > > > > >         In the GUI for adding user I get this:
     > > > > > >
     > > > > > >         An error occurred while attempting to query DNS
    in order to
     > > > > > >         retrieve SRV
     > > > > > >         records with name '_gc__tcp_brussels_airport':
     > > > > > >         javax_naming___NameNotFoundException: DNS name
    not found
     > > > > > >         [response code
     > > > > > >         3]; remaining name '_gc__tcp_brussels_airport'
     > > > > > >
     > > > > > >         Any ideas? I ran out...
     > > > > > >
     > > > > > >         Kind regards,
     > > > > > >
     > > > > > >         Koen
     > > > > > >
     > > > > > >
     > > > > > >         _________________________________________________
     > > > > > >         Users mailing list
     > > > > > > Users@ovirt.org <mailto:Users@ovirt.org>
    <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>
     > > > > > > http://lists.ovirt.org/__mailman/listinfo/users
     > > > > > >         <http://lists.ovirt.org/mailman/listinfo/users>
     > > > > > >
     > > > > > >
     > > > > > _______________________________________________
     > > > > > Users mailing list
     > > > > > Users@ovirt.org <mailto:Users@ovirt.org>
     > > > > > http://lists.ovirt.org/mailman/listinfo/users
     > > > > >
     > > > >
     > > >
     > >
     >




_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users