Caution External Mail: Do not click any links or open any attachments unless you trust the sender and know that the content is safe.

Hi all,

We have had our ovirt instance connected to our internal AD for users to log into the VM portal for the last year, linked to studentdomene.noroff.no. This has been working without any problems. We had it set up and the DNS server had a forward record to the DC's. All good.

Then, of course, the institution decided to introduce student emails and they decided to add the domain stud.noroff.no for student emails and made this the primary domain in the AD. The problem is that when this is changed, students can no longer log into the engine. I have of course changed the ldap settings and added a forward record on the DNS to the new domain. However, it seems that the domain is studentdomene.noroff.no, but with an added UPN suffix with stud.noroff.no

When students try to log in, with the config changes, they get this error in the browser:

server_error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldap._tcp.stud.noroff.no': NameNotFoundException(DNS name not found [response code 3]), ldapSDKVersion=4.0.7, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58

Any ideas on how to solve this issue?

My config looks like this:

sudo cat /etc/ovirt-engine/aaa/Students.properties
[sudo] password for noroffadmin:
include = <ad.properties>

vars.domain = studentdomene.noroff.no
vars.user = CN=ovirt auth,CN=Users,DC=stud,DC=noroff,DC=no
vars.password = PASSWORD

pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}

my forward on the DNS server looks like this:
sudo cat /etc/named/named.conf.local
[sudo] password for noroffadmin:
zone "platform.noroff.no"{
        type master;
        file "/etc/named/zones/db.platform.noroff.no";  # zone file path
};
zone "stud.noroff.no" {
        type forward;
        forward only;
        forwarders { 172.24.111.20; 172.27.111.20; 172.21.111.20; 172.16.111.20; };
};
zone "studentdomene.noroff.no" {
        type forward;
        forward only;
        forwarders { 172.24.111.20; 172.27.111.20; 172.21.111.20; 172.16.111.20; };
};
zone "122.16.172.in-addr.arpa" {
        type master;
        file "/etc/named/zones/db.122.16.172";  # 172.16.122.0/24 subnet
};

Any pointers would be greatly appreciated :)

Kim
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fprivacy-policy.html&amp;data=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C3c76fd23065347b640d608d849b87173%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637340403828422768&amp;sdata=ROiY8odta%2FjSgFd6zQSSoCPXuo5JSYTSnGXAfiAOBs8%3D&amp;reserved=0
oVirt Code of Conduct: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovirt.org%2Fcommunity%2Fabout%2Fcommunity-guidelines%2F&amp;data=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C3c76fd23065347b640d608d849b87173%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637340403828422768&amp;sdata=EyzNyb%2FruzMS0SFfvDqWmXwLYuYknVcN%2FnMbbgwPD9c%3D&amp;reserved=0
List Archives: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ovirt.org%2Farchives%2Flist%2Fusers%40ovirt.org%2Fmessage%2F4NUUMBLEUD2MYZVAMGY2AJVBS235CEQK%2F&amp;data=02%7C01%7Cp.staniforth%40leedsbeckett.ac.uk%7C3c76fd23065347b640d608d849b87173%7Cd79a81124fbe417aa112cd0fb490d85c%7C0%7C0%7C637340403828422768&amp;sdata=%2FUeHhCgeQro6Ec%2FiPNWNhkDGubYGkqgWXUQpow2UnkI%3D&amp;reserved=0