I just don't understand. Why did engine-manage-domains previously DID work, no problems what so ever and now I have this...

2015-01-29 14:48 GMT+01:00 Ondra Machacek <omachace@redhat.com>:
It's same situation as before, but now you are missing ldap SRV record.

With same steps you used to add _gc SRV record add also _ldap SRV record. But it's strange that you don't already have them.

On 01/29/2015 02:46 PM, Koen Vanoppen wrote:
I saw that when I pressed the send button. If I do that i again get the
following:

2015-01-29 14:28:35,891 WARN
[org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
1-1) [ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV records
with name '_ldap._tcp.ldap.mydomain.com
<http://tcp.ldap.mydomain.com>':  javax.naming.NameNotFoundException:
DNS name not found [response code 3]; remaining name
'_ldap._tcp.ldap.mydomain.com <http://tcp.ldap.mydomain.com>'
2015-01-29 14:28:35,924 WARN
[org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread
1-1) [ovirt-engine-extension-aaa-ldap.authn::BRU_AIR-authn] Cannot
initialize LDAP framework, deferring initialization. Error: An error
occurred while attempting to query DNS in order to retrieve SRV records
with name '_ldap._tcp.ldap.mydomain.com
<http://tcp.ldap.mydomain.com>':  javax.naming.NameNotFoundException:
DNS name not found [response code 3]; remaining name
'_ldap._tcp.ldap.mydomain.com <http://tcp.ldap.mydomain.com>'

And yes I replayed mydomain with the correct one... :-)

2015-01-29 14:40 GMT+01:00 Ondra Machacek <omachace@redhat.com
<mailto:omachace@redhat.com>>:



    On 01/29/2015 02:18 PM, Koen Vanoppen wrote:

        OK... Now I have this one :-)
        WARN  [org.ovirt.engineextensions.__aaa.ldap.AuthnExtension]
        (MSC service
        thread 1-2) [ovirt-engine-extension-aaa-__ldap.authn::BRU_AIR-authn]
        Cannot initialize LDAP framework, deferring initialization. Error:
        Invalid DNS pseudo-URL(s):


    uncomment vars.dns


        Changed the properties file to this:

        include = <ad.properties>

        #
        # Active directory domain name.
        #
        vars.domain = ldap.mydomain.com <http://ldap.mydomain.com>
        <http://ldap.mydomain.com> (this one
        resolves to and gives ping back, front end of the pool)

        #
        # Search user and its password.
        #
        vars.user = juniper-admin@mydomain.com
        <mailto:juniper-admin@mydomain.com>
        <mailto:juniper-admin@__mydomain.com
        <mailto:juniper-admin@mydomain.com>>
        vars.password = *****

        #
        # Optional DNS servers, if enterprise
        # DNS server cannot resolve the domain srvrecord.
        #
        #vars.dns = dns://srvdc03.my.domain dns://srvdc04.my.domain (these
        resolve and give a ping back)

        pool.default.serverset.type = srvrecord
        #pool.default.serverset.__single.server = ${global:vars.server}
        pool.default.serverset.__srvrecord.domain = ${global:vars.domain}
        pool.default.auth.simple.__bindDN = ${global:vars.user}
        pool.default.auth.simple.__password = ${global:vars.password}

        # Uncomment if using custom DNS
        pool.default.serverset.__srvrecord.jndi-properties.__java.naming.provider.url
        =
        ${global:vars.dns}
        pool.default.socketfactory.__resolver.uRL = ${global:vars.dns}


        Thanks for your effort!


        2015-01-29 13:50 GMT+01:00 Alon Bar-Lev <alonbl@redhat.com
        <mailto:alonbl@redhat.com>
        <mailto:alonbl@redhat.com <mailto:alonbl@redhat.com>>>:



             ----- Original Message -----
             > From: "Koen Vanoppen" <vanoppen.koen@gmail.com
        <mailto:vanoppen.koen@gmail.com>
        <mailto:vanoppen.koen@gmail.__com <mailto:vanoppen.koen@gmail.com>>>
             > To: "Alon Bar-Lev" <alonbl@redhat.com
        <mailto:alonbl@redhat.com> <mailto:alonbl@redhat.com
        <mailto:alonbl@redhat.com>>>
             > Cc:users@ovirt.org <mailto:Cc%3Ausers@ovirt.org>
        <mailto:users@ovirt.org <mailto:users@ovirt.org>>
             > Sent: Thursday, January 29, 2015 2:41:52 PM
             > Subject: Re: [ovirt-users] AAA
             >
             > Yes We have:
             >
             > [root@ovirtmgmt01prod ~]# dig @srvdc03.mydomain.com
        <http://srvdc03.mydomain.com> <http://srvdc03.mydomain.com> SRV
        _gc._
             >tcp.mydomain.com <http://tcp.mydomain.com>
        <http://tcp.mydomain.com>
             >
             > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.__rc1.el6_5.1 <<>>
        @srvdc03.mydomain.com <http://srvdc03.mydomain.com>

        <http://srvdc03.mydomain.com>
             > SRV _gc._tcp.mydomain.com <http://tcp.mydomain.com>
        <http://tcp.mydomain.com>
             > ; (1 server found)
             > ;; global options: +cmd
             > ;; Got answer:
             > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33340
             > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
        ADDITIONAL: 0
             >
             > ;; QUESTION SECTION:
             > ;_gc._tcp.mydomain.com <http://tcp.mydomain.com>
        <http://tcp.mydomain.com>. IN      SRV

             this ^^^^^^^ means that you do not have srv record. are you
        sure you
             replace mydomain.com <http://mydomain.com>
        <http://mydomain.com> with your actual active
             directory domain name?
             have you tried to look into your dns manager for this
        information as
             well?

              >
              > ;; AUTHORITY SECTION:
              > mydomain.com <http://mydomain.com>
        <http://mydomain.com>.   3600    IN      SOA
        srvdc03.mydomain.com <http://srvdc03.mydomain.com>
        <http://srvdc03.mydomain.com>.
              > hostmaster.airport. 1398582 900 600 86400 3600
              >
              > ;; Query time: 12 msec
              > ;; SERVER: 10.110.3.123#53(10.110.3.123)
              > ;; WHEN: Thu Jan 29 13:40:41 2015
              > ;; MSG SIZE  rcvd: 98
              >
              >
              >
              > 2015-01-29 13:33 GMT+01:00 Alon Bar-Lev
        <alonbl@redhat.com <mailto:alonbl@redhat.com>
             <mailto:alonbl@redhat.com <mailto:alonbl@redhat.com>>>:
              >
              > >
              > >
              > > ----- Original Message -----
              > > > From: "Koen Vanoppen" <vanoppen.koen@gmail.com
        <mailto:vanoppen.koen@gmail.com>
             <mailto:vanoppen.koen@gmail.__com
        <mailto:vanoppen.koen@gmail.com>>>
              > > > To: "Alon Bar-Lev" <alonbl@redhat.com
        <mailto:alonbl@redhat.com>
             <mailto:alonbl@redhat.com <mailto:alonbl@redhat.com>>>,
        users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org
        <mailto:users@ovirt.org>>
              > > > Sent: Thursday, January 29, 2015 2:19:32 PM
              > > > Subject: Re: [ovirt-users] AAA
              > > >
              > > > Big thanks for your help, but still the same:
              > > >
              > > > #
              > > > # Active directory domain name.
              > > > #
              > > > vars.domain = mydomain.com <http://mydomain.com>
        <http://mydomain.com>
              > > >
              > > > #
              > > > # Search user and its password.
              > > > #
              > > > vars.user = admin@${global:vars.domain}
              > > > vars.password = *****
              > > >
              > > > #
              > > > # Optional DNS servers, if enterprise
              > > > # DNS server cannot resolve the domain srvrecord.
              > > > #
              > > > vars.dns = dns://srvdc03.${global:vars.__domain}
              > > > dns://srvdc04.${global:vars.__domain}
              > > >
              > > > pool.default.serverset.type = srvrecord
              > > > pool.default.serverset.__srvrecord.domain =
        ${global:vars.domain}
              > > > pool.default.auth.simple.__bindDN = ${global:vars.user}
              > > > pool.default.auth.simple.__password =
        ${global:vars.password}
              > > >
              > > > # Uncomment if using custom DNS
              > > >
              > >

        pool.default.serverset.__srvrecord.jndi-properties.__java.naming.provider.url
             =
              > > > ${global:vars.dns}
              > > > pool.default.socketfactory.__resolver.uRL =
        ${global:vars.dns}
              > > >
              > > >
              > > >
              > > >
        [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
             Cannot initialize
              > > > LDAP framework, deferring initialization. Error: No
        DNS SRV
             records were
              > > > found with record name '_gc._tcp.brussels.airport'.
              > > >
              > > > And I can't put '_gc._tcp.mydomain.com
        <http://tcp.mydomain.com>
             <http://tcp.mydomain.com> in the dns... Isn't there another
              > > > way it just resolves the dns servers I gave him?
              > > >
              > >
              > > Microsoft Domain controller must have gc service entry
        within
             DNS to work
              > > properly.
              > > 1. Are you sure you have Microsoft DNS installed on
        srvdc03.mydomain.com <http://srvdc03.mydomain.com>
        <http://srvdc03.mydomain.com> ?
              > > 2. Can you please execute:
              > > $ dig @srvdc03.mydomain.com
        <http://srvdc03.mydomain.com> <http://srvdc03.mydomain.com> SRV
             _gc._tcp.mydomain.com <http://tcp.mydomain.com>
        <http://tcp.mydomain.com>
              > > 3. Can you please open the DNS manager within your
        domain and
             search for
              > > srv records? Maybe you have DNS installed only on few
        servers,
             using the
              > > DNS manager you can also see which.
              > >
              > > >
              > > > 2015-01-29 13:02 GMT+01:00 Alon Bar-Lev
        <alonbl@redhat.com <mailto:alonbl@redhat.com>
             <mailto:alonbl@redhat.com <mailto:alonbl@redhat.com>>>:
              > > >
              > > > >
              > > > >
              > > > > ----- Original Message -----
              > > > > > From: "Ondra Machacek" <omachace@redhat.com
        <mailto:omachace@redhat.com>
             <mailto:omachace@redhat.com <mailto:omachace@redhat.com>>>
              > > > > > To: "Koen Vanoppen" <vanoppen.koen@gmail.com
        <mailto:vanoppen.koen@gmail.com>
             <mailto:vanoppen.koen@gmail.__com
        <mailto:vanoppen.koen@gmail.com>>>, users@ovirt.org
        <mailto:users@ovirt.org>
             <mailto:users@ovirt.org <mailto:users@ovirt.org>>
              > > > > > Sent: Thursday, January 29, 2015 1:49:00 PM
              > > > > > Subject: Re: [ovirt-users] AAA
              > > > > >
              > > > > >
              > > > > > On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
              > > > > > > No, I don't. and I wouldn't know how he got to
        this name...
              > > > > >
              > > > > > Well, then you have to, if you want to use
              > > 'pool.default.serverset.type
              > > > > > = srvrecord'.
              > > > > >
              > > > > > It just need to know where your global catalog is
             running, since it's
              > > > > > needed for new provider.
              > > > > >
              > > > > > It searches for global catalog like this:
              > > > > > dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}
              > > > > >
              > > > > > So you need to have this SRV record in DNS, if
        you want
             to use
              > > srvrecord
              > > > > > serverset type. Or you don't have to if you use
        single
             server type.
              > > > >
              > > > > active directory will not work without access to
        global
             catalog.
              > > > > please set one or more of the domain controllers
        as dns
             server, for
              > > > > example:
              > > > >
              > > > > vars.dns = dns://dc1.${global:vars.__domain}
              > > dns://dc2.${global:vars.__domain}
              > > > >
              > > > > please also uncomment/add these lines to make vars.dns
             effective.
              > > > >
              > > > >
              > >

        pool.default.serverset.__srvrecord.jndi-properties.__java.naming.provider.url
              > > > > = ${global:vars.dns}
              > > > > pool.default.socketfactory.__resolver.uRL =
        ${global:vars.dns}
              > > > >
              > > > > Thanks!
              > > > >
              > > > > >
              > > > > > >
              > > > > > > Thanks for the reply!
              > > > > > >
              > > > > > > 2015-01-29 11:53 GMT+01:00 Ondra Machacek
             <omachace@redhat.com <mailto:omachace@redhat.com>
        <mailto:omachace@redhat.com <mailto:omachace@redhat.com>>
              > > > > > > <mailto:omachace@redhat.com
        <mailto:omachace@redhat.com> <mailto:omachace@redhat.com
        <mailto:omachace@redhat.com>>>>__:

              > > > > > >
              > > > > > >     On 01/29/2015 11:41 AM, Koen Vanoppen wrote:
              > > > > > >
              > > > > > >         Can somebody help me setting up AAA
        for ovirt
             3.5.1?
              > > > > > >
              > > > > > >         I'm getting this now:
              > > > > > >
              > > > > > >         2015-01-29 11:35:36,889 WARN
              > > > > > >
               [org.ovirt.engineextensions.____aaa.ldap.AuthzExtension] (MSC
              > > > > > >         service thread
              > > > > > >         1-1)
              > > [ovirt-engine-extension-aaa-____ldap.authz::BRU_AIR-authz]
              > > > > > >         Cannot
              > > > > > >         initialize LDAP framework, deferring
             initialization.
              > > Error: An
              > > > > > >         error
              > > > > > >         occurred while attempting to query DNS
        in order to
              > > retrieve SRV
              > > > > > >         records
              > > > > > >         with name '_gc._tcp.brussels.airport':
              > > > > > >
          javax.naming.____NameNotFoundException: DNS name
             not found
              > > > > > >         [response code
              > > > > > >         3]; remaining name
        '_gc._tcp.brussels.airport'
              > > > > > >
              > > > > > >
              > > > > > >     Do you have this
        '_gc._tcp.brussels.airport' SRV
             record in DNS
              > > ?
              > > > > > >
              > > > > > >
              > > > > > >         my 3 configs:
              > > > > > >         _*BRU_AIR-authn.properties*_
              > > > > > > ovirt.engine.extension.name
        <http://ovirt.engine.extension.name>
             <http://ovirt.engine.__extension.name
        <http://ovirt.engine.extension.name>> <
              > > > > http://ovirt.engine.extension.__name
        <http://ovirt.engine.extension.name>>
              > > > > > >
          <http://ovirt.engine.__extensi__on.name <http://extension.name>
             <http://extension.name>
              > > > > > >         <http://ovirt.engine.__extension.name
        <http://ovirt.engine.extension.name>>> =
              > > > > > >         BRU_AIR-authn
              > > > > > >
          ovirt.engine.extension.____bindings.method =
             jbossmodule
              > > > > > >
               ovirt.engine.extension.____binding.jbossmodule.module =
              > > > > > >         org.ovirt.engine-extensions.____aaa.ldap
              > > > > > >
               ovirt.engine.extension.____binding.jbossmodule.class =
              > > > > > >
               org.ovirt.engineextensions.____aaa.ldap.AuthnExtension
              > > > > > >         ovirt.engine.extension.____provides =
              > > > > > >
          org.ovirt.engine.api.____extensions.aaa.Authn
              > > > > > >
          ovirt.engine.aaa.authn.__profi__le.name <http://profile.name>
             <http://profile.name>
              > > > > > >
          <http://ovirt.engine.aaa.__authn.profile.name
        <http://ovirt.engine.aaa.authn.profile.name>>
              > > > > > >
          <http://ovirt.engine.aaa.__aut__hn.profile.name
        <http://authn.profile.name>
             <http://authn.profile.name>
              > > > > > >
          <http://ovirt.engine.aaa.__authn.profile.name
        <http://ovirt.engine.aaa.authn.profile.name>>> =
             BRU-AIR
              > > > > > >         ovirt.engine.aaa.authn.authz.____plugin =
             BRU_AIR-authz
              > > > > > >         config.profile.file.1 =
              > > > > /etc/ovirt-engine/aaa/BRU_AIR.____properties
              > > > > > >
              > > > > > >         _*BRU_AIR-authz.properties*_
              > > > > > > ovirt.engine.extension.name
        <http://ovirt.engine.extension.name>
             <http://ovirt.engine.__extension.name
        <http://ovirt.engine.extension.name>> <
              > > > > http://ovirt.engine.extension.__name
        <http://ovirt.engine.extension.name>>
              > > > > > >
          <http://ovirt.engine.__extensi__on.name <http://extension.name>
             <http://extension.name>

              > > > > > >         <http://ovirt.engine.__extension.name
        <http://ovirt.engine.extension.name>>> =
              > > > > > >         BRU_AIR-authz
              > > > > > >
          ovirt.engine.extension.____bindings.method =
             jbossmodule
              > > > > > >
               ovirt.engine.extension.____binding.jbossmodule.module =
              > > > > > >         org.ovirt.engine-extensions.____aaa.ldap
              > > > > > >
               ovirt.engine.extension.____binding.jbossmodule.class =
              > > > > > >
               org.ovirt.engineextensions.____aaa.ldap.AuthzExtension
              > > > > > >         ovirt.engine.extension.____provides =
              > > > > > >
          org.ovirt.engine.api.____extensions.aaa.Authz
              > > > > > >         config.profile.file.1 =
              > > > > /etc/ovirt-engine/aaa/BRU_AIR.____properties

              > > > > > >
              > > > > > >         _*BRU_AIR.properties*_
              > > > > > >         include = <ad.properties>
              > > > > > >
              > > > > > >         #
              > > > > > >         # Active directory domain name.
              > > > > > >         #
              > > > > > >         vars.domain = mydomain.com
        <http://mydomain.com>
             <http://mydomain.com> <http://mydomain.com>
              > > > > > >         <http://mydomain.com>
              > > > > > >
              > > > > > >         #
              > > > > > >         # Search user and its password.
              > > > > > >         #
              > > > > > >         vars.user = admin@${global:vars.domain}
              > > > > > >         vars.password = ***********
              > > > > > >
              > > > > > >         #
              > > > > > >         # Optional DNS servers, if enterprise
              > > > > > >         # DNS server cannot resolve the domain
        srvrecord.
              > > > > > >         #
              > > > > > >         vars.dns = dns://dc01.mydomain.com
        <http://dc01.mydomain.com>
             <http://dc01.mydomain.com> <
              > > http://dc01.mydomain.com>
              > > > > > >         <http://dc01.mydomain.com>
              > > > > > >
              > > > > > >         pool.default.serverset.type = srvrecord
              > > > > > >
          pool.default.serverset.____srvrecord.domain =
              > > > > ${global:vars.domain}
              > > > > > >         pool.default.auth.simple.____bindDN =
             ${global:vars.user}
              > > > > > >         pool.default.auth.simple.____password =
              > > ${global:vars.password
              > > > > > >
              > > > > > >         In the GUI for adding user I get this:
              > > > > > >
              > > > > > >         An error occurred while attempting to
        query DNS
             in order to
              > > > > > >         retrieve SRV
              > > > > > >         records with name
        '_gc__tcp_brussels_airport':
              > > > > > >
          javax_naming_____NameNotFoundException: DNS name
             not found
              > > > > > >         [response code
              > > > > > >         3]; remaining name
        '_gc__tcp_brussels_airport'
              > > > > > >
              > > > > > >         Any ideas? I ran out...
              > > > > > >
              > > > > > >         Kind regards,
              > > > > > >
              > > > > > >         Koen
              > > > > > >
              > > > > > >
              > > > > > >
          ___________________________________________________
              > > > > > >         Users mailing list
              > > > > > > Users@ovirt.org <mailto:Users@ovirt.org>
        <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>
             <mailto:Users@ovirt.org <mailto:Users@ovirt.org>
        <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>>
              > > > > > >
        http://lists.ovirt.org/____mailman/listinfo/users
        <http://lists.ovirt.org/__mailman/listinfo/users>
              > > > > > >
          <http://lists.ovirt.org/__mailman/listinfo/users
        <http://lists.ovirt.org/mailman/listinfo/users>>
              > > > > > >
              > > > > > >
              > > > > > _________________________________________________
              > > > > > Users mailing list
              > > > > > Users@ovirt.org <mailto:Users@ovirt.org>
        <mailto:Users@ovirt.org <mailto:Users@ovirt.org>>
              > > > > > http://lists.ovirt.org/__mailman/listinfo/users
        <http://lists.ovirt.org/mailman/listinfo/users>
              > > > > >
              > > > >
              > > >
              > >
              >




        _________________________________________________
        Users mailing list
        Users@ovirt.org <mailto:Users@ovirt.org>
        http://lists.ovirt.org/__mailman/listinfo/users
        <http://lists.ovirt.org/mailman/listinfo/users>