Hello ,

 

I think I resolved this issue. It is dig response when resolving the domain name!

 

CentOS-7 – bind-utils-9.11.4-16.P2.el7_8.6.x86_64; Windows AD level 2008R2; in my case dig returns answer with

 

;; ANSWER SECTION:

mb118.local.       600         IN           A             192.168.1.7

 

IP address returned is address of DC

 

CentOS-8 - bind-utils-9.11.20-5.el8.x86_64; Same Domain Controller; dig returns answer without ;;ANSWER SECTION e.g. IP address of DC cannot be identified.

 

The solution is to add directive ‘+nocookie’, after ‘+tcp’  in the file /usr/share/ovirt-engine-extension-aaa-ldap/setup/plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py

 

The section starts at line 144:

 

@staticmethod

    def _resolver(plugin, record, what):

        rc, stdout, stderr = plugin.execute(

            args=(

                (

                    plugin.command.get('dig'),

                    '+noall',

                    '+answer',

                    '+tcp',

                    '+nocookie',

                    what,

                    record

                )

            ),

        )

        return stdout

 

With this change execution of ovirt-engine-extension-aaa-ldap-setup completes successfully and joins fresh install of oVirt 4.4 to Active Directory.

 

If level of AD is 2016  ‘+nocookie’ change is not needed.

 

Happy holydays to all of you!

Stay safe!

 

Thank you!

Best,

Latcho

 

 

 

From: Latchezar Filtchev
Sent: Tuesday, November 24, 2020 10:31 AM
To: users@ovirt.org
Subject: oVirt 4.4 and Active directory

 

Hello All,

 

Fresh standalone installation of oVirt 4.3 (CentOS 7) . Execution of ovirt-engine-extension-aaa-ldap-setup completes normally and DC is connected to AD (Domain functional level: Windows Server 2008 ).

 

On the same hardware fresh standalone installation of oVirt 4.4.

Installation of engine completed with warning:

 

2020-11-23 14:50:46,159+0200 WARNING otopi.plugins.ovirt_engine_common.base.network.hostname hostname._validateFQDNresolvability:308 Failed to resolve 44-8.mb118.local using DNS, it can be resolved only locally

 

Despite warning engine portal is resolvable after installation.

 

Execution of ovirt-engine-extension-aaa-ldap-setup ends with:

 

[ INFO  ] Stage: Environment customization

          Welcome to LDAP extension configuration program

          Available LDAP implementations:

           1 - 389ds

           2 - 389ds RFC-2307 Schema

           3 - Active Directory

           4 - IBM Security Directory Server

           5 - IBM Security Directory Server RFC-2307 Schema

           6 - IPA

           7 - Novell eDirectory RFC-2307 Schema

           8 - OpenLDAP RFC-2307 Schema

           9 - OpenLDAP Standard Schema

          10 - Oracle Unified Directory RFC-2307 Schema

          11 - RFC-2307 Schema (Generic)

          12 - RHDS

          13 - RHDS RFC-2307 Schema

          14 - iPlanet

          Please select: 3

          Please enter Active Directory Forest name: mb118.local

[ INFO  ] Resolving Global Catalog SRV record for mb118.local

[WARNING] Cannot resolve Global Catalog SRV record for mb118.local. Please check you have entered correct Active Directory forest name and check that forest is resolvable by your system DNS servers

[ ERROR ] Failed to execute stage 'Environment customization': Active Directory forest is not resolvable, please make sure you've entered correct forest name. If for some reason you can't use forest and you need some special configuration instead, please refer to examples directory provided by ovirt-engine-extension-aaa-ldap package.

[ INFO  ] Stage: Clean up

          Log file is available at /tmp/ovirt-engine-extension-aaa-ldap-setup-20201123113909-bj749k.log:

[ INFO  ] Stage: Pre-termination

[ INFO  ] Stage: Termination

 

Can someone advise on this?

 

Thank you!

Best,

Latcho