[ovirt-devel] oVirt AAA LDAP
Tang Jackson
tangjack at square-enix.com
Mon Dec 15 09:55:22 UTC 2014
Hello Alon,
I am having some trouble using the new aaa released in version 3.5 of oVirt.
include = <ad.properties>
#
# Active directory domain name.
#
vars.domain = jp.co.xxxxx.com
#
# Search user and its password.
#
#vars.user = CN=username,OU=UserAccounts,DC=jp,DC=co,DC=xxx,DC=com
vars.user = xxx
vars.password = xxxxxx
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://xxx.jp.co.xxxx.com
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS
#pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url = ${global:vars.dns}
#pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
# Create keystore, import certificate chain and uncomment
# if using ssl/tls.
#pool.default.ssl.startTLS = true
#pool.default.ssl.truststore.file = ${local:_basedir}/${global:vars.domain}.jks
#pool.default.ssl.truststore.password = changeit
ovirt.engine.extension.name = sqex-authn
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn
ovirt.engine.aaa.authn.profile.name = sqex
ovirt.engine.aaa.authn.authz.plugin = sqex-authz
config.profile.file.1 = /etc/ovirt-engine/aaa/sqex.properties
ovirt.engine.extension.name = sqex-authz
ovirt.engine.extension.bindings.method = jbossmodule
ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap
ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension
ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz
config.profile.file.1 = /etc/ovirt-engine/aaa/sqex.properties
The error in the engine log is as follows:
2014-12-15 13:39:12,828 INFO [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (MSC service thread 1-4) Loaded file "/etc/ovirt-engine/engine.conf.d/50-ovirt-engine-extension-aaa-ldap.conf".
2014-12-15 13:39:12,855 INFO [org.ovirt.engine.core.uutils.config.ShellLikeConfd] (MSC service thread 1-4) Value of property "ENGINE_JAVA_MODULEPATH" is "/usr/share/ovirt-engine/modules:/usr/share/ovirt-engine-extension-aaa-ldap/modules".
2014-12-15 13:39:14,053 INFO [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Creating LDAP pool 'authz'
2014-12-15 13:39:27,259 INFO [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Creating LDAP pool 'gc'
2014-12-15 13:39:28,265 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_gc._tcp.jp.co.square-enix.com': javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_gc._tcp.jp.co.square-enix.com'
2014-12-15 13:39:28,271 INFO [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authn::sqex-authn] Creating LDAP pool 'authz'
2014-12-15 13:39:36,316 INFO [org.ovirt.engineextensions.aaa.ldap.Framework] (MSC service thread 1-6) [ovirt-engine-extension-aaa-ldap.authn::sqex-authn] Creating LDAP pool 'authn'
2014-12-15 13:39:39,384 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-6) Instance name: 'sqex-authz', Extension name: 'ovirt-engine-extension-aaa-ldap.authz', Version: '1.0.0', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/etc/ovirt-engine/extensions.d/sqex-authz.properties', Initialized: 'true'
2014-12-15 13:39:39,388 INFO [org.ovirt.engine.core.extensions.mgr.ExtensionsManager] (MSC service thread 1-6) Instance name: 'sqex-authn', Extension name: 'ovirt-engine-extension-aaa-ldap.authn', Version: '1.0.0', Notes: 'Display name: ovirt-engine-extension-aaa-ldap-1.0.0-1.el6', License: 'ASL 2.0', Home: 'http://www.ovirt.org', Author 'The oVirt Project', Build interface Version: '0', File: '/etc/ovirt-engine/extensions.d/sqex-authn.properties', Initialized: 'true'
The ovirt server can find the dns in cli.
Regards,
J Tang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20141215/30aef515/attachment.html>
More information about the Devel
mailing list