[ovirt-devel] oVirt AAA LDAP

[Alon Bar-Lev]

----- Original Message -----
> From: "Tang Jackson" <tangjack at square-enix.com>
> To: devel at ovirt.org
> Sent: Monday, December 15, 2014 11:55:22 AM
> Subject: [ovirt-devel] oVirt AAA LDAP
> 
> 
> 
> Hello Alon,
> 
> 
> 
> I am having some trouble using the new aaa released in version 3.5 of oVirt.
> 
> 
> 
> include = <ad.properties>
> 
> 
> 
> #
> 
> # Active directory domain name.
> 
> #
> 
> vars.domain = jp.co.xxxxx.com
> 
> 
> 
> #
> 
> # Search user and its password.
> 
> #
> 
> #vars.user = CN=username,OU=UserAccounts,DC=jp,DC=co,DC=xxx,DC=com
> 
> vars.user = xxx

user should be username@${global:vars.domain}

> 
> vars.password = xxxxxx
> 
> 
> 
> #
> 
> # Optional DNS servers, if enterprise
> 
> # DNS server cannot resolve the domain srvrecord.
> 
> #
> 
> vars.dns = dns://xxx.jp.co.xxxx.com

this must point to active directory dns implementation, all srv records should be available, you can choose one or more domain controllers or remove this if your default dns is referring the microsoft dns.

<snip>

> 2014-12-15 13:39:28,265 ERROR
> [org.ovirt.engineextensions.aaa.ldap.AuthzExtension] (MSC service thread
> 1-6) [ovirt-engine-extension-aaa-ldap.authz::sqex-authz] Cannot initialize
> LDAP framework, deferring initialization. Error: An error occurred while
> attempting to query DNS in order to retrieve SRV records with name
> '_gc._tcp.jp.co.square-enix.com': javax.naming.NameNotFoundException: DNS
> name not found [response code 3]; remaining name
> '_gc._tcp.jp.co.square-enix.com'

this states that the jp.co.square-enix.com is either:
1. not active directory domain name, missing component or similar, or spelled incorrectly.
2. the ldap you refer to is missing active directory srv records.

Alon