[Users] Restirct list of AD servers

Keith Mitchell kamitch at cisco.com
Mon Feb 18 14:01:25 UTC 2013


That seems to get ignored if the provider type is ActiveDirectory.

On 2/18/13 8:37 AM, Yair Zaslavsky wrote:
> Will -ldapServers option help you ?
> It allows you to set an LDAP servers per domain, and modified the krb5.conf file accordingly, under the assumption that the ldap server also serves as KDC.
>
> Yair
>
>
> ----- Original Message -----
>> From: "Keith Mitchell" <kamitch at cisco.com>
>> To: users at ovirt.org
>> Sent: Monday, February 18, 2013 3:21:51 PM
>> Subject: [Users] Restirct list of AD servers
>>
>> I have a situation where the Active Directory domain I am trying to
>> use
>> as authentication for ovirt lists many servers all around the world.
>>
>> But... my server running ovirt is sitting behind a firewall that
>> doesn't
>> allow me to access all of them... only the local ones.  We do have a
>> "locater dns record" which we can query at a well known name and it
>> will
>> always return the local ip address of the AD server...  but if you
>> query
>> the SRV records for the domain it will return all of the servers.
>>
>> I was able to add the domain using engine-manage-domains, and I
>> tweaked
>> the /etc/ovirt-engine/krb5.conf to only include the local AD servers
>> where we can access, but that doesn't seem to be sufficient.
>>
>> Not sure if ovirt is querying the dns records on boot to get the list
>> of
>> servers to talk to or not, but it doesn't seem to be using
>> /etc/ovirt-engine/krb.conf for this purpose.
>>
>> So... is there anyway to manually force it to use a certain server
>> and
>> not have it query dns?
>>
>> thanks.
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>




More information about the Users mailing list