[Users] ldap
Oved Ourfalli
ovedo at redhat.com
Thu Mar 28 12:53:20 UTC 2013
----- Original Message -----
> From: "Ryan Wilkinson" <ryanwilk at gmail.com>
> To: users at ovirt.org
> Sent: Thursday, March 28, 2013 2:42:56 PM
> Subject: [Users] ldap
>
>
>
> I'm able to set up Active Directory authentication if my ovirt engine
> is set to use dns that is hosted on the same system as Active
> Directory. However, if I use static host entries in my engine
> "hosts" file instead of using dns I'm getting the error "ldap server
> for domain not found" when I issue the command:
> "engine-manage-domains -action=add -domain=’ovirt.local'
> -user='admin' -provider=ActiveDirectory -interactive" from the
> engine. I've googled to death how to configure static entries on my
> engine system for the ldap server and it seems that I need to
> configure my nsswitch and ldap.conf files but still no luck... Any
> ideas??
Hi Ryan,
To work with LDAP you currently need to have both LDAP and Kerberos SRV records in the DNS, as well as PTR record.
If you would like to work locally I can suggest working with dnsmasq (lightweight DHCP and caching DNS server) locally, defining these entries there, and setting /etc/resolv.conf properly, so that it would access it.
The configuration is in /etc/dnsmasq.conf (or in /etc/dnsmasq.d/...).
Example for LDAP and Kerberos records:
srv-host=_ldap._tcp.my_domain.com,ad.my_domain.com,389
srv-host=_kerberos._tcp.my_domain.com,ad.my_domain.com,88
and, afaik it also takes /etc/hosts and creates PTR records for the entries there, so that should be enough, if you add your AD host in /etc/hosts (I guess you can also add those manually in dnsmasq).
Let me know if you need further assistance.
Oved
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list