[ovirt-users] AAA

Ondra Machacek omachace at redhat.com
Thu Jan 29 11:49:00 UTC 2015


On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
> No, I don't. and I wouldn't know how he got to this name...

Well, then you have to, if you want to use 'pool.default.serverset.type 
= srvrecord'.

It just need to know where your global catalog is running, since it's 
needed for new provider.

It searches for global catalog like this:
dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}

So you need to have this SRV record in DNS, if you want to use srvrecord 
serverset type. Or you don't have to if you use single server type.

>
> Thanks for the reply!
>
> 2015-01-29 11:53 GMT+01:00 Ondra Machacek <omachace at redhat.com
> <mailto:omachace at redhat.com>>:
>
>     On 01/29/2015 11:41 AM, Koen Vanoppen wrote:
>
>         Can somebody help me setting up AAA for ovirt 3.5.1?
>
>         I'm getting this now:
>
>         2015-01-29 11:35:36,889 WARN
>         [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
>         service thread
>         1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz] Cannot
>         initialize LDAP framework, deferring initialization. Error: An error
>         occurred while attempting to query DNS in order to retrieve SRV
>         records
>         with name '_gc._tcp.brussels.airport':
>         javax.naming.__NameNotFoundException: DNS name not found
>         [response code
>         3]; remaining name '_gc._tcp.brussels.airport'
>
>
>     Do you have this '_gc._tcp.brussels.airport' SRV record in DNS ?
>
>
>         my 3 configs:
>         _*BRU_AIR-authn.properties*_
>         ovirt.engine.extension.name <http://ovirt.engine.extension.name>
>         <http://ovirt.engine.__extension.name
>         <http://ovirt.engine.extension.name>> =
>         BRU_AIR-authn
>         ovirt.engine.extension.__bindings.method = jbossmodule
>         ovirt.engine.extension.__binding.jbossmodule.module =
>         org.ovirt.engine-extensions.__aaa.ldap
>         ovirt.engine.extension.__binding.jbossmodule.class =
>         org.ovirt.engineextensions.__aaa.ldap.AuthnExtension
>         ovirt.engine.extension.__provides =
>         org.ovirt.engine.api.__extensions.aaa.Authn
>         ovirt.engine.aaa.authn.__profile.name
>         <http://ovirt.engine.aaa.authn.profile.name>
>         <http://ovirt.engine.aaa.__authn.profile.name
>         <http://ovirt.engine.aaa.authn.profile.name>> = BRU-AIR
>         ovirt.engine.aaa.authn.authz.__plugin = BRU_AIR-authz
>         config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.__properties
>
>         _*BRU_AIR-authz.properties*_
>         ovirt.engine.extension.name <http://ovirt.engine.extension.name>
>         <http://ovirt.engine.__extension.name
>         <http://ovirt.engine.extension.name>> =
>         BRU_AIR-authz
>         ovirt.engine.extension.__bindings.method = jbossmodule
>         ovirt.engine.extension.__binding.jbossmodule.module =
>         org.ovirt.engine-extensions.__aaa.ldap
>         ovirt.engine.extension.__binding.jbossmodule.class =
>         org.ovirt.engineextensions.__aaa.ldap.AuthzExtension
>         ovirt.engine.extension.__provides =
>         org.ovirt.engine.api.__extensions.aaa.Authz
>         config.profile.file.1 = /etc/ovirt-engine/aaa/BRU_AIR.__properties
>
>         _*BRU_AIR.properties*_
>         include = <ad.properties>
>
>         #
>         # Active directory domain name.
>         #
>         vars.domain = mydomain.com <http://mydomain.com>
>         <http://mydomain.com>
>
>         #
>         # Search user and its password.
>         #
>         vars.user = admin@${global:vars.domain}
>         vars.password = ***********
>
>         #
>         # Optional DNS servers, if enterprise
>         # DNS server cannot resolve the domain srvrecord.
>         #
>         vars.dns = dns://dc01.mydomain.com <http://dc01.mydomain.com>
>         <http://dc01.mydomain.com>
>
>         pool.default.serverset.type = srvrecord
>         pool.default.serverset.__srvrecord.domain = ${global:vars.domain}
>         pool.default.auth.simple.__bindDN = ${global:vars.user}
>         pool.default.auth.simple.__password = ${global:vars.password
>
>         In the GUI for adding user I get this:
>
>         An error occurred while attempting to query DNS in order to
>         retrieve SRV
>         records with name '_gc__tcp_brussels_airport':
>         javax_naming___NameNotFoundException: DNS name not found
>         [response code
>         3]; remaining name '_gc__tcp_brussels_airport'
>
>         Any ideas? I ran out...
>
>         Kind regards,
>
>         Koen
>
>
>         _________________________________________________
>         Users mailing list
>         Users at ovirt.org <mailto:Users at ovirt.org>
>         http://lists.ovirt.org/__mailman/listinfo/users
>         <http://lists.ovirt.org/mailman/listinfo/users>
>
>



More information about the Users mailing list