[ovirt-users] AAA
Koen Vanoppen
vanoppen.koen at gmail.com
Thu Jan 29 12:19:32 UTC 2015
Big thanks for your help, but still the same:
#
# Active directory domain name.
#
vars.domain = mydomain.com
#
# Search user and its password.
#
vars.user = admin@${global:vars.domain}
vars.password = *****
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://srvdc03.${global:vars.domain}
dns://srvdc04.${global:vars.domain}
pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
[ovirt-engine-extension-aaa-ldap.authz::BRU_AIR-authz] Cannot initialize
LDAP framework, deferring initialization. Error: No DNS SRV records were
found with record name '_gc._tcp.brussels.airport'.
And I can't put '_gc._tcp.mydomain.com in the dns... Isn't there another
way it just resolves the dns servers I gave him?
2015-01-29 13:02 GMT+01:00 Alon Bar-Lev <alonbl at redhat.com>:
>
>
> ----- Original Message -----
> > From: "Ondra Machacek" <omachace at redhat.com>
> > To: "Koen Vanoppen" <vanoppen.koen at gmail.com>, users at ovirt.org
> > Sent: Thursday, January 29, 2015 1:49:00 PM
> > Subject: Re: [ovirt-users] AAA
> >
> >
> > On 01/29/2015 12:30 PM, Koen Vanoppen wrote:
> > > No, I don't. and I wouldn't know how he got to this name...
> >
> > Well, then you have to, if you want to use 'pool.default.serverset.type
> > = srvrecord'.
> >
> > It just need to know where your global catalog is running, since it's
> > needed for new provider.
> >
> > It searches for global catalog like this:
> > dig @${vars.dns} -t SRV _gc._tcp.${vars.domain}
> >
> > So you need to have this SRV record in DNS, if you want to use srvrecord
> > serverset type. Or you don't have to if you use single server type.
>
> active directory will not work without access to global catalog.
> please set one or more of the domain controllers as dns server, for
> example:
>
> vars.dns = dns://dc1.${global:vars.domain} dns://dc2.${global:vars.domain}
>
> please also uncomment/add these lines to make vars.dns effective.
>
> pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url
> = ${global:vars.dns}
> pool.default.socketfactory.resolver.uRL = ${global:vars.dns}
>
> Thanks!
>
> >
> > >
> > > Thanks for the reply!
> > >
> > > 2015-01-29 11:53 GMT+01:00 Ondra Machacek <omachace at redhat.com
> > > <mailto:omachace at redhat.com>>:
> > >
> > > On 01/29/2015 11:41 AM, Koen Vanoppen wrote:
> > >
> > > Can somebody help me setting up AAA for ovirt 3.5.1?
> > >
> > > I'm getting this now:
> > >
> > > 2015-01-29 11:35:36,889 WARN
> > > [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
> > > service thread
> > > 1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
> > > Cannot
> > > initialize LDAP framework, deferring initialization. Error: An
> > > error
> > > occurred while attempting to query DNS in order to retrieve SRV
> > > records
> > > with name '_gc._tcp.brussels.airport':
> > > javax.naming.__NameNotFoundException: DNS name not found
> > > [response code
> > > 3]; remaining name '_gc._tcp.brussels.airport'
> > >
> > >
> > > Do you have this '_gc._tcp.brussels.airport' SRV record in DNS ?
> > >
> > >
> > > my 3 configs:
> > > _*BRU_AIR-authn.properties*_
> > > ovirt.engine.extension.name <
> http://ovirt.engine.extension.name>
> > > <http://ovirt.engine.__extension.name
> > > <http://ovirt.engine.extension.name>> =
> > > BRU_AIR-authn
> > > ovirt.engine.extension.__bindings.method = jbossmodule
> > > ovirt.engine.extension.__binding.jbossmodule.module =
> > > org.ovirt.engine-extensions.__aaa.ldap
> > > ovirt.engine.extension.__binding.jbossmodule.class =
> > > org.ovirt.engineextensions.__aaa.ldap.AuthnExtension
> > > ovirt.engine.extension.__provides =
> > > org.ovirt.engine.api.__extensions.aaa.Authn
> > > ovirt.engine.aaa.authn.__profile.name
> > > <http://ovirt.engine.aaa.authn.profile.name>
> > > <http://ovirt.engine.aaa.__authn.profile.name
> > > <http://ovirt.engine.aaa.authn.profile.name>> = BRU-AIR
> > > ovirt.engine.aaa.authn.authz.__plugin = BRU_AIR-authz
> > > config.profile.file.1 =
> /etc/ovirt-engine/aaa/BRU_AIR.__properties
> > >
> > > _*BRU_AIR-authz.properties*_
> > > ovirt.engine.extension.name <
> http://ovirt.engine.extension.name>
> > > <http://ovirt.engine.__extension.name
> > > <http://ovirt.engine.extension.name>> =
> > > BRU_AIR-authz
> > > ovirt.engine.extension.__bindings.method = jbossmodule
> > > ovirt.engine.extension.__binding.jbossmodule.module =
> > > org.ovirt.engine-extensions.__aaa.ldap
> > > ovirt.engine.extension.__binding.jbossmodule.class =
> > > org.ovirt.engineextensions.__aaa.ldap.AuthzExtension
> > > ovirt.engine.extension.__provides =
> > > org.ovirt.engine.api.__extensions.aaa.Authz
> > > config.profile.file.1 =
> /etc/ovirt-engine/aaa/BRU_AIR.__properties
> > >
> > > _*BRU_AIR.properties*_
> > > include = <ad.properties>
> > >
> > > #
> > > # Active directory domain name.
> > > #
> > > vars.domain = mydomain.com <http://mydomain.com>
> > > <http://mydomain.com>
> > >
> > > #
> > > # Search user and its password.
> > > #
> > > vars.user = admin@${global:vars.domain}
> > > vars.password = ***********
> > >
> > > #
> > > # Optional DNS servers, if enterprise
> > > # DNS server cannot resolve the domain srvrecord.
> > > #
> > > vars.dns = dns://dc01.mydomain.com <http://dc01.mydomain.com>
> > > <http://dc01.mydomain.com>
> > >
> > > pool.default.serverset.type = srvrecord
> > > pool.default.serverset.__srvrecord.domain =
> ${global:vars.domain}
> > > pool.default.auth.simple.__bindDN = ${global:vars.user}
> > > pool.default.auth.simple.__password = ${global:vars.password
> > >
> > > In the GUI for adding user I get this:
> > >
> > > An error occurred while attempting to query DNS in order to
> > > retrieve SRV
> > > records with name '_gc__tcp_brussels_airport':
> > > javax_naming___NameNotFoundException: DNS name not found
> > > [response code
> > > 3]; remaining name '_gc__tcp_brussels_airport'
> > >
> > > Any ideas? I ran out...
> > >
> > > Kind regards,
> > >
> > > Koen
> > >
> > >
> > > _________________________________________________
> > > Users mailing list
> > > Users at ovirt.org <mailto:Users at ovirt.org>
> > > http://lists.ovirt.org/__mailman/listinfo/users
> > > <http://lists.ovirt.org/mailman/listinfo/users>
> > >
> > >
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150129/9df83d29/attachment-0001.html>
More information about the Users
mailing list