[ovirt-users] AAA
Koen Vanoppen
vanoppen.koen at gmail.com
Thu Jan 29 14:11:40 UTC 2015
FOUND IT!!!!!!
include = <ad.properties>
#
# Active directory domain name.
#
#vars.domain = ldap.mydomain.com
vars.server = ldap.mydomain.com
#
# Search user and its password.
#
vars.user = juniper-admin at mydomain.com
vars.password = **************
#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://srvdc03.mydomain.com dns://srvdc04.mydomain.com
#pool.default.serverset.type = srvrecord
pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
# Uncomment if using custom DNS
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns
BIG THANKS MAN!!!!!
2015-01-29 15:00 GMT+01:00 Ondra Machacek <omachace at redhat.com>:
>
>
> On 01/29/2015 02:54 PM, Koen Vanoppen wrote:
>
>> I just don't understand. Why did engine-manage-domains previously DID
>> work, no problems what so ever and now I have this...
>>
>
> Because manage-domains didn't use global catalog. And probabaly the reason
> you don't have _ldap SRV record is that you didn't have them never and you
> just used '--ldapServers' parameter, that's why manage-domains worked with
> your domain.
>
> Now you are using DNS, not static configuration of ldap servers.
>
>
>> 2015-01-29 14:48 GMT+01:00 Ondra Machacek <omachace at redhat.com
>> <mailto:omachace at redhat.com>>:
>>
>> It's same situation as before, but now you are missing ldap SRV
>> record.
>>
>> With same steps you used to add _gc SRV record add also _ldap SRV
>> record. But it's strange that you don't already have them.
>>
>> On 01/29/2015 02:46 PM, Koen Vanoppen wrote:
>>
>> I saw that when I pressed the send button. If I do that i again
>> get the
>> following:
>>
>> 2015-01-29 14:28:35,891 WARN
>> [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
>> service thread
>> 1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
>> Cannot
>> initialize LDAP framework, deferring initialization. Error: An
>> error
>> occurred while attempting to query DNS in order to retrieve SRV
>> records
>> with name '_ldap._tcp.ldap.mydomain.com
>> <http://tcp.ldap.mydomain.com>
>> <http://tcp.ldap.mydomain.com>__':
>> javax.naming.__NameNotFoundException:
>> DNS name not found [response code 3]; remaining name
>> '_ldap._tcp.ldap.mydomain.com <http://tcp.ldap.mydomain.com>
>> <http://tcp.ldap.mydomain.com>__'
>> 2015-01-29 14:28:35,924 WARN
>> [org.ovirt.engineextensions.__aaa.ldap.AuthnExtension] (MSC
>> service thread
>> 1-1) [ovirt-engine-extension-aaa-__ldap.authn::BRU_AIR-authn]
>> Cannot
>> initialize LDAP framework, deferring initialization. Error: An
>> error
>> occurred while attempting to query DNS in order to retrieve SRV
>> records
>> with name '_ldap._tcp.ldap.mydomain.com
>> <http://tcp.ldap.mydomain.com>
>> <http://tcp.ldap.mydomain.com>__':
>> javax.naming.__NameNotFoundException:
>> DNS name not found [response code 3]; remaining name
>> '_ldap._tcp.ldap.mydomain.com <http://tcp.ldap.mydomain.com>
>> <http://tcp.ldap.mydomain.com>__'
>>
>> And yes I replayed mydomain with the correct one... :-)
>>
>> 2015-01-29 14:40 GMT+01:00 Ondra Machacek <omachace at redhat.com
>> <mailto:omachace at redhat.com>
>> <mailto:omachace at redhat.com <mailto:omachace at redhat.com>>>:
>>
>>
>>
>> On 01/29/2015 02:18 PM, Koen Vanoppen wrote:
>>
>> OK... Now I have this one :-)
>> WARN
>> [org.ovirt.engineextensions.____aaa.ldap.AuthnExtension]
>> (MSC service
>> thread 1-2)
>> [ovirt-engine-extension-aaa-____ldap.authn::BRU_AIR-authn]
>> Cannot initialize LDAP framework, deferring
>> initialization. Error:
>> Invalid DNS pseudo-URL(s):
>>
>>
>> uncomment vars.dns
>>
>>
>> Changed the properties file to this:
>>
>> include = <ad.properties>
>>
>> #
>> # Active directory domain name.
>> #
>> vars.domain = ldap.mydomain.com
>> <http://ldap.mydomain.com> <http://ldap.mydomain.com>
>> <http://ldap.mydomain.com> (this one
>> resolves to and gives ping back, front end of the pool)
>>
>> #
>> # Search user and its password.
>> #
>> vars.user = juniper-admin at mydomain.com
>> <mailto:juniper-admin at mydomain.com>
>> <mailto:juniper-admin at __mydomain.com
>> <mailto:juniper-admin at mydomain.com>>
>> <mailto:juniper-admin@
>> <mailto:juniper-admin@>__mydoma__in.com <http://mydomain.com>
>> <mailto:juniper-admin at __mydomain.com
>> <mailto:juniper-admin at mydomain.com>>>
>> vars.password = *****
>>
>> #
>> # Optional DNS servers, if enterprise
>> # DNS server cannot resolve the domain srvrecord.
>> #
>> #vars.dns = dns://srvdc03.my.domain
>> dns://srvdc04.my.domain (these
>> resolve and give a ping back)
>>
>> pool.default.serverset.type = srvrecord
>> #pool.default.serverset.____single.server =
>> ${global:vars.server}
>> pool.default.serverset.____srvrecord.domain =
>> ${global:vars.domain}
>> pool.default.auth.simple.____bindDN =
>> ${global:vars.user}
>> pool.default.auth.simple.____password =
>> ${global:vars.password}
>>
>> # Uncomment if using custom DNS
>>
>> pool.default.serverset.____srvrecord.jndi-properties.____
>> java.naming.provider.url
>> =
>> ${global:vars.dns}
>> pool.default.socketfactory.____resolver.uRL =
>> ${global:vars.dns}
>>
>>
>> Thanks for your effort!
>>
>>
>> 2015-01-29 13:50 GMT+01:00 Alon Bar-Lev
>> <alonbl at redhat.com <mailto:alonbl at redhat.com>
>> <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>
>> <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>
>> <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>>>:
>>
>>
>>
>> ----- Original Message -----
>> > From: "Koen Vanoppen" <vanoppen.koen at gmail.com
>> <mailto:vanoppen.koen at gmail.com>
>> <mailto:vanoppen.koen at gmail.__com
>> <mailto:vanoppen.koen at gmail.com>>
>> <mailto:vanoppen.koen at gmail.
>> <mailto:vanoppen.koen at gmail.>____com
>> <mailto:vanoppen.koen at gmail.__com
>> <mailto:vanoppen.koen at gmail.com>>>>
>> > To: "Alon Bar-Lev" <alonbl at redhat.com
>> <mailto:alonbl at redhat.com>
>> <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>
>> <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>
>> <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>>>
>> > Cc:users at ovirt.org <mailto:Cc%3Ausers at ovirt.org>
>> <mailto:Cc%3Ausers at ovirt.org <mailto:Cc%253Ausers at ovirt.org>>
>> <mailto:users at ovirt.org <mailto:users at ovirt.org>
>> <mailto:users at ovirt.org <mailto:users at ovirt.org>>>
>> > Sent: Thursday, January 29, 2015 2:41:52 PM
>> > Subject: Re: [ovirt-users] AAA
>> >
>> > Yes We have:
>> >
>> > [root at ovirtmgmt01prod ~]# dig
>> @srvdc03.mydomain.com <http://srvdc03.mydomain.com>
>> <http://srvdc03.mydomain.com>
>> <http://srvdc03.mydomain.com> SRV
>> _gc._
>> >tcp.mydomain.com <http://tcp.mydomain.com>
>> <http://tcp.mydomain.com>
>> <http://tcp.mydomain.com>
>> >
>> > ; <<>> DiG
>> 9.8.2rc1-RedHat-9.8.2-0.23.____rc1.el6_5.1 <<>>
>> @srvdc03.mydomain.com <http://srvdc03.mydomain.com>
>> <http://srvdc03.mydomain.com>
>>
>> <http://srvdc03.mydomain.com>
>> > SRV _gc._tcp.mydomain.com
>> <http://tcp.mydomain.com> <http://tcp.mydomain.com>
>> <http://tcp.mydomain.com>
>> > ; (1 server found)
>> > ;; global options: +cmd
>> > ;; Got answer:
>> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN,
>> id: 33340
>> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,
>> AUTHORITY: 1,
>> ADDITIONAL: 0
>> >
>> > ;; QUESTION SECTION:
>> > ;_gc._tcp.mydomain.com <http://tcp.mydomain.com>
>> <http://tcp.mydomain.com>
>> <http://tcp.mydomain.com>. IN SRV
>>
>> this ^^^^^^^ means that you do not have srv
>> record. are you
>> sure you
>> replace mydomain.com <http://mydomain.com>
>> <http://mydomain.com>
>> <http://mydomain.com> with your actual active
>> directory domain name?
>> have you tried to look into your dns manager for
>> this
>> information as
>> well?
>>
>> >
>> > ;; AUTHORITY SECTION:
>> > mydomain.com <http://mydomain.com>
>> <http://mydomain.com>
>> <http://mydomain.com>. 3600 IN SOA
>> srvdc03.mydomain.com <http://srvdc03.mydomain.com>
>> <http://srvdc03.mydomain.com>
>> <http://srvdc03.mydomain.com>.
>> > hostmaster.airport. 1398582 900 600 86400 3600
>> >
>> > ;; Query time: 12 msec
>> > ;; SERVER: 10.110.3.123#53(10.110.3.123)
>> > ;; WHEN: Thu Jan 29 13:40:41 2015
>> > ;; MSG SIZE rcvd: 98
>> >
>> >
>> >
>> > 2015-01-29 13:33 GMT+01:00 Alon Bar-Lev
>> <alonbl at redhat.com <mailto:alonbl at redhat.com>
>> <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>
>> <mailto:alonbl at redhat.com
>> <mailto:alonbl at redhat.com> <mailto:alonbl at redhat.com
>> <mailto:alonbl at redhat.com>>>>:
>> >
>> > >
>> > >
>> > > ----- Original Message -----
>> > > > From: "Koen Vanoppen"
>> <vanoppen.koen at gmail.com <mailto:vanoppen.koen at gmail.com>
>> <mailto:vanoppen.koen at gmail.__com
>> <mailto:vanoppen.koen at gmail.com>>
>> <mailto:vanoppen.koen at gmail.
>> <mailto:vanoppen.koen at gmail.>____com
>> <mailto:vanoppen.koen at gmail.__com
>> <mailto:vanoppen.koen at gmail.com>>>>
>> > > > To: "Alon Bar-Lev" <alonbl at redhat.com
>> <mailto:alonbl at redhat.com>
>> <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>
>> <mailto:alonbl at redhat.com
>> <mailto:alonbl at redhat.com> <mailto:alonbl at redhat.com
>> <mailto:alonbl at redhat.com>>>>,
>> users at ovirt.org <mailto:users at ovirt.org> <mailto:users at ovirt.org
>> <mailto:users at ovirt.org>> <mailto:users at ovirt.org
>> <mailto:users at ovirt.org>
>> <mailto:users at ovirt.org <mailto:users at ovirt.org>>>
>> > > > Sent: Thursday, January 29, 2015 2:19:32 PM
>> > > > Subject: Re: [ovirt-users] AAA
>> > > >
>> > > > Big thanks for your help, but still the same:
>> > > >
>> > > > #
>> > > > # Active directory domain name.
>> > > > #
>> > > > vars.domain = mydomain.com
>> <http://mydomain.com> <http://mydomain.com>
>> <http://mydomain.com>
>> > > >
>> > > > #
>> > > > # Search user and its password.
>> > > > #
>> > > > vars.user = admin@${global:vars.domain}
>> > > > vars.password = *****
>> > > >
>> > > > #
>> > > > # Optional DNS servers, if enterprise
>> > > > # DNS server cannot resolve the domain
>> srvrecord.
>> > > > #
>> > > > vars.dns =
>> dns://srvdc03.${global:vars.____domain}
>> > > > dns://srvdc04.${global:vars.____domain}
>> > > >
>> > > > pool.default.serverset.type = srvrecord
>> > > > pool.default.serverset.____srvrecord.domain
>> =
>> ${global:vars.domain}
>> > > > pool.default.auth.simple.____bindDN =
>> ${global:vars.user}
>> > > > pool.default.auth.simple.____password =
>> ${global:vars.password}
>> > > >
>> > > > # Uncomment if using custom DNS
>> > > >
>> > >
>>
>>
>> pool.default.serverset.____srvrecord.jndi-properties.____
>> java.naming.provider.url
>> =
>> > > > ${global:vars.dns}
>> > > > pool.default.socketfactory.____resolver.uRL
>> =
>> ${global:vars.dns}
>> > > >
>> > > >
>> > > >
>> > > >
>> [ovirt-engine-extension-aaa-__
>> __ldap.authz::BRU_AIR-authz]
>> Cannot initialize
>> > > > LDAP framework, deferring initialization.
>> Error: No
>> DNS SRV
>> records were
>> > > > found with record name
>> '_gc._tcp.brussels.airport'.
>> > > >
>> > > > And I can't put '_gc._tcp.mydomain.com
>> <http://tcp.mydomain.com>
>> <http://tcp.mydomain.com>
>> <http://tcp.mydomain.com> in the dns... Isn't
>> there another
>> > > > way it just resolves the dns servers I gave
>> him?
>> > > >
>> > >
>> > > Microsoft Domain controller must have gc
>> service entry
>> within
>> DNS to work
>> > > properly.
>> > > 1. Are you sure you have Microsoft DNS
>> installed on
>> srvdc03.mydomain.com <http://srvdc03.mydomain.com>
>> <http://srvdc03.mydomain.com>
>> <http://srvdc03.mydomain.com> ?
>> > > 2. Can you please execute:
>> > > $ dig @srvdc03.mydomain.com
>> <http://srvdc03.mydomain.com>
>> <http://srvdc03.mydomain.com>
>> <http://srvdc03.mydomain.com> SRV
>> _gc._tcp.mydomain.com <http://tcp.mydomain.com>
>> <http://tcp.mydomain.com>
>> <http://tcp.mydomain.com>
>> > > 3. Can you please open the DNS manager within
>> your
>> domain and
>> search for
>> > > srv records? Maybe you have DNS installed
>> only on few
>> servers,
>> using the
>> > > DNS manager you can also see which.
>> > >
>> > > >
>> > > > 2015-01-29 13:02 GMT+01:00 Alon Bar-Lev
>> <alonbl at redhat.com <mailto:alonbl at redhat.com>
>> <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>
>> <mailto:alonbl at redhat.com
>> <mailto:alonbl at redhat.com> <mailto:alonbl at redhat.com
>> <mailto:alonbl at redhat.com>>>>:
>> > > >
>> > > > >
>> > > > >
>> > > > > ----- Original Message -----
>> > > > > > From: "Ondra Machacek"
>> <omachace at redhat.com <mailto:omachace at redhat.com>
>> <mailto:omachace at redhat.com <mailto:omachace at redhat.com
>> >>
>> <mailto:omachace at redhat.com
>> <mailto:omachace at redhat.com> <mailto:omachace at redhat.com
>> <mailto:omachace at redhat.com>>>>
>> > > > > > To: "Koen Vanoppen"
>> <vanoppen.koen at gmail.com <mailto:vanoppen.koen at gmail.com>
>> <mailto:vanoppen.koen at gmail.__com
>> <mailto:vanoppen.koen at gmail.com>>
>> <mailto:vanoppen.koen at gmail.
>> <mailto:vanoppen.koen at gmail.>____com
>> <mailto:vanoppen.koen at gmail.__com
>> <mailto:vanoppen.koen at gmail.com>>>>, users at ovirt.org
>> <mailto:users at ovirt.org>
>> <mailto:users at ovirt.org <mailto:users at ovirt.org>>
>> <mailto:users at ovirt.org <mailto:users at ovirt.org>
>>
>> <mailto:users at ovirt.org <mailto:users at ovirt.org>>>
>> > > > > > Sent: Thursday, January 29, 2015 1:49:00
>> PM
>> > > > > > Subject: Re: [ovirt-users] AAA
>> > > > > >
>> > > > > >
>> > > > > > On 01/29/2015 12:30 PM, Koen Vanoppen
>> wrote:
>> > > > > > > No, I don't. and I wouldn't know how
>> he got to
>> this name...
>> > > > > >
>> > > > > > Well, then you have to, if you want to
>> use
>> > > 'pool.default.serverset.type
>> > > > > > = srvrecord'.
>> > > > > >
>> > > > > > It just need to know where your global
>> catalog is
>> running, since it's
>> > > > > > needed for new provider.
>> > > > > >
>> > > > > > It searches for global catalog like this:
>> > > > > > dig @${vars.dns} -t SRV
>> _gc._tcp.${vars.domain}
>> > > > > >
>> > > > > > So you need to have this SRV record in
>> DNS, if
>> you want
>> to use
>> > > srvrecord
>> > > > > > serverset type. Or you don't have to if
>> you use
>> single
>> server type.
>> > > > >
>> > > > > active directory will not work without
>> access to
>> global
>> catalog.
>> > > > > please set one or more of the domain
>> controllers
>> as dns
>> server, for
>> > > > > example:
>> > > > >
>> > > > > vars.dns =
>> dns://dc1.${global:vars.____domain}
>> > > dns://dc2.${global:vars.____domain}
>> > > > >
>> > > > > please also uncomment/add these lines to
>> make vars.dns
>> effective.
>> > > > >
>> > > > >
>> > >
>>
>>
>> pool.default.serverset.____srvrecord.jndi-properties.____
>> java.naming.provider.url
>> > > > > = ${global:vars.dns}
>> > > > > pool.default.socketfactory.____resolver.uRL
>> =
>> ${global:vars.dns}
>> > > > >
>> > > > > Thanks!
>> > > > >
>> > > > > >
>> > > > > > >
>> > > > > > > Thanks for the reply!
>> > > > > > >
>> > > > > > > 2015-01-29 11:53 GMT+01:00 Ondra
>> Machacek
>> <omachace at redhat.com <mailto:omachace at redhat.com>
>> <mailto:omachace at redhat.com <mailto:omachace at redhat.com>>
>> <mailto:omachace at redhat.com
>> <mailto:omachace at redhat.com> <mailto:omachace at redhat.com
>> <mailto:omachace at redhat.com>>>
>> > > > > > > <mailto:omachace at redhat.com
>> <mailto:omachace at redhat.com>
>> <mailto:omachace at redhat.com
>> <mailto:omachace at redhat.com>> <mailto:omachace at redhat.com
>> <mailto:omachace at redhat.com>
>> <mailto:omachace at redhat.com
>> <mailto:omachace at redhat.com>>>>__>__:
>>
>> > > > > > >
>> > > > > > > On 01/29/2015 11:41 AM, Koen
>> Vanoppen wrote:
>> > > > > > >
>> > > > > > > Can somebody help me setting
>> up AAA
>> for ovirt
>> 3.5.1?
>> > > > > > >
>> > > > > > > I'm getting this now:
>> > > > > > >
>> > > > > > > 2015-01-29 11:35:36,889 WARN
>> > > > > > >
>>
>> [org.ovirt.engineextensions.______aaa.ldap.AuthzExtension] (MSC
>> > > > > > > service thread
>> > > > > > > 1-1)
>> > >
>> [ovirt-engine-extension-aaa-______ldap.authz::BRU_AIR-authz]
>> > > > > > > Cannot
>> > > > > > > initialize LDAP framework,
>> deferring
>> initialization.
>> > > Error: An
>> > > > > > > error
>> > > > > > > occurred while attempting to
>> query DNS
>> in order to
>> > > retrieve SRV
>> > > > > > > records
>> > > > > > > with name
>> '_gc._tcp.brussels.airport':
>> > > > > > >
>> javax.naming.______NameNotFoundException: DNS name
>> not found
>> > > > > > > [response code
>> > > > > > > 3]; remaining name
>> '_gc._tcp.brussels.airport'
>> > > > > > >
>> > > > > > >
>> > > > > > > Do you have this
>> '_gc._tcp.brussels.airport' SRV
>> record in DNS
>> > > ?
>> > > > > > >
>> > > > > > >
>> > > > > > > my 3 configs:
>> > > > > > > _*BRU_AIR-authn.properties*_
>> > > > > > > ovirt.engine.extension.name
>> <http://ovirt.engine.extension.name>
>> <http://ovirt.engine.__extension.name
>> <http://ovirt.engine.extension.name>>
>> <http://ovirt.engine.__extensi__on.name
>> <http://extension.name>
>> <http://ovirt.engine.__extension.name
>> <http://ovirt.engine.extension.name>>> <
>> > > > > http://ovirt.engine.extension.____name
>> <http://ovirt.engine.__extension.name
>> <http://ovirt.engine.extension.name>>>
>> > > > > > >
>> <http://ovirt.engine.__extensi____on.name
>> <http://extensi__on.name> <http://extension.name>
>> <http://extension.name>
>> > > > > > >
>> <http://ovirt.engine.__extensi__on.name <http://extension.name>
>> <http://ovirt.engine.__extension.name
>> <http://ovirt.engine.extension.name>>>> =
>> > > > > > > BRU_AIR-authn
>> > > > > > >
>> ovirt.engine.extension.______bindings.method =
>> jbossmodule
>> > > > > > >
>>
>> ovirt.engine.extension.______binding.jbossmodule.module =
>> > > > > > >
>> org.ovirt.engine-extensions.______aaa.ldap
>> > > > > > >
>>
>> ovirt.engine.extension.______binding.jbossmodule.class =
>> > > > > > >
>>
>> org.ovirt.engineextensions.______aaa.ldap.AuthnExtension
>> > > > > > >
>> ovirt.engine.extension.______provides =
>> > > > > > >
>> org.ovirt.engine.api.______extensions.aaa.Authn
>> > > > > > >
>> ovirt.engine.aaa.authn.__profi____le.name
>> <http://profi__le.name> <http://profile.name>
>> <http://profile.name>
>> > > > > > >
>> <http://ovirt.engine.aaa.__aut__hn.profile.name
>> <http://authn.profile.name>
>> <http://ovirt.engine.aaa.__authn.profile.name
>> <http://ovirt.engine.aaa.authn.profile.name>>>
>> > > > > > >
>> <http://ovirt.engine.aaa.__aut____hn.profile.name
>> <http://aut__hn.profile.name>
>> <http://authn.profile.name>
>> <http://authn.profile.name>
>> > > > > > >
>> <http://ovirt.engine.aaa.__aut__hn.profile.name
>> <http://authn.profile.name>
>> <http://ovirt.engine.aaa.__authn.profile.name
>> <http://ovirt.engine.aaa.authn.profile.name>>>> =
>> BRU-AIR
>> > > > > > >
>> ovirt.engine.aaa.authn.authz.______plugin =
>> BRU_AIR-authz
>> > > > > > > config.profile.file.1 =
>> > > > >
>> /etc/ovirt-engine/aaa/BRU_AIR.______properties
>> > > > > > >
>> > > > > > > _*BRU_AIR-authz.properties*_
>> > > > > > > ovirt.engine.extension.name
>> <http://ovirt.engine.extension.name>
>> <http://ovirt.engine.__extension.name
>> <http://ovirt.engine.extension.name>>
>> <http://ovirt.engine.__extensi__on.name
>> <http://extension.name>
>> <http://ovirt.engine.__extension.name
>> <http://ovirt.engine.extension.name>>> <
>> > > > > http://ovirt.engine.extension.____name
>> <http://ovirt.engine.__extension.name
>> <http://ovirt.engine.extension.name>>>
>> > > > > > >
>> <http://ovirt.engine.__extensi____on.name
>> <http://extensi__on.name> <http://extension.name>
>> <http://extension.name>
>>
>> > > > > > >
>> <http://ovirt.engine.__extensi__on.name <http://extension.name>
>> <http://ovirt.engine.__extension.name
>> <http://ovirt.engine.extension.name>>>> =
>> > > > > > > BRU_AIR-authz
>> > > > > > >
>> ovirt.engine.extension.______bindings.method =
>> jbossmodule
>> > > > > > >
>>
>> ovirt.engine.extension.______binding.jbossmodule.module =
>> > > > > > >
>> org.ovirt.engine-extensions.______aaa.ldap
>> > > > > > >
>>
>> ovirt.engine.extension.______binding.jbossmodule.class =
>> > > > > > >
>>
>> org.ovirt.engineextensions.______aaa.ldap.AuthzExtension
>> > > > > > >
>> ovirt.engine.extension.______provides =
>> > > > > > >
>> org.ovirt.engine.api.______extensions.aaa.Authz
>> > > > > > > config.profile.file.1 =
>> > > > >
>> /etc/ovirt-engine/aaa/BRU_AIR.______properties
>>
>>
>> > > > > > >
>> > > > > > > _*BRU_AIR.properties*_
>> > > > > > > include = <ad.properties>
>> > > > > > >
>> > > > > > > #
>> > > > > > > # Active directory domain name.
>> > > > > > > #
>> > > > > > > vars.domain = mydomain.com
>> <http://mydomain.com>
>> <http://mydomain.com>
>> <http://mydomain.com> <http://mydomain.com>
>> > > > > > > <http://mydomain.com>
>> > > > > > >
>> > > > > > > #
>> > > > > > > # Search user and its password.
>> > > > > > > #
>> > > > > > > vars.user =
>> admin@${global:vars.domain}
>> > > > > > > vars.password = ***********
>> > > > > > >
>> > > > > > > #
>> > > > > > > # Optional DNS servers, if
>> enterprise
>> > > > > > > # DNS server cannot resolve
>> the domain
>> srvrecord.
>> > > > > > > #
>> > > > > > > vars.dns =
>> dns://dc01.mydomain.com <http://dc01.mydomain.com>
>> <http://dc01.mydomain.com>
>> <http://dc01.mydomain.com> <
>> > > http://dc01.mydomain.com>
>> > > > > > > <http://dc01.mydomain.com>
>> > > > > > >
>> > > > > > > pool.default.serverset.type =
>> srvrecord
>> > > > > > >
>> pool.default.serverset.______srvrecord.domain =
>> > > > > ${global:vars.domain}
>> > > > > > >
>> pool.default.auth.simple.______bindDN =
>> ${global:vars.user}
>> > > > > > >
>> pool.default.auth.simple.______password =
>> > > ${global:vars.password
>> > > > > > >
>> > > > > > > In the GUI for adding user I
>> get this:
>> > > > > > >
>> > > > > > > An error occurred while
>> attempting to
>> query DNS
>> in order to
>> > > > > > > retrieve SRV
>> > > > > > > records with name
>> '_gc__tcp_brussels_airport':
>> > > > > > >
>> javax_naming_______NameNotFoundException: DNS name
>> not found
>> > > > > > > [response code
>> > > > > > > 3]; remaining name
>> '_gc__tcp_brussels_airport'
>> > > > > > >
>> > > > > > > Any ideas? I ran out...
>> > > > > > >
>> > > > > > > Kind regards,
>> > > > > > >
>> > > > > > > Koen
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> _____________________________________________________
>> > > > > > > Users mailing list
>> > > > > > > Users at ovirt.org
>> <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>> <mailto:Users at ovirt.org>>
>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>>
>> > > > > > >
>> http://lists.ovirt.org/______mailman/listinfo/users
>> <http://lists.ovirt.org/____mailman/listinfo/users>
>> <http://lists.ovirt.org/____mailman/listinfo/users
>> <http://lists.ovirt.org/__mailman/listinfo/users>>
>> > > > > > >
>> <http://lists.ovirt.org/____mailman/listinfo/users
>> <http://lists.ovirt.org/__mailman/listinfo/users>
>> <http://lists.ovirt.org/__mailman/listinfo/users
>> <http://lists.ovirt.org/mailman/listinfo/users>>>
>> > > > > > >
>> > > > > > >
>> > > > > >
>> ___________________________________________________
>> > > > > > Users mailing list
>> > > > > > Users at ovirt.org
>> <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>> <mailto:Users at ovirt.org>>
>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>> <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>> > > > > >
>> http://lists.ovirt.org/____mailman/listinfo/users
>> <http://lists.ovirt.org/__mailman/listinfo/users>
>> <http://lists.ovirt.org/__mailman/listinfo/users
>> <http://lists.ovirt.org/mailman/listinfo/users>>
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>>
>>
>>
>>
>> ___________________________________________________
>> Users mailing list
>> Users at ovirt.org <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>> <mailto:Users at ovirt.org>>
>> http://lists.ovirt.org/____mailman/listinfo/users
>> <http://lists.ovirt.org/__mailman/listinfo/users>
>> <http://lists.ovirt.org/__mailman/listinfo/users
>> <http://lists.ovirt.org/mailman/listinfo/users>>
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150129/1ff59ae2/attachment-0001.html>
More information about the Users
mailing list