[ovirt-users] AAA

Koen Vanoppen vanoppen.koen at gmail.com
Thu Jan 29 14:11:40 UTC 2015


FOUND IT!!!!!!

include = <ad.properties>

#
# Active directory domain name.
#
#vars.domain = ldap.mydomain.com
vars.server = ldap.mydomain.com

#
# Search user and its password.
#
vars.user = juniper-admin at mydomain.com
vars.password = **************

#
# Optional DNS servers, if enterprise
# DNS server cannot resolve the domain srvrecord.
#
vars.dns = dns://srvdc03.mydomain.com dns://srvdc04.mydomain.com

#pool.default.serverset.type = srvrecord
pool.default.serverset.single.server = ${global:vars.server}
pool.default.serverset.srvrecord.domain = ${global:vars.domain}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

# Uncomment if using custom DNS
pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
${global:vars.dns}
pool.default.socketfactory.resolver.uRL = ${global:vars.dns



BIG THANKS MAN!!!!!

2015-01-29 15:00 GMT+01:00 Ondra Machacek <omachace at redhat.com>:

>
>
> On 01/29/2015 02:54 PM, Koen Vanoppen wrote:
>
>> I just don't understand. Why did engine-manage-domains previously DID
>> work, no problems what so ever and now I have this...
>>
>
> Because manage-domains didn't use global catalog. And probabaly the reason
> you don't have _ldap SRV record is that you didn't have them never and you
> just used '--ldapServers' parameter, that's why manage-domains worked with
> your domain.
>
> Now you are using DNS, not static configuration of ldap servers.
>
>
>> 2015-01-29 14:48 GMT+01:00 Ondra Machacek <omachace at redhat.com
>> <mailto:omachace at redhat.com>>:
>>
>>     It's same situation as before, but now you are missing ldap SRV
>> record.
>>
>>     With same steps you used to add _gc SRV record add also _ldap SRV
>>     record. But it's strange that you don't already have them.
>>
>>     On 01/29/2015 02:46 PM, Koen Vanoppen wrote:
>>
>>         I saw that when I pressed the send button. If I do that i again
>>         get the
>>         following:
>>
>>         2015-01-29 14:28:35,891 WARN
>>         [org.ovirt.engineextensions.__aaa.ldap.AuthzExtension] (MSC
>>         service thread
>>         1-1) [ovirt-engine-extension-aaa-__ldap.authz::BRU_AIR-authz]
>> Cannot
>>         initialize LDAP framework, deferring initialization. Error: An
>> error
>>         occurred while attempting to query DNS in order to retrieve SRV
>>         records
>>         with name '_ldap._tcp.ldap.mydomain.com
>>         <http://tcp.ldap.mydomain.com>
>>         <http://tcp.ldap.mydomain.com>__':
>>         javax.naming.__NameNotFoundException:
>>         DNS name not found [response code 3]; remaining name
>>         '_ldap._tcp.ldap.mydomain.com <http://tcp.ldap.mydomain.com>
>>         <http://tcp.ldap.mydomain.com>__'
>>         2015-01-29 14:28:35,924 WARN
>>         [org.ovirt.engineextensions.__aaa.ldap.AuthnExtension] (MSC
>>         service thread
>>         1-1) [ovirt-engine-extension-aaa-__ldap.authn::BRU_AIR-authn]
>> Cannot
>>         initialize LDAP framework, deferring initialization. Error: An
>> error
>>         occurred while attempting to query DNS in order to retrieve SRV
>>         records
>>         with name '_ldap._tcp.ldap.mydomain.com
>>         <http://tcp.ldap.mydomain.com>
>>         <http://tcp.ldap.mydomain.com>__':
>>         javax.naming.__NameNotFoundException:
>>         DNS name not found [response code 3]; remaining name
>>         '_ldap._tcp.ldap.mydomain.com <http://tcp.ldap.mydomain.com>
>>         <http://tcp.ldap.mydomain.com>__'
>>
>>         And yes I replayed mydomain with the correct one... :-)
>>
>>         2015-01-29 14:40 GMT+01:00 Ondra Machacek <omachace at redhat.com
>>         <mailto:omachace at redhat.com>
>>         <mailto:omachace at redhat.com <mailto:omachace at redhat.com>>>:
>>
>>
>>
>>              On 01/29/2015 02:18 PM, Koen Vanoppen wrote:
>>
>>                  OK... Now I have this one :-)
>>                  WARN
>>         [org.ovirt.engineextensions.____aaa.ldap.AuthnExtension]
>>                  (MSC service
>>                  thread 1-2)
>>         [ovirt-engine-extension-aaa-____ldap.authn::BRU_AIR-authn]
>>                  Cannot initialize LDAP framework, deferring
>>         initialization. Error:
>>                  Invalid DNS pseudo-URL(s):
>>
>>
>>              uncomment vars.dns
>>
>>
>>                  Changed the properties file to this:
>>
>>                  include = <ad.properties>
>>
>>                  #
>>                  # Active directory domain name.
>>                  #
>>                  vars.domain = ldap.mydomain.com
>>         <http://ldap.mydomain.com> <http://ldap.mydomain.com>
>>                  <http://ldap.mydomain.com> (this one
>>                  resolves to and gives ping back, front end of the pool)
>>
>>                  #
>>                  # Search user and its password.
>>                  #
>>                  vars.user = juniper-admin at mydomain.com
>>         <mailto:juniper-admin at mydomain.com>
>>                  <mailto:juniper-admin at __mydomain.com
>>         <mailto:juniper-admin at mydomain.com>>
>>                  <mailto:juniper-admin@
>>         <mailto:juniper-admin@>__mydoma__in.com <http://mydomain.com>
>>                  <mailto:juniper-admin at __mydomain.com
>>         <mailto:juniper-admin at mydomain.com>>>
>>                  vars.password = *****
>>
>>                  #
>>                  # Optional DNS servers, if enterprise
>>                  # DNS server cannot resolve the domain srvrecord.
>>                  #
>>                  #vars.dns = dns://srvdc03.my.domain
>>         dns://srvdc04.my.domain (these
>>                  resolve and give a ping back)
>>
>>                  pool.default.serverset.type = srvrecord
>>                  #pool.default.serverset.____single.server =
>>         ${global:vars.server}
>>                  pool.default.serverset.____srvrecord.domain =
>>         ${global:vars.domain}
>>                  pool.default.auth.simple.____bindDN =
>> ${global:vars.user}
>>                  pool.default.auth.simple.____password =
>>         ${global:vars.password}
>>
>>                  # Uncomment if using custom DNS
>>
>>         pool.default.serverset.____srvrecord.jndi-properties.____
>> java.naming.provider.url
>>                  =
>>                  ${global:vars.dns}
>>                  pool.default.socketfactory.____resolver.uRL =
>>         ${global:vars.dns}
>>
>>
>>                  Thanks for your effort!
>>
>>
>>                  2015-01-29 13:50 GMT+01:00 Alon Bar-Lev
>>         <alonbl at redhat.com <mailto:alonbl at redhat.com>
>>                  <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>
>>                  <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>
>>         <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>>>:
>>
>>
>>
>>                       ----- Original Message -----
>>                       > From: "Koen Vanoppen" <vanoppen.koen at gmail.com
>>         <mailto:vanoppen.koen at gmail.com>
>>                  <mailto:vanoppen.koen at gmail.__com
>>         <mailto:vanoppen.koen at gmail.com>>
>>                  <mailto:vanoppen.koen at gmail.
>>         <mailto:vanoppen.koen at gmail.>____com
>>         <mailto:vanoppen.koen at gmail.__com
>>         <mailto:vanoppen.koen at gmail.com>>>>
>>                       > To: "Alon Bar-Lev" <alonbl at redhat.com
>>         <mailto:alonbl at redhat.com>
>>                  <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>
>>         <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>
>>                  <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>>>
>>                       > Cc:users at ovirt.org <mailto:Cc%3Ausers at ovirt.org>
>>         <mailto:Cc%3Ausers at ovirt.org <mailto:Cc%253Ausers at ovirt.org>>
>>                  <mailto:users at ovirt.org <mailto:users at ovirt.org>
>>         <mailto:users at ovirt.org <mailto:users at ovirt.org>>>
>>                       > Sent: Thursday, January 29, 2015 2:41:52 PM
>>                       > Subject: Re: [ovirt-users] AAA
>>                       >
>>                       > Yes We have:
>>                       >
>>                       > [root at ovirtmgmt01prod ~]# dig
>>         @srvdc03.mydomain.com <http://srvdc03.mydomain.com>
>>                  <http://srvdc03.mydomain.com>
>>         <http://srvdc03.mydomain.com> SRV
>>                  _gc._
>>                       >tcp.mydomain.com <http://tcp.mydomain.com>
>>         <http://tcp.mydomain.com>
>>                  <http://tcp.mydomain.com>
>>                       >
>>                       > ; <<>> DiG
>>         9.8.2rc1-RedHat-9.8.2-0.23.____rc1.el6_5.1 <<>>
>>                  @srvdc03.mydomain.com <http://srvdc03.mydomain.com>
>>         <http://srvdc03.mydomain.com>
>>
>>                  <http://srvdc03.mydomain.com>
>>                       > SRV _gc._tcp.mydomain.com
>>         <http://tcp.mydomain.com> <http://tcp.mydomain.com>
>>                  <http://tcp.mydomain.com>
>>                       > ; (1 server found)
>>                       > ;; global options: +cmd
>>                       > ;; Got answer:
>>                       > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN,
>>         id: 33340
>>                       > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,
>>         AUTHORITY: 1,
>>                  ADDITIONAL: 0
>>                       >
>>                       > ;; QUESTION SECTION:
>>                       > ;_gc._tcp.mydomain.com <http://tcp.mydomain.com>
>>         <http://tcp.mydomain.com>
>>                  <http://tcp.mydomain.com>. IN      SRV
>>
>>                       this ^^^^^^^ means that you do not have srv
>>         record. are you
>>                  sure you
>>                       replace mydomain.com <http://mydomain.com>
>>         <http://mydomain.com>
>>                  <http://mydomain.com> with your actual active
>>                       directory domain name?
>>                       have you tried to look into your dns manager for
>> this
>>                  information as
>>                       well?
>>
>>                        >
>>                        > ;; AUTHORITY SECTION:
>>                        > mydomain.com <http://mydomain.com>
>>         <http://mydomain.com>
>>                  <http://mydomain.com>.   3600    IN      SOA
>>         srvdc03.mydomain.com <http://srvdc03.mydomain.com>
>>         <http://srvdc03.mydomain.com>
>>                  <http://srvdc03.mydomain.com>.
>>                        > hostmaster.airport. 1398582 900 600 86400 3600
>>                        >
>>                        > ;; Query time: 12 msec
>>                        > ;; SERVER: 10.110.3.123#53(10.110.3.123)
>>                        > ;; WHEN: Thu Jan 29 13:40:41 2015
>>                        > ;; MSG SIZE  rcvd: 98
>>                        >
>>                        >
>>                        >
>>                        > 2015-01-29 13:33 GMT+01:00 Alon Bar-Lev
>>                  <alonbl at redhat.com <mailto:alonbl at redhat.com>
>>         <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>
>>                       <mailto:alonbl at redhat.com
>>         <mailto:alonbl at redhat.com> <mailto:alonbl at redhat.com
>>         <mailto:alonbl at redhat.com>>>>:
>>                        >
>>                        > >
>>                        > >
>>                        > > ----- Original Message -----
>>                        > > > From: "Koen Vanoppen"
>>         <vanoppen.koen at gmail.com <mailto:vanoppen.koen at gmail.com>
>>                  <mailto:vanoppen.koen at gmail.__com
>>         <mailto:vanoppen.koen at gmail.com>>
>>                       <mailto:vanoppen.koen at gmail.
>>         <mailto:vanoppen.koen at gmail.>____com
>>                  <mailto:vanoppen.koen at gmail.__com
>>         <mailto:vanoppen.koen at gmail.com>>>>
>>                        > > > To: "Alon Bar-Lev" <alonbl at redhat.com
>>         <mailto:alonbl at redhat.com>
>>                  <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>
>>                       <mailto:alonbl at redhat.com
>>         <mailto:alonbl at redhat.com> <mailto:alonbl at redhat.com
>>         <mailto:alonbl at redhat.com>>>>,
>>         users at ovirt.org <mailto:users at ovirt.org> <mailto:users at ovirt.org
>>         <mailto:users at ovirt.org>> <mailto:users at ovirt.org
>>         <mailto:users at ovirt.org>
>>                  <mailto:users at ovirt.org <mailto:users at ovirt.org>>>
>>                        > > > Sent: Thursday, January 29, 2015 2:19:32 PM
>>                        > > > Subject: Re: [ovirt-users] AAA
>>                        > > >
>>                        > > > Big thanks for your help, but still the same:
>>                        > > >
>>                        > > > #
>>                        > > > # Active directory domain name.
>>                        > > > #
>>                        > > > vars.domain = mydomain.com
>>         <http://mydomain.com> <http://mydomain.com>
>>                  <http://mydomain.com>
>>                        > > >
>>                        > > > #
>>                        > > > # Search user and its password.
>>                        > > > #
>>                        > > > vars.user = admin@${global:vars.domain}
>>                        > > > vars.password = *****
>>                        > > >
>>                        > > > #
>>                        > > > # Optional DNS servers, if enterprise
>>                        > > > # DNS server cannot resolve the domain
>>         srvrecord.
>>                        > > > #
>>                        > > > vars.dns =
>>         dns://srvdc03.${global:vars.____domain}
>>                        > > > dns://srvdc04.${global:vars.____domain}
>>                        > > >
>>                        > > > pool.default.serverset.type = srvrecord
>>                        > > > pool.default.serverset.____srvrecord.domain
>> =
>>                  ${global:vars.domain}
>>                        > > > pool.default.auth.simple.____bindDN =
>>         ${global:vars.user}
>>                        > > > pool.default.auth.simple.____password =
>>                  ${global:vars.password}
>>                        > > >
>>                        > > > # Uncomment if using custom DNS
>>                        > > >
>>                        > >
>>
>>
>>         pool.default.serverset.____srvrecord.jndi-properties.____
>> java.naming.provider.url
>>                       =
>>                        > > > ${global:vars.dns}
>>                        > > > pool.default.socketfactory.____resolver.uRL
>> =
>>                  ${global:vars.dns}
>>                        > > >
>>                        > > >
>>                        > > >
>>                        > > >
>>                  [ovirt-engine-extension-aaa-__
>> __ldap.authz::BRU_AIR-authz]
>>                       Cannot initialize
>>                        > > > LDAP framework, deferring initialization.
>>         Error: No
>>                  DNS SRV
>>                       records were
>>                        > > > found with record name
>>         '_gc._tcp.brussels.airport'.
>>                        > > >
>>                        > > > And I can't put '_gc._tcp.mydomain.com
>>         <http://tcp.mydomain.com>
>>                  <http://tcp.mydomain.com>
>>                       <http://tcp.mydomain.com> in the dns... Isn't
>>         there another
>>                        > > > way it just resolves the dns servers I gave
>>         him?
>>                        > > >
>>                        > >
>>                        > > Microsoft Domain controller must have gc
>>         service entry
>>                  within
>>                       DNS to work
>>                        > > properly.
>>                        > > 1. Are you sure you have Microsoft DNS
>>         installed on
>>         srvdc03.mydomain.com <http://srvdc03.mydomain.com>
>>         <http://srvdc03.mydomain.com>
>>                  <http://srvdc03.mydomain.com> ?
>>                        > > 2. Can you please execute:
>>                        > > $ dig @srvdc03.mydomain.com
>>         <http://srvdc03.mydomain.com>
>>                  <http://srvdc03.mydomain.com>
>>         <http://srvdc03.mydomain.com> SRV
>>                       _gc._tcp.mydomain.com <http://tcp.mydomain.com>
>>         <http://tcp.mydomain.com>
>>                  <http://tcp.mydomain.com>
>>                        > > 3. Can you please open the DNS manager within
>>         your
>>                  domain and
>>                       search for
>>                        > > srv records? Maybe you have DNS installed
>>         only on few
>>                  servers,
>>                       using the
>>                        > > DNS manager you can also see which.
>>                        > >
>>                        > > >
>>                        > > > 2015-01-29 13:02 GMT+01:00 Alon Bar-Lev
>>                  <alonbl at redhat.com <mailto:alonbl at redhat.com>
>>         <mailto:alonbl at redhat.com <mailto:alonbl at redhat.com>>
>>                       <mailto:alonbl at redhat.com
>>         <mailto:alonbl at redhat.com> <mailto:alonbl at redhat.com
>>         <mailto:alonbl at redhat.com>>>>:
>>                        > > >
>>                        > > > >
>>                        > > > >
>>                        > > > > ----- Original Message -----
>>                        > > > > > From: "Ondra Machacek"
>>         <omachace at redhat.com <mailto:omachace at redhat.com>
>>                  <mailto:omachace at redhat.com <mailto:omachace at redhat.com
>> >>
>>                       <mailto:omachace at redhat.com
>>         <mailto:omachace at redhat.com> <mailto:omachace at redhat.com
>>         <mailto:omachace at redhat.com>>>>
>>                        > > > > > To: "Koen Vanoppen"
>>         <vanoppen.koen at gmail.com <mailto:vanoppen.koen at gmail.com>
>>                  <mailto:vanoppen.koen at gmail.__com
>>         <mailto:vanoppen.koen at gmail.com>>
>>                       <mailto:vanoppen.koen at gmail.
>>         <mailto:vanoppen.koen at gmail.>____com
>>                  <mailto:vanoppen.koen at gmail.__com
>>         <mailto:vanoppen.koen at gmail.com>>>>, users at ovirt.org
>>         <mailto:users at ovirt.org>
>>                  <mailto:users at ovirt.org <mailto:users at ovirt.org>>
>>                       <mailto:users at ovirt.org <mailto:users at ovirt.org>
>>
>>         <mailto:users at ovirt.org <mailto:users at ovirt.org>>>
>>                        > > > > > Sent: Thursday, January 29, 2015 1:49:00
>> PM
>>                        > > > > > Subject: Re: [ovirt-users] AAA
>>                        > > > > >
>>                        > > > > >
>>                        > > > > > On 01/29/2015 12:30 PM, Koen Vanoppen
>>         wrote:
>>                        > > > > > > No, I don't. and I wouldn't know how
>>         he got to
>>                  this name...
>>                        > > > > >
>>                        > > > > > Well, then you have to, if you want to
>> use
>>                        > > 'pool.default.serverset.type
>>                        > > > > > = srvrecord'.
>>                        > > > > >
>>                        > > > > > It just need to know where your global
>>         catalog is
>>                       running, since it's
>>                        > > > > > needed for new provider.
>>                        > > > > >
>>                        > > > > > It searches for global catalog like this:
>>                        > > > > > dig @${vars.dns} -t SRV
>>         _gc._tcp.${vars.domain}
>>                        > > > > >
>>                        > > > > > So you need to have this SRV record in
>>         DNS, if
>>                  you want
>>                       to use
>>                        > > srvrecord
>>                        > > > > > serverset type. Or you don't have to if
>>         you use
>>                  single
>>                       server type.
>>                        > > > >
>>                        > > > > active directory will not work without
>>         access to
>>                  global
>>                       catalog.
>>                        > > > > please set one or more of the domain
>>         controllers
>>                  as dns
>>                       server, for
>>                        > > > > example:
>>                        > > > >
>>                        > > > > vars.dns =
>>         dns://dc1.${global:vars.____domain}
>>                        > > dns://dc2.${global:vars.____domain}
>>                        > > > >
>>                        > > > > please also uncomment/add these lines to
>>         make vars.dns
>>                       effective.
>>                        > > > >
>>                        > > > >
>>                        > >
>>
>>
>>         pool.default.serverset.____srvrecord.jndi-properties.____
>> java.naming.provider.url
>>                        > > > > = ${global:vars.dns}
>>                        > > > > pool.default.socketfactory.____resolver.uRL
>> =
>>                  ${global:vars.dns}
>>                        > > > >
>>                        > > > > Thanks!
>>                        > > > >
>>                        > > > > >
>>                        > > > > > >
>>                        > > > > > > Thanks for the reply!
>>                        > > > > > >
>>                        > > > > > > 2015-01-29 11:53 GMT+01:00 Ondra
>> Machacek
>>                       <omachace at redhat.com <mailto:omachace at redhat.com>
>>         <mailto:omachace at redhat.com <mailto:omachace at redhat.com>>
>>                  <mailto:omachace at redhat.com
>>         <mailto:omachace at redhat.com> <mailto:omachace at redhat.com
>>         <mailto:omachace at redhat.com>>>
>>                        > > > > > > <mailto:omachace at redhat.com
>>         <mailto:omachace at redhat.com>
>>                  <mailto:omachace at redhat.com
>>         <mailto:omachace at redhat.com>> <mailto:omachace at redhat.com
>>         <mailto:omachace at redhat.com>
>>                  <mailto:omachace at redhat.com
>>         <mailto:omachace at redhat.com>>>>__>__:
>>
>>                        > > > > > >
>>                        > > > > > >     On 01/29/2015 11:41 AM, Koen
>>         Vanoppen wrote:
>>                        > > > > > >
>>                        > > > > > >         Can somebody help me setting
>>         up AAA
>>                  for ovirt
>>                       3.5.1?
>>                        > > > > > >
>>                        > > > > > >         I'm getting this now:
>>                        > > > > > >
>>                        > > > > > >         2015-01-29 11:35:36,889 WARN
>>                        > > > > > >
>>
>>           [org.ovirt.engineextensions.______aaa.ldap.AuthzExtension] (MSC
>>                        > > > > > >         service thread
>>                        > > > > > >         1-1)
>>                        > >
>>         [ovirt-engine-extension-aaa-______ldap.authz::BRU_AIR-authz]
>>                        > > > > > >         Cannot
>>                        > > > > > >         initialize LDAP framework,
>>         deferring
>>                       initialization.
>>                        > > Error: An
>>                        > > > > > >         error
>>                        > > > > > >         occurred while attempting to
>>         query DNS
>>                  in order to
>>                        > > retrieve SRV
>>                        > > > > > >         records
>>                        > > > > > >         with name
>>         '_gc._tcp.brussels.airport':
>>                        > > > > > >
>>                    javax.naming.______NameNotFoundException: DNS name
>>                       not found
>>                        > > > > > >         [response code
>>                        > > > > > >         3]; remaining name
>>                  '_gc._tcp.brussels.airport'
>>                        > > > > > >
>>                        > > > > > >
>>                        > > > > > >     Do you have this
>>                  '_gc._tcp.brussels.airport' SRV
>>                       record in DNS
>>                        > > ?
>>                        > > > > > >
>>                        > > > > > >
>>                        > > > > > >         my 3 configs:
>>                        > > > > > >         _*BRU_AIR-authn.properties*_
>>                        > > > > > > ovirt.engine.extension.name
>>         <http://ovirt.engine.extension.name>
>>                  <http://ovirt.engine.__extension.name
>>         <http://ovirt.engine.extension.name>>
>>                       <http://ovirt.engine.__extensi__on.name
>>         <http://extension.name>
>>                  <http://ovirt.engine.__extension.name
>>         <http://ovirt.engine.extension.name>>> <
>>                        > > > > http://ovirt.engine.extension.____name
>>                  <http://ovirt.engine.__extension.name
>>         <http://ovirt.engine.extension.name>>>
>>                        > > > > > >
>>                    <http://ovirt.engine.__extensi____on.name
>>         <http://extensi__on.name> <http://extension.name>
>>                       <http://extension.name>
>>                        > > > > > >
>>           <http://ovirt.engine.__extensi__on.name <http://extension.name>
>>                  <http://ovirt.engine.__extension.name
>>         <http://ovirt.engine.extension.name>>>> =
>>                        > > > > > >         BRU_AIR-authn
>>                        > > > > > >
>>                    ovirt.engine.extension.______bindings.method =
>>                       jbossmodule
>>                        > > > > > >
>>
>>           ovirt.engine.extension.______binding.jbossmodule.module =
>>                        > > > > > >
>>           org.ovirt.engine-extensions.______aaa.ldap
>>                        > > > > > >
>>
>>           ovirt.engine.extension.______binding.jbossmodule.class =
>>                        > > > > > >
>>
>>           org.ovirt.engineextensions.______aaa.ldap.AuthnExtension
>>                        > > > > > >
>>           ovirt.engine.extension.______provides =
>>                        > > > > > >
>>                    org.ovirt.engine.api.______extensions.aaa.Authn
>>                        > > > > > >
>>                    ovirt.engine.aaa.authn.__profi____le.name
>>         <http://profi__le.name> <http://profile.name>
>>                       <http://profile.name>
>>                        > > > > > >
>>                    <http://ovirt.engine.aaa.__aut__hn.profile.name
>>         <http://authn.profile.name>
>>                  <http://ovirt.engine.aaa.__authn.profile.name
>>         <http://ovirt.engine.aaa.authn.profile.name>>>
>>                        > > > > > >
>>                    <http://ovirt.engine.aaa.__aut____hn.profile.name
>>         <http://aut__hn.profile.name>
>>                  <http://authn.profile.name>
>>                       <http://authn.profile.name>
>>                        > > > > > >
>>                    <http://ovirt.engine.aaa.__aut__hn.profile.name
>>         <http://authn.profile.name>
>>                  <http://ovirt.engine.aaa.__authn.profile.name
>>         <http://ovirt.engine.aaa.authn.profile.name>>>> =
>>                       BRU-AIR
>>                        > > > > > >
>>           ovirt.engine.aaa.authn.authz.______plugin =
>>                       BRU_AIR-authz
>>                        > > > > > >         config.profile.file.1 =
>>                        > > > >
>>         /etc/ovirt-engine/aaa/BRU_AIR.______properties
>>                        > > > > > >
>>                        > > > > > >         _*BRU_AIR-authz.properties*_
>>                        > > > > > > ovirt.engine.extension.name
>>         <http://ovirt.engine.extension.name>
>>                  <http://ovirt.engine.__extension.name
>>         <http://ovirt.engine.extension.name>>
>>                       <http://ovirt.engine.__extensi__on.name
>>         <http://extension.name>
>>                  <http://ovirt.engine.__extension.name
>>         <http://ovirt.engine.extension.name>>> <
>>                        > > > > http://ovirt.engine.extension.____name
>>                  <http://ovirt.engine.__extension.name
>>         <http://ovirt.engine.extension.name>>>
>>                        > > > > > >
>>                    <http://ovirt.engine.__extensi____on.name
>>         <http://extensi__on.name> <http://extension.name>
>>                       <http://extension.name>
>>
>>                        > > > > > >
>>           <http://ovirt.engine.__extensi__on.name <http://extension.name>
>>                  <http://ovirt.engine.__extension.name
>>         <http://ovirt.engine.extension.name>>>> =
>>                        > > > > > >         BRU_AIR-authz
>>                        > > > > > >
>>                    ovirt.engine.extension.______bindings.method =
>>                       jbossmodule
>>                        > > > > > >
>>
>>           ovirt.engine.extension.______binding.jbossmodule.module =
>>                        > > > > > >
>>           org.ovirt.engine-extensions.______aaa.ldap
>>                        > > > > > >
>>
>>           ovirt.engine.extension.______binding.jbossmodule.class =
>>                        > > > > > >
>>
>>           org.ovirt.engineextensions.______aaa.ldap.AuthzExtension
>>                        > > > > > >
>>           ovirt.engine.extension.______provides =
>>                        > > > > > >
>>                    org.ovirt.engine.api.______extensions.aaa.Authz
>>                        > > > > > >         config.profile.file.1 =
>>                        > > > >
>>         /etc/ovirt-engine/aaa/BRU_AIR.______properties
>>
>>
>>                        > > > > > >
>>                        > > > > > >         _*BRU_AIR.properties*_
>>                        > > > > > >         include = <ad.properties>
>>                        > > > > > >
>>                        > > > > > >         #
>>                        > > > > > >         # Active directory domain name.
>>                        > > > > > >         #
>>                        > > > > > >         vars.domain = mydomain.com
>>         <http://mydomain.com>
>>                  <http://mydomain.com>
>>                       <http://mydomain.com> <http://mydomain.com>
>>                        > > > > > >         <http://mydomain.com>
>>                        > > > > > >
>>                        > > > > > >         #
>>                        > > > > > >         # Search user and its password.
>>                        > > > > > >         #
>>                        > > > > > >         vars.user =
>>         admin@${global:vars.domain}
>>                        > > > > > >         vars.password = ***********
>>                        > > > > > >
>>                        > > > > > >         #
>>                        > > > > > >         # Optional DNS servers, if
>>         enterprise
>>                        > > > > > >         # DNS server cannot resolve
>>         the domain
>>                  srvrecord.
>>                        > > > > > >         #
>>                        > > > > > >         vars.dns =
>>         dns://dc01.mydomain.com <http://dc01.mydomain.com>
>>                  <http://dc01.mydomain.com>
>>                       <http://dc01.mydomain.com> <
>>                        > > http://dc01.mydomain.com>
>>                        > > > > > >         <http://dc01.mydomain.com>
>>                        > > > > > >
>>                        > > > > > >         pool.default.serverset.type =
>>         srvrecord
>>                        > > > > > >
>>                    pool.default.serverset.______srvrecord.domain =
>>                        > > > > ${global:vars.domain}
>>                        > > > > > >
>>           pool.default.auth.simple.______bindDN =
>>                       ${global:vars.user}
>>                        > > > > > >
>>           pool.default.auth.simple.______password =
>>                        > > ${global:vars.password
>>                        > > > > > >
>>                        > > > > > >         In the GUI for adding user I
>>         get this:
>>                        > > > > > >
>>                        > > > > > >         An error occurred while
>>         attempting to
>>                  query DNS
>>                       in order to
>>                        > > > > > >         retrieve SRV
>>                        > > > > > >         records with name
>>                  '_gc__tcp_brussels_airport':
>>                        > > > > > >
>>                    javax_naming_______NameNotFoundException: DNS name
>>                       not found
>>                        > > > > > >         [response code
>>                        > > > > > >         3]; remaining name
>>                  '_gc__tcp_brussels_airport'
>>                        > > > > > >
>>                        > > > > > >         Any ideas? I ran out...
>>                        > > > > > >
>>                        > > > > > >         Kind regards,
>>                        > > > > > >
>>                        > > > > > >         Koen
>>                        > > > > > >
>>                        > > > > > >
>>                        > > > > > >
>>                    _____________________________________________________
>>                        > > > > > >         Users mailing list
>>                        > > > > > > Users at ovirt.org
>>         <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>>         <mailto:Users at ovirt.org>>
>>                  <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>         <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>>                       <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>         <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>
>>                  <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>         <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>>
>>                        > > > > > >
>>         http://lists.ovirt.org/______mailman/listinfo/users
>>         <http://lists.ovirt.org/____mailman/listinfo/users>
>>                  <http://lists.ovirt.org/____mailman/listinfo/users
>>         <http://lists.ovirt.org/__mailman/listinfo/users>>
>>                        > > > > > >
>>                    <http://lists.ovirt.org/____mailman/listinfo/users
>>         <http://lists.ovirt.org/__mailman/listinfo/users>
>>                  <http://lists.ovirt.org/__mailman/listinfo/users
>>         <http://lists.ovirt.org/mailman/listinfo/users>>>
>>                        > > > > > >
>>                        > > > > > >
>>                        > > > > >
>>         ___________________________________________________
>>                        > > > > > Users mailing list
>>                        > > > > > Users at ovirt.org
>>         <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>>         <mailto:Users at ovirt.org>>
>>                  <mailto:Users at ovirt.org <mailto:Users at ovirt.org>
>>         <mailto:Users at ovirt.org <mailto:Users at ovirt.org>>>
>>                        > > > > >
>>         http://lists.ovirt.org/____mailman/listinfo/users
>>         <http://lists.ovirt.org/__mailman/listinfo/users>
>>                  <http://lists.ovirt.org/__mailman/listinfo/users
>>         <http://lists.ovirt.org/mailman/listinfo/users>>
>>                        > > > > >
>>                        > > > >
>>                        > > >
>>                        > >
>>                        >
>>
>>
>>
>>
>>                  ___________________________________________________
>>                  Users mailing list
>>         Users at ovirt.org <mailto:Users at ovirt.org> <mailto:Users at ovirt.org
>>         <mailto:Users at ovirt.org>>
>>         http://lists.ovirt.org/____mailman/listinfo/users
>>         <http://lists.ovirt.org/__mailman/listinfo/users>
>>                  <http://lists.ovirt.org/__mailman/listinfo/users
>>         <http://lists.ovirt.org/mailman/listinfo/users>>
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150129/1ff59ae2/attachment-0001.html>


More information about the Users mailing list