[ovirt-users] AAA

Alon Bar-Lev alonbl at redhat.com
Thu Jan 29 18:17:47 UTC 2015



----- Original Message -----
> From: "Koen Vanoppen" <vanoppen.koen at gmail.com>
> To: "Ondra Machacek" <omachace at redhat.com>
> Cc: users at ovirt.org
> Sent: Thursday, January 29, 2015 4:11:40 PM
> Subject: Re: [ovirt-users] AAA
> 
> FOUND IT!!!!!!
> 
> include = <ad.properties>
> 
> #
> # Active directory domain name.
> #
> #vars.domain = ldap.mydomain.com
> vars.server = ldap.mydomain.com
> 
> #
> # Search user and its password.
> #
> vars.user = juniper-admin at mydomain.com
> vars.password = **************
> 
> #
> # Optional DNS servers, if enterprise
> # DNS server cannot resolve the domain srvrecord.
> #
> vars.dns = dns:// srvdc03.mydomain.com dns:// srvdc04.mydomain.com
> 
> #pool.default.serverset.type = srvrecord

as I wrote several times, not using srvrecord for active directory will result in non working configuration. we need to find the root cause of your problem.

> pool.default.serverset.single.server = ${global:vars.server}
> pool.default.serverset.srvrecord.domain = ${global:vars.domain}
> pool.default.auth.simple.bindDN = ${global:vars.user}
> pool.default.auth.simple.password = ${global:vars.password}
> 
> # Uncomment if using custom DNS
> pool.default.serverset.srvrecord.jndi-properties.java.naming.provider.url =
> ${global:vars.dns}
> pool.default.socketfactory.resolver.uRL = ${global:vars.dns
> 
> 
> 
> BIG THANKS MAN!!!!!
> 
> 2015-01-29 15:00 GMT+01:00 Ondra Machacek < omachace at redhat.com > :
> 
> 
> 
> 
> On 01/29/2015 02:54 PM, Koen Vanoppen wrote:
> 
> 
> I just don't understand. Why did engine-manage-domains previously DID
> work, no problems what so ever and now I have this...
> 
> Because manage-domains didn't use global catalog. And probabaly the reason
> you don't have _ldap SRV record is that you didn't have them never and you
> just used '--ldapServers' parameter, that's why manage-domains worked with
> your domain.
> 
> Now you are using DNS, not static configuration of ldap servers.
> 
> 
> 
> 
> 2015-01-29 14:48 GMT+01:00 Ondra Machacek < omachace at redhat.com
> <mailto: omachace at redhat.com >>:
> 
> It's same situation as before, but now you are missing ldap SRV record.
> 
> With same steps you used to add _gc SRV record add also _ldap SRV
> record. But it's strange that you don't already have them.
> 
> On 01/29/2015 02:46 PM, Koen Vanoppen wrote:
> 
> I saw that when I pressed the send button. If I do that i again
> get the
> following:
> 
> 2015-01-29 14:28:35,891 WARN
> [org.ovirt.engineextensions.__ aaa.ldap.AuthzExtension] (MSC
> service thread
> 1-1) [ovirt-engine-extension-aaa-__ ldap.authz::BRU_AIR-authz] Cannot
> initialize LDAP framework, deferring initialization. Error: An error
> occurred while attempting to query DNS in order to retrieve SRV
> records
> with name '_ldap._ tcp.ldap.mydomain.com
> < http://tcp.ldap.mydomain.com >
> < http://tcp.ldap.mydomain.com > __':
> javax.naming.__ NameNotFoundException:
> DNS name not found [response code 3]; remaining name
> '_ldap._ tcp.ldap.mydomain.com < http://tcp.ldap.mydomain.com >
> < http://tcp.ldap.mydomain.com > __'
> 2015-01-29 14:28:35,924 WARN
> [org.ovirt.engineextensions.__ aaa.ldap.AuthnExtension] (MSC
> service thread
> 1-1) [ovirt-engine-extension-aaa-__ ldap.authn::BRU_AIR-authn] Cannot
> initialize LDAP framework, deferring initialization. Error: An error
> occurred while attempting to query DNS in order to retrieve SRV
> records
> with name '_ldap._ tcp.ldap.mydomain.com
> < http://tcp.ldap.mydomain.com >
> < http://tcp.ldap.mydomain.com > __':
> javax.naming.__ NameNotFoundException:
> DNS name not found [response code 3]; remaining name
> '_ldap._ tcp.ldap.mydomain.com < http://tcp.ldap.mydomain.com >
> < http://tcp.ldap.mydomain.com > __'
> 
> And yes I replayed mydomain with the correct one... :-)
> 
> 2015-01-29 14:40 GMT+01:00 Ondra Machacek < omachace at redhat.com
> <mailto: omachace at redhat.com >
> <mailto: omachace at redhat.com <mailto: omachace at redhat.com >>> :
> 
> 
> 
> On 01/29/2015 02:18 PM, Koen Vanoppen wrote:
> 
> OK... Now I have this one :-)
> WARN
> [org.ovirt.engineextensions.__ __aaa.ldap.AuthnExtension]
> (MSC service
> thread 1-2)
> [ovirt-engine-extension-aaa-__ __ldap.authn::BRU_AIR-authn]
> Cannot initialize LDAP framework, deferring
> initialization. Error:
> Invalid DNS pseudo-URL(s):
> 
> 
> uncomment vars.dns
> 
> 
> Changed the properties file to this:
> 
> include = <ad.properties>
> 
> #
> # Active directory domain name.
> #
> vars.domain = ldap.mydomain.com
> < http://ldap.mydomain.com > < http://ldap.mydomain.com >
> < http://ldap.mydomain.com > (this one
> resolves to and gives ping back, front end of the pool)
> 
> #
> # Search user and its password.
> #
> vars.user = juniper-admin at mydomain.com
> <mailto: juniper-admin@ mydomain.com >
> <mailto: juniper-admin@ __ mydoma in.com
> <mailto: juniper-admin@ mydomain.com >>
> <mailto: juniper-admin@
> <mailto: juniper-admin@ >__ mydom a__in.com < http://mydomain.com >
> <mailto: juniper-admin@ __ mydoma in.com
> <mailto: juniper-admin@ mydomain.com >>>
> vars.password = *****
> 
> #
> # Optional DNS servers, if enterprise
> # DNS server cannot resolve the domain srvrecord.
> #
> #vars.dns = dns://srvdc03.my.domain
> dns://srvdc04.my.domain (these
> resolve and give a ping back)
> 
> pool.default.serverset.type = srvrecord
> #pool.default.serverset.____ single.server =
> ${global:vars.server}
> pool.default.serverset.____ srvrecord.domain =
> ${global:vars.domain}
> pool.default.auth.simple.____ bindDN = ${global:vars.user}
> pool.default.auth.simple.____ password =
> ${global:vars.password}
> 
> # Uncomment if using custom DNS
> 
> pool.default.serverset.____ srvrecord.jndi-properties.____
> java.naming.provider.url
> =
> ${global:vars.dns}
> pool.default.socketfactory.___ _resolver.uRL =
> ${global:vars.dns}
> 
> 
> Thanks for your effort!
> 
> 
> 2015-01-29 13:50 GMT+01:00 Alon Bar-Lev
> < alonbl at redhat.com <mailto: alonbl at redhat.com >
> <mailto: alonbl at redhat.com <mailto: alonbl at redhat.com >>
> <mailto: alonbl at redhat.com <mailto: alonbl at redhat.com >
> <mailto: alonbl at redhat.com <mailto: alonbl at redhat.com >>>>:
> 
> 
> 
> ----- Original Message -----
> > From: "Koen Vanoppen" < vanoppen.koen at gmail.com
> <mailto: vanoppen.koen at gmail. com >
> <mailto: vanoppen.koen at gmail. __ com
> <mailto: vanoppen.koen at gmail. com >>
> <mailto: vanoppen.koen at gmail .
> <mailto: vanoppen.koen at gmail .>_ ___com
> <mailto: vanoppen.koen at gmail. __ com
> <mailto: vanoppen.koen at gmail. com >>>>
> > To: "Alon Bar-Lev" < alonbl at redhat.com
> <mailto: alonbl at redhat.com >
> <mailto: alonbl at redhat.com <mailto: alonbl at redhat.com >>
> <mailto: alonbl at redhat.com <mailto: alonbl at redhat.com >
> <mailto: alonbl at redhat.com <mailto: alonbl at redhat.com >>>>
> > Cc:users at ovirt.org <mailto: Cc%3Ausers at ovirt.org >
> <mailto: Cc%3Ausers at ovirt.org <mailto: Cc%253Ausers at ovirt.org >>
> <mailto: users at ovirt.org <mailto: users at ovirt.org >
> <mailto: users at ovirt.org <mailto: users at ovirt.org >>>
> > Sent: Thursday, January 29, 2015 2:41:52 PM
> > Subject: Re: [ovirt-users] AAA
> > 
> > Yes We have:
> > 
> > [root at ovirtmgmt01prod ~]# dig
> @ srvdc03.mydomain.com < http://srvdc03.mydomain.com >
> < http://srvdc03.mydomain.com >
> < http://srvdc03.mydomain.com > SRV
> _gc._
> > tcp.mydomain.com < http://tcp.mydomain.com >
> < http://tcp.mydomain.com >
> < http://tcp.mydomain.com >
> > 
> > ; <<>> DiG
> 9.8.2rc1-RedHat-9.8.2-0.23.___ _rc1.el6_5.1 <<>>
> @ srvdc03.mydomain.com < http://srvdc03.mydomain.com >
> < http://srvdc03.mydomain.com >
> 
> < http://srvdc03.mydomain.com >
> > SRV _gc._ tcp.mydomain.com
> < http://tcp.mydomain.com > < http://tcp.mydomain.com >
> < http://tcp.mydomain.com >
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN,
> id: 33340
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,
> AUTHORITY: 1,
> ADDITIONAL: 0
> > 
> > ;; QUESTION SECTION:
> > ;_gc._ tcp.mydomain.com < http://tcp.mydomain.com >
> < http://tcp.mydomain.com >
> < http://tcp.mydomain.com >. IN SRV
> 
> this ^^^^^^^ means that you do not have srv
> record. are you
> sure you
> replace mydomain.com < http://mydomain.com >
> < http://mydomain.com >
> < http://mydomain.com > with your actual active
> directory domain name?
> have you tried to look into your dns manager for this
> information as
> well?
> 
> > 
> > ;; AUTHORITY SECTION:
> > mydomain.com < http://mydomain.com >
> < http://mydomain.com >
> < http://mydomain.com >. 3600 IN SOA
> srvdc03.mydomain.com < http://srvdc03.mydomain.com >
> < http://srvdc03.mydomain.com >
> < http://srvdc03.mydomain.com >.
> > hostmaster.airport. 1398582 900 600 86400 3600
> > 
> > ;; Query time: 12 msec
> > ;; SERVER: 10.110.3.123#53(10.110.3.123)
> > ;; WHEN: Thu Jan 29 13:40:41 2015
> > ;; MSG SIZE rcvd: 98
> > 
> > 
> > 
> > 2015-01-29 13:33 GMT+01:00 Alon Bar-Lev
> < alonbl at redhat.com <mailto: alonbl at redhat.com >
> <mailto: alonbl at redhat.com <mailto: alonbl at redhat.com >>
> <mailto: alonbl at redhat.com
> <mailto: alonbl at redhat.com > <mailto: alonbl at redhat.com
> <mailto: alonbl at redhat.com >>>>:
> > 
> > > 
> > > 
> > > ----- Original Message -----
> > > > From: "Koen Vanoppen"
> < vanoppen.koen at gmail.com <mailto: vanoppen.koen at gmail. com >
> <mailto: vanoppen.koen at gmail. __ com
> <mailto: vanoppen.koen at gmail. com >>
> <mailto: vanoppen.koen at gmail .
> <mailto: vanoppen.koen at gmail .>_ ___com
> <mailto: vanoppen.koen at gmail. __ com
> <mailto: vanoppen.koen at gmail. com >>>>
> > > > To: "Alon Bar-Lev" < alonbl at redhat.com
> <mailto: alonbl at redhat.com >
> <mailto: alonbl at redhat.com <mailto: alonbl at redhat.com >>
> <mailto: alonbl at redhat.com
> <mailto: alonbl at redhat.com > <mailto: alonbl at redhat.com
> <mailto: alonbl at redhat.com >>>>,
> users at ovirt.org <mailto: users at ovirt.org > <mailto: users at ovirt.org
> <mailto: users at ovirt.org >> <mailto: users at ovirt.org
> <mailto: users at ovirt.org >
> <mailto: users at ovirt.org <mailto: users at ovirt.org >>>
> > > > Sent: Thursday, January 29, 2015 2:19:32 PM
> > > > Subject: Re: [ovirt-users] AAA
> > > > 
> > > > Big thanks for your help, but still the same:
> > > > 
> > > > #
> > > > # Active directory domain name.
> > > > #
> > > > vars.domain = mydomain.com
> < http://mydomain.com > < http://mydomain.com >
> < http://mydomain.com >
> > > > 
> > > > #
> > > > # Search user and its password.
> > > > #
> > > > vars.user = admin@${global:vars.domain}
> > > > vars.password = *****
> > > > 
> > > > #
> > > > # Optional DNS servers, if enterprise
> > > > # DNS server cannot resolve the domain
> srvrecord.
> > > > #
> > > > vars.dns =
> dns://srvdc03.${global:vars.__ __domain}
> > > > dns://srvdc04.${global:vars.__ __domain}
> > > > 
> > > > pool.default.serverset.type = srvrecord
> > > > pool.default.serverset.____ srvrecord.domain =
> ${global:vars.domain}
> > > > pool.default.auth.simple.____ bindDN =
> ${global:vars.user}
> > > > pool.default.auth.simple.____ password =
> ${global:vars.password}
> > > > 
> > > > # Uncomment if using custom DNS
> > > > 
> > > 
> 
> 
> pool.default.serverset.____ srvrecord.jndi-properties.____
> java.naming.provider.url
> =
> > > > ${global:vars.dns}
> > > > pool.default.socketfactory.___ _resolver.uRL =
> ${global:vars.dns}
> > > > 
> > > > 
> > > > 
> > > > 
> [ovirt-engine-extension-aaa-__ __ldap.authz::BRU_AIR-authz]
> Cannot initialize
> > > > LDAP framework, deferring initialization.
> Error: No
> DNS SRV
> records were
> > > > found with record name
> '_gc._tcp.brussels.airport'.
> > > > 
> > > > And I can't put '_gc._ tcp.mydomain.com
> < http://tcp.mydomain.com >
> < http://tcp.mydomain.com >
> < http://tcp.mydomain.com > in the dns... Isn't
> there another
> > > > way it just resolves the dns servers I gave
> him?
> > > > 
> > > 
> > > Microsoft Domain controller must have gc
> service entry
> within
> DNS to work
> > > properly.
> > > 1. Are you sure you have Microsoft DNS
> installed on
> srvdc03.mydomain.com < http://srvdc03.mydomain.com >
> < http://srvdc03.mydomain.com >
> < http://srvdc03.mydomain.com > ?
> > > 2. Can you please execute:
> > > $ dig @ srvdc03.mydomain.com
> < http://srvdc03.mydomain.com >
> < http://srvdc03.mydomain.com >
> < http://srvdc03.mydomain.com > SRV
> _gc._ tcp.mydomain.com < http://tcp.mydomain.com >
> < http://tcp.mydomain.com >
> < http://tcp.mydomain.com >
> > > 3. Can you please open the DNS manager within
> your
> domain and
> search for
> > > srv records? Maybe you have DNS installed
> only on few
> servers,
> using the
> > > DNS manager you can also see which.
> > > 
> > > > 
> > > > 2015-01-29 13:02 GMT+01:00 Alon Bar-Lev
> < alonbl at redhat.com <mailto: alonbl at redhat.com >
> <mailto: alonbl at redhat.com <mailto: alonbl at redhat.com >>
> <mailto: alonbl at redhat.com
> <mailto: alonbl at redhat.com > <mailto: alonbl at redhat.com
> <mailto: alonbl at redhat.com >>>>:
> > > > 
> > > > > 
> > > > > 
> > > > > ----- Original Message -----
> > > > > > From: "Ondra Machacek"
> < omachace at redhat.com <mailto: omachace at redhat.com >
> <mailto: omachace at redhat.com <mailto: omachace at redhat.com >>
> <mailto: omachace at redhat.com
> <mailto: omachace at redhat.com > <mailto: omachace at redhat.com
> <mailto: omachace at redhat.com >>> >
> > > > > > To: "Koen Vanoppen"
> < vanoppen.koen at gmail.com <mailto: vanoppen.koen at gmail. com >
> <mailto: vanoppen.koen at gmail. __ com
> <mailto: vanoppen.koen at gmail. com >>
> <mailto: vanoppen.koen at gmail .
> <mailto: vanoppen.koen at gmail .>_ ___com
> <mailto: vanoppen.koen at gmail. __ com
> <mailto: vanoppen.koen at gmail. com >>>>, users at ovirt.org
> <mailto: users at ovirt.org >
> <mailto: users at ovirt.org <mailto: users at ovirt.org >>
> <mailto: users at ovirt.org <mailto: users at ovirt.org >
> 
> <mailto: users at ovirt.org <mailto: users at ovirt.org >>>
> > > > > > Sent: Thursday, January 29, 2015 1:49:00 PM
> > > > > > Subject: Re: [ovirt-users] AAA
> > > > > > 
> > > > > > 
> > > > > > On 01/29/2015 12:30 PM, Koen Vanoppen
> wrote:
> > > > > > > No, I don't. and I wouldn't know how
> he got to
> this name...
> > > > > > 
> > > > > > Well, then you have to, if you want to use
> > > 'pool.default.serverset.type
> > > > > > = srvrecord'.
> > > > > > 
> > > > > > It just need to know where your global
> catalog is
> running, since it's
> > > > > > needed for new provider.
> > > > > > 
> > > > > > It searches for global catalog like this:
> > > > > > dig @${vars.dns} -t SRV
> _gc._tcp.${vars.domain}
> > > > > > 
> > > > > > So you need to have this SRV record in
> DNS, if
> you want
> to use
> > > srvrecord
> > > > > > serverset type. Or you don't have to if
> you use
> single
> server type.
> > > > > 
> > > > > active directory will not work without
> access to
> global
> catalog.
> > > > > please set one or more of the domain
> controllers
> as dns
> server, for
> > > > > example:
> > > > > 
> > > > > vars.dns =
> dns://dc1.${global:vars.____ domain}
> > > dns://dc2.${global:vars.____ domain}
> > > > > 
> > > > > please also uncomment/add these lines to
> make vars.dns
> effective.
> > > > > 
> > > > > 
> > > 
> 
> 
> pool.default.serverset.____ srvrecord.jndi-properties.____
> java.naming.provider.url
> > > > > = ${global:vars.dns}
> > > > > pool.default.socketfactory.___ _resolver.uRL =
> ${global:vars.dns}
> > > > > 
> > > > > Thanks!
> > > > > 
> > > > > > 
> > > > > > > 
> > > > > > > Thanks for the reply!
> > > > > > > 
> > > > > > > 2015-01-29 11:53 GMT+01:00 Ondra Machacek
> < omachace at redhat.com <mailto: omachace at redhat.com >
> <mailto: omachace at redhat.com <mailto: omachace at redhat.com >>
> <mailto: omachace at redhat.com
> <mailto: omachace at redhat.com > <mailto: omachace at redhat.com
> <mailto: omachace at redhat.com >>>
> > > > > > > <mailto: omachace at redhat.com
> <mailto: omachace at redhat.com >
> <mailto: omachace at redhat.com
> <mailto: omachace at redhat.com >> <mailto: omachace at redhat.com
> <mailto: omachace at redhat.com >
> <mailto: omachace at redhat.com
> <mailto: omachace at redhat.com >>> >__>__:
> 
> > > > > > > 
> > > > > > > On 01/29/2015 11:41 AM, Koen
> Vanoppen wrote:
> > > > > > > 
> > > > > > > Can somebody help me setting
> up AAA
> for ovirt
> 3.5.1?
> > > > > > > 
> > > > > > > I'm getting this now:
> > > > > > > 
> > > > > > > 2015-01-29 11:35:36,889 WARN
> > > > > > > 
> 
> [org.ovirt.engineextensions.__ ____aaa.ldap.AuthzExtension] (MSC
> > > > > > > service thread
> > > > > > > 1-1)
> > > 
> [ovirt-engine-extension-aaa-__ ____ldap.authz::BRU_AIR-authz]
> > > > > > > Cannot
> > > > > > > initialize LDAP framework,
> deferring
> initialization.
> > > Error: An
> > > > > > > error
> > > > > > > occurred while attempting to
> query DNS
> in order to
> > > retrieve SRV
> > > > > > > records
> > > > > > > with name
> '_gc._tcp.brussels.airport':
> > > > > > > 
> javax.naming.______ NameNotFoundException: DNS name
> not found
> > > > > > > [response code
> > > > > > > 3]; remaining name
> '_gc._tcp.brussels.airport'
> > > > > > > 
> > > > > > > 
> > > > > > > Do you have this
> '_gc._tcp.brussels.airport' SRV
> record in DNS
> > > ?
> > > > > > > 
> > > > > > > 
> > > > > > > my 3 configs:
> > > > > > > _*BRU_AIR-authn.properties*_
> > > > > > > ovirt.engine.extension.name
> < http://ovirt.engine. extension.name >
> < http://ovirt.engine. __ extensi on.name
> < http://ovirt.engine. extension.name >>
> < http://ovirt.engine. __ extensi __on.name
> < http://extension.name >
> < http://ovirt.engine. __ extensi on.name
> < http://ovirt.engine. extension.name >>> <
> > > > > http://ovirt.engine.extension. ____name
> < http://ovirt.engine. __ extensi on.name
> < http://ovirt.engine. extension.name >>>
> > > > > > > 
> < http://ovirt.engine. __ extensi ____on.name
> < http://extensi__on.name > < http://extension.name >
> < http://extension.name >
> > > > > > > 
> < http://ovirt.engine. __ extensi __on.name < http://extension.name >
> < http://ovirt.engine. __ extensi on.name
> < http://ovirt.engine. extension.name >>>> =
> > > > > > > BRU_AIR-authn
> > > > > > > 
> ovirt.engine.extension.______ bindings.method =
> jbossmodule
> > > > > > > 
> 
> ovirt.engine.extension.______ binding.jbossmodule.module =
> > > > > > > 
> org.ovirt.engine-extensions.__ ____aaa.ldap
> > > > > > > 
> 
> ovirt.engine.extension.______ binding.jbossmodule.class =
> > > > > > > 
> 
> org.ovirt.engineextensions.___ ___aaa.ldap.AuthnExtension
> > > > > > > 
> ovirt.engine.extension.______ provides =
> > > > > > > 
> org.ovirt.engine.api.______ extensions.aaa.Authn
> > > > > > > 
> ovirt.engine.aaa.authn.__ profi ____le.name
> < http://profi__le.name > < http://profile.name >
> < http://profile.name >
> > > > > > > 
> < http://ovirt.engine.aaa. __ aut __hn.profile.name
> < http://authn.profile.name >
> < http://ovirt.engine.aaa. __ aut hn.profile.name
> < http://ovirt.engine.aaa. authn.profile.name >>>
> > > > > > > 
> < http://ovirt.engine.aaa. __ aut ____hn.profile.name
> < http://aut__hn.profile.name >
> < http://authn.profile.name >
> < http://authn.profile.name >
> > > > > > > 
> < http://ovirt.engine.aaa. __ aut __hn.profile.name
> < http://authn.profile.name >
> < http://ovirt.engine.aaa. __ aut hn.profile.name
> < http://ovirt.engine.aaa. authn.profile.name >>>> =
> BRU-AIR
> > > > > > > 
> ovirt.engine.aaa.authn.authz._ _____plugin =
> BRU_AIR-authz
> > > > > > > config.profile.file.1 =
> > > > > 
> /etc/ovirt-engine/aaa/BRU_AIR. ______properties
> > > > > > > 
> > > > > > > _*BRU_AIR-authz.properties*_
> > > > > > > ovirt.engine.extension.name
> < http://ovirt.engine. extension.name >
> < http://ovirt.engine. __ extensi on.name
> < http://ovirt.engine. extension.name >>
> < http://ovirt.engine. __ extensi __on.name
> < http://extension.name >
> < http://ovirt.engine. __ extensi on.name
> < http://ovirt.engine. extension.name >>> <
> > > > > http://ovirt.engine.extension. ____name
> < http://ovirt.engine. __ extensi on.name
> < http://ovirt.engine. extension.name >>>
> > > > > > > 
> < http://ovirt.engine. __ extensi ____on.name
> < http://extensi__on.name > < http://extension.name >
> < http://extension.name >
> 
> > > > > > > 
> < http://ovirt.engine. __ extensi __on.name < http://extension.name >
> < http://ovirt.engine. __ extensi on.name
> < http://ovirt.engine. extension.name >>>> =
> > > > > > > BRU_AIR-authz
> > > > > > > 
> ovirt.engine.extension.______ bindings.method =
> jbossmodule
> > > > > > > 
> 
> ovirt.engine.extension.______ binding.jbossmodule.module =
> > > > > > > 
> org.ovirt.engine-extensions.__ ____aaa.ldap
> > > > > > > 
> 
> ovirt.engine.extension.______ binding.jbossmodule.class =
> > > > > > > 
> 
> org.ovirt.engineextensions.___ ___aaa.ldap.AuthzExtension
> > > > > > > 
> ovirt.engine.extension.______ provides =
> > > > > > > 
> org.ovirt.engine.api.______ extensions.aaa.Authz
> > > > > > > config.profile.file.1 =
> > > > > 
> /etc/ovirt-engine/aaa/BRU_AIR. ______properties
> 
> 
> > > > > > > 
> > > > > > > _*BRU_AIR.properties*_
> > > > > > > include = <ad.properties>
> > > > > > > 
> > > > > > > #
> > > > > > > # Active directory domain name.
> > > > > > > #
> > > > > > > vars.domain = mydomain.com
> < http://mydomain.com >
> < http://mydomain.com >
> < http://mydomain.com > < http://mydomain.com >
> > > > > > > < http://mydomain.com >
> > > > > > > 
> > > > > > > #
> > > > > > > # Search user and its password.
> > > > > > > #
> > > > > > > vars.user =
> admin@${global:vars.domain}
> > > > > > > vars.password = ***********
> > > > > > > 
> > > > > > > #
> > > > > > > # Optional DNS servers, if
> enterprise
> > > > > > > # DNS server cannot resolve
> the domain
> srvrecord.
> > > > > > > #
> > > > > > > vars.dns =
> dns:// dc01.mydomain.com < http://dc01.mydomain.com >
> < http://dc01.mydomain.com >
> < http://dc01.mydomain.com > <
> > > http://dc01.mydomain.com >
> > > > > > > < http://dc01.mydomain.com >
> > > > > > > 
> > > > > > > pool.default.serverset.type =
> srvrecord
> > > > > > > 
> pool.default.serverset.______ srvrecord.domain =
> > > > > ${global:vars.domain}
> > > > > > > 
> pool.default.auth.simple._____ _bindDN =
> ${global:vars.user}
> > > > > > > 
> pool.default.auth.simple._____ _password =
> > > ${global:vars.password
> > > > > > > 
> > > > > > > In the GUI for adding user I
> get this:
> > > > > > > 
> > > > > > > An error occurred while
> attempting to
> query DNS
> in order to
> > > > > > > retrieve SRV
> > > > > > > records with name
> '_gc__tcp_brussels_airport':
> > > > > > > 
> javax_naming_______ NameNotFoundException: DNS name
> not found
> > > > > > > [response code
> > > > > > > 3]; remaining name
> '_gc__tcp_brussels_airport'
> > > > > > > 
> > > > > > > Any ideas? I ran out...
> > > > > > > 
> > > > > > > Kind regards,
> > > > > > > 
> > > > > > > Koen
> > > > > > > 
> > > > > > > 
> > > > > > > 
> ______________________________ _______________________
> > > > > > > Users mailing list
> > > > > > > Users at ovirt.org
> <mailto: Users at ovirt.org > <mailto: Users at ovirt.org
> <mailto: Users at ovirt.org >>
> <mailto: Users at ovirt.org <mailto: Users at ovirt.org >
> <mailto: Users at ovirt.org <mailto: Users at ovirt.org >>>
> <mailto: Users at ovirt.org <mailto: Users at ovirt.org >
> <mailto: Users at ovirt.org <mailto: Users at ovirt.org >>
> <mailto: Users at ovirt.org <mailto: Users at ovirt.org >
> <mailto: Users at ovirt.org <mailto: Users at ovirt.org >>>>
> > > > > > > 
> http://lists.ovirt.org/______ mailman/listinfo/users
> < http://lists.ovirt.org/____ mailman/listinfo/users >
> < http://lists.ovirt.org/____ mailman/listinfo/users
> < http://lists.ovirt.org/__ mailman/listinfo/users >>
> > > > > > > 
> < http://lists.ovirt.org/____ mailman/listinfo/users
> < http://lists.ovirt.org/__ mailman/listinfo/users >
> < http://lists.ovirt.org/__ mailman/listinfo/users
> < http://lists.ovirt.org/ mailman/listinfo/users >>>
> > > > > > > 
> > > > > > > 
> > > > > > 
> ______________________________ _____________________
> > > > > > Users mailing list
> > > > > > Users at ovirt.org
> <mailto: Users at ovirt.org > <mailto: Users at ovirt.org
> <mailto: Users at ovirt.org >>
> <mailto: Users at ovirt.org <mailto: Users at ovirt.org >
> <mailto: Users at ovirt.org <mailto: Users at ovirt.org >>>
> > > > > > 
> http://lists.ovirt.org/____ mailman/listinfo/users
> < http://lists.ovirt.org/__ mailman/listinfo/users >
> < http://lists.ovirt.org/__ mailman/listinfo/users
> < http://lists.ovirt.org/ mailman/listinfo/users >>
> > > > > > 
> > > > > 
> > > > 
> > > 
> > 
> 
> 
> 
> 
> ______________________________ _____________________
> Users mailing list
> Users at ovirt.org <mailto: Users at ovirt.org > <mailto: Users at ovirt.org
> <mailto: Users at ovirt.org >>
> http://lists.ovirt.org/____ mailman/listinfo/users
> < http://lists.ovirt.org/__ mailman/listinfo/users >
> < http://lists.ovirt.org/__ mailman/listinfo/users
> < http://lists.ovirt.org/ mailman/listinfo/users >>
> 
> 
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 



More information about the Users mailing list