[ovirt-users] ldap servers configuration can be misleading with AD
Fabrice Bacchella
fabrice.bacchella at orange.fr
Tue Apr 19 14:37:54 UTC 2016
I tried to plug ovirt using my company AD.
But I have a problem, the DNS srv records are not well managed and I can't use them so I changed pool.default.serverset.type from srvrecord to failover.
But it was not enough, it was still using those invalid records. It was used by pool.default.dc-resolve.default.serverset.type too. I found that after digging in the source. I wonder why it should be specified twice. Why pool.default.dc-resolve.default.serverset and pool.default.serverset are different ?
I also need to specify search.ad-resolve-upn.search-request.baseDN because it didn't found it any more. I wonder if it's related.
My aaa property file:
include = <ad.properties>
vars.domain = MYDOME
vars.user = A_DN
vars.password = the_password
vars.forest = my_forest
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = failover
pool.default.serverset.failover.1.server = server1
pool.default.serverset.failover.2.server = server2
pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file = trust.jks
pool.default.ssl.truststore.password =
pool.default.ssl.startTLSProtocol = TLSv1.2
pool.default.connection-options.connectTimeoutMillis = 500
pool.default.dc-resolve.enable = true
pool.default.dc-resolve.default.serverset.type = failover
pool.default.dc-resolve.serverset.failover.1.server = server1
pool.default.dc-resolve.serverset.failover.2.server = server2
search.ad-resolve-upn.search-request.baseDN = BASE_DN
More information about the Users
mailing list