[ovirt-users] ldap servers configuration can be misleading with AD

[Fabrice Bacchella]

I tried to plug ovirt using my company AD.

But I have a problem, the DNS srv records are not well managed and I can't use them so I changed pool.default.serverset.type from srvrecord to failover.

But it was not enough, it was still using those invalid records. It was used by pool.default.dc-resolve.default.serverset.type too. I found that after digging in the source. I wonder why it should be specified twice. Why pool.default.dc-resolve.default.serverset and pool.default.serverset are different ?

I also need to specify search.ad-resolve-upn.search-request.baseDN because it didn't found it any more. I wonder if it's related.

My aaa property file:

include = <ad.properties>

vars.domain = MYDOME
vars.user = A_DN
vars.password = the_password
vars.forest = my_forest

pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}
pool.default.serverset.type = failover
pool.default.serverset.failover.1.server = server1
pool.default.serverset.failover.2.server = server2
pool.default.ssl.startTLS = true
pool.default.ssl.truststore.file = trust.jks
pool.default.ssl.truststore.password = 
pool.default.ssl.startTLSProtocol = TLSv1.2

pool.default.connection-options.connectTimeoutMillis = 500
pool.default.dc-resolve.enable = true
pool.default.dc-resolve.default.serverset.type = failover
pool.default.dc-resolve.serverset.failover.1.server = server1
pool.default.dc-resolve.serverset.failover.2.server = server2

search.ad-resolve-upn.search-request.baseDN = BASE_DN