[ovirt-users] Can't perform search after setting up an Active Directory

Martin Perina mperina at redhat.com
Thu May 26 08:20:27 UTC 2016

On Thu, May 26, 2016 at 10:11 AM, Alexis HAUSER <
alexis.hauser at telecom-bretagne.eu> wrote:

> >You use 389 with SSL? I guess you wrongly specified it.
> >But, if you want to use SSL and you have it on 636, then you should
> >create new SRV dns
> >records for example: _ldaps._tcp.university.mydomain.com ... 636
> Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ?
> On the DNS server I'm using ?
> >and then change:
> >  pool.default.serverset.srvrecord.service=ldaps
> >But I guess you wanted to use startTLS with 389, which you can enable by
> >adding:
> >  pool.default.ssl.startTLS=true
> >and remove line:
> >  pool.default.ssl.enable=true
> >Does it solve your issue?
> Actually, it's using ldaps yes. It doesnt solve my issue but I don't know
> where this DNS server comes from, I think it doesn't exist...
> I tried to configure it by adding vars.dns = dns://
> one_of_the_adservers.com and the same with ":636" at the end, but none of
> them works, it's still trying to reach this weird address with underlines :
> _ldaps._tcp.university.mydomain.com
> "2016-05-26 09:54:52,872 WARN
> [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (ajp-/
> [] [ovirt-engine-extension-aaa-ldap.authn::AD-authn] Cannot initialize LDAP
> framework, deferring initialization. Error: An error occurred while
> attempting to query DNS in order to retrieve SRV records with name '_ldaps._
> tcp.university.mydomain.com':  javax.naming.NameNotFoundException: DNS
> name not found [response code 3]; remaining name '_ldaps._
> tcp.campus.enst-bretagne.fr'"
> >> I meant I had to disable the LDAP (openLDAP) profile, renaming the file
> with .save so ovirt doesn't detect them. If both profiles are activated,
> ovirt-web interface propose >>me the DN of the LDAP into AD (in namespace
> field)... Is that a bug or normal behavior ?
> >>
> >Hmm, that's strange, because only files with *.properties suffix should
> >be detected and used. So yes please open bz that also other suffixes are
> >loaded.
> Actually that's what I said : only .properties file are detected. The
> problem is about the namespaces : when LDAP.properties file and
> AD.properties file are activated, the namespace suggested in the web
> interface in the user tab, when choosing AD, is the DN of the LDAP...Which
> seems to be a bug....Namespaces of everything are mixed...And if I select
> internal and then select again AD, a new namespace appears : * (from
> internal).
> This a weird behavior, right ?

​If I understand correctly, you have only one AD server/domain, right?​

​If so, what do you want to use profile LDAP​.properties for?

> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160526/82e114d6/attachment-0001.html>

More information about the Users mailing list