Bug 1302313
| Summary: | Active Directory forest configuration - bad DNS query | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-engine-extension-aaa-ldap | Reporter: | el_Lechu <r.oleszek> | ||||
| Component: | Profile.ad | Assignee: | Itamar Heim <iheim> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Ondra Machacek <omachace> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 1.1.2 | CC: | bugs | ||||
| Target Milestone: | --- | Flags: | rule-engine:
planning_ack?
rule-engine: devel_ack? rule-engine: testing_ack? |
||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-01-27 13:40:11 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Please ensure that you don't have trailing space at one of those lines:
vars.forest = win2k8.local
pool.default.serverset.srvrecord.domain = ${global:vars.forest}
LOL, you r right. In "vars.forest = win2k8.local" I have a space. Thank you. |
Created attachment 1118783 [details] bad/good query/response to/from DNS Description of problem: After install ovirt(3.6.1.3-1) and ovirt-engine-extension-aaa-ldap-setup-1.1.2-1.el7.centos.noarch and copy and edit example config: ------- include = <ad.properties> vars.forest = win2k8.local vars.user = ovirt-test@${global:vars.forest} vars.password = password! pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.forest} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} ------- ovirt cant query dns in a good way. It seems like ovirt want to query "_ldap._tcp.<domain> " for SRV record (with space at the end), but it should be without space at the end. Log from ovirt-engine: [ovirt-engine-extension-aaa-ldap.authz::profile1-authz] Creating LDAP pool 'authz' 2016-01-27 13:52:33 WARNING [ovirt-engine-extension-aaa-ldap.authz::profile1-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldap._tcp.win2k8.local ': javax.naming.CommunicationException: DNS error [Root exception is java.net.SocketTimeoutException: Receive timed out]; remaining name '_ldap._tcp.win2k8.local ' caused by java.net.SocketTimeoutException: Receive timed out -------- Configuration with vars.domain works fine. In attachment log from dns server (first bad query from ovirt - `host -t SRV "_ldap._tcp.win2k8.local "`, at the end good query from shell - without space - `host -t SRV "_ldap._tcp.win2k8.local"`) Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Configure ovirt with aaa-ldap and put "vars.forest" configuration like in example 2. 3. Actual results: Can't coonect ovirt to ldap with "vars.forest" config Expected results: DNS query from aaa-ldap works fine, SRV record could be find like here (using dig or host): # host -t SRV _ldap._tcp.win2k8.local _ldap._tcp.win2k8.local has SRV record 0 100 389 win-nd8lecpmi69.win2k8.local. Additional info: