Bug 1302313
Summary: | Active Directory forest configuration - bad DNS query | ||||||
---|---|---|---|---|---|---|---|
Product: | [oVirt] ovirt-engine-extension-aaa-ldap | Reporter: | el_Lechu <r.oleszek> | ||||
Component: | Profile.ad | Assignee: | Itamar Heim <iheim> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Ondra Machacek <omachace> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 1.1.2 | CC: | bugs | ||||
Target Milestone: | --- | Flags: | rule-engine:
planning_ack?
rule-engine: devel_ack? rule-engine: testing_ack? |
||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-01-27 13:40:11 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Please ensure that you don't have trailing space at one of those lines: vars.forest = win2k8.local pool.default.serverset.srvrecord.domain = ${global:vars.forest} LOL, you r right. In "vars.forest = win2k8.local" I have a space. Thank you. |
Created attachment 1118783 [details] bad/good query/response to/from DNS Description of problem: After install ovirt(3.6.1.3-1) and ovirt-engine-extension-aaa-ldap-setup-1.1.2-1.el7.centos.noarch and copy and edit example config: ------- include = <ad.properties> vars.forest = win2k8.local vars.user = ovirt-test@${global:vars.forest} vars.password = password! pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.forest} pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} ------- ovirt cant query dns in a good way. It seems like ovirt want to query "_ldap._tcp.<domain> " for SRV record (with space at the end), but it should be without space at the end. Log from ovirt-engine: [ovirt-engine-extension-aaa-ldap.authz::profile1-authz] Creating LDAP pool 'authz' 2016-01-27 13:52:33 WARNING [ovirt-engine-extension-aaa-ldap.authz::profile1-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldap._tcp.win2k8.local ': javax.naming.CommunicationException: DNS error [Root exception is java.net.SocketTimeoutException: Receive timed out]; remaining name '_ldap._tcp.win2k8.local ' caused by java.net.SocketTimeoutException: Receive timed out -------- Configuration with vars.domain works fine. In attachment log from dns server (first bad query from ovirt - `host -t SRV "_ldap._tcp.win2k8.local "`, at the end good query from shell - without space - `host -t SRV "_ldap._tcp.win2k8.local"`) Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Configure ovirt with aaa-ldap and put "vars.forest" configuration like in example 2. 3. Actual results: Can't coonect ovirt to ldap with "vars.forest" config Expected results: DNS query from aaa-ldap works fine, SRV record could be find like here (using dig or host): # host -t SRV _ldap._tcp.win2k8.local _ldap._tcp.win2k8.local has SRV record 0 100 389 win-nd8lecpmi69.win2k8.local. Additional info: