Bug 1313583
Summary: | aaa-ldap setup tool shouldn't offer advanced option to specify custom DNS servers as it cannot be verified | ||
---|---|---|---|
Product: | [oVirt] ovirt-engine-extension-aaa-ldap | Reporter: | Badalyan Vyacheslav <v.badalyan> |
Component: | Profile.ad | Assignee: | Ondra Machacek <omachace> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Gonza <grafuls> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 1.1.2 | CC: | bugs, mgoldboi, mperina, pstehlik, v.badalyan |
Target Milestone: | ovirt-3.6.5 | Flags: | rule-engine:
ovirt-3.6.z+
mgoldboi: planning_ack+ mperina: devel_ack+ pstehlik: testing_ack+ |
Target Release: | 1.1.3 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause:
We have removed advanced option to specify custom DNS servers from ovirt-engine-extension-aaa-ldap-setup tool.
Consequence:
All references to specifying custom DNS servers in ovirt-engine-extension-aaa-ldap-setup have to be removed from documentation (Chapter 13.3. Configuring an External LDAP Provider)
Fix:
Please remove ability to specify custom DNS servers from chapter 13.3.2. Attaching an Active Directory, procedure 13.2. Configuring an External LDAP Provider, step 5.
From now on only DNS servers configured in /etc/resolv.conf can be used to resolve specified AD forrest name
Result:
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-04-21 14:41:39 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Badalyan Vyacheslav
2016-03-02 00:23:17 UTC
When it's not resolved by server in resolv.conf, you should be asked a question: "Please enter space seperated list of Active Directory DNS Servers names" Where you specify additional AD DNS servers, which are used. This question you won't get or using that servers it doesnt' work? Can you please send a log? Thanks. I don't have logs. I was setup its few weeks ago. Yes. it's ask but check for login or search user does not woek without adding DNS to resolv.conf. After install i remove dns from resolve conf and all work. It's look that setup don't use DNS what i posted to "Please enter space seperated list of Active Directory DNS Servers names". Errors was look like "Can't resolve SERVERDC.local". Setup Found AD tree. It's found main DC server name in AD, but can't connect to it, becouse can't resolve its IP. aaa-ldap currently provides an option to specify DNS servers to resolve LDAP server name which cannot be resolved by DNS configuration of the host. This is pretty non standard (it's supported only by unboundid-ldapsdk library used by aaa-ldap) and it bypasses standard host DNS configuration which could lead to issues. oVirt relies on valid DNS configuration and this specific advanced configuration shouldn't be available in aaa-ldap setup tool, which offers only basic configuration of aaa-ldap. That's why we decided to remove this option from aaa-ldap setup tool. This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions Fix will be contained in ovirt-engine-extension-aaa-ldap-1.1.3 Verified with: ovirt-engine-extension-aaa-ldap-setup-1.1.3-1.el6ev.noarch No option for custom DNS during aaa-ldap-setup. |