Bug 1313583

Summary: aaa-ldap setup tool shouldn't offer advanced option to specify custom DNS servers as it cannot be verified
Product: [oVirt] ovirt-engine-extension-aaa-ldap Reporter: Badalyan Vyacheslav <v.badalyan>
Component: Profile.adAssignee: Ondra Machacek <omachace>
Status: CLOSED CURRENTRELEASE QA Contact: Gonza <grafuls>
Severity: low Docs Contact:
Priority: low    
Version: 1.1.2CC: bugs, mgoldboi, mperina, pstehlik, v.badalyan
Target Milestone: ovirt-3.6.5Flags: rule-engine: ovirt-3.6.z+
mgoldboi: planning_ack+
mperina: devel_ack+
pstehlik: testing_ack+
Target Release: 1.1.3   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: We have removed advanced option to specify custom DNS servers from ovirt-engine-extension-aaa-ldap-setup tool. Consequence: All references to specifying custom DNS servers in ovirt-engine-extension-aaa-ldap-setup have to be removed from documentation (Chapter 13.3. Configuring an External LDAP Provider) Fix: Please remove ability to specify custom DNS servers from chapter 13.3.2. Attaching an Active Directory, procedure 13.2. Configuring an External LDAP Provider, step 5. From now on only DNS servers configured in /etc/resolv.conf can be used to resolve specified AD forrest name Result:
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-21 14:41:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Badalyan Vyacheslav 2016-03-02 00:23:17 UTC 
Description of problem:
setup was need DNS servers in resolve conf to resolve domain. Entered in setup DNS dont used,


Version-Release number of selected component (if applicable):


How reproducible:
1. echo "8.8.8.8" > /etc/resolv.conf
2. Try add AD with local DNS

Expected results:
Resolving in setup must use entered DNS.
Comment 1 Ondra Machacek 2016-03-02 08:51:03 UTC 
When it's not resolved by server in resolv.conf, you should be asked a question:
"Please enter space seperated list of Active Directory DNS Servers names"
Where you specify additional AD DNS servers, which are used.
This question you won't get or using that servers it doesnt' work?

Can you please send a log? Thanks.
Comment 2 Badalyan Vyacheslav 2016-03-13 17:01:47 UTC 
I don't have logs. I was setup its few weeks ago.

Yes. it's ask but check for login or search user does not woek without adding DNS to resolv.conf. After install i remove dns from resolve conf and all work. 
It's look that setup don't use DNS what i posted to "Please enter space seperated list of Active Directory DNS Servers names".

Errors was look like "Can't resolve SERVERDC.local". Setup Found AD tree. It's found main DC server name in AD, but can't connect to it, becouse can't resolve its IP.
Comment 3 Martin Perina 2016-03-24 15:21:54 UTC 
aaa-ldap currently provides an option to specify DNS servers to resolve LDAP server name which cannot be resolved by DNS configuration of the host. This is pretty non standard (it's supported only by unboundid-ldapsdk library used by aaa-ldap) and it bypasses standard host DNS configuration which could lead to issues. oVirt relies on valid DNS configuration and this specific advanced configuration shouldn't be available in aaa-ldap setup tool, which offers only basic configuration of aaa-ldap. That's why we decided to remove this option from aaa-ldap setup tool.
Comment 4 Mike McCune 2016-03-28 23:15:27 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 5 Martin Perina 2016-03-31 12:21:30 UTC 
Fix will be contained in ovirt-engine-extension-aaa-ldap-1.1.3
Comment 6 Gonza 2016-04-11 07:07:19 UTC 
Verified with:
ovirt-engine-extension-aaa-ldap-setup-1.1.3-1.el6ev.noarch

No option for custom DNS during aaa-ldap-setup.