This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
First Last Prev Next    This bug is not in your last search results.
Bug 1302313 - Active Directory forest configuration - bad DNS query
Active Directory forest configuration - bad DNS query
Status: CLOSED NOTABUG
Product: ovirt-engine-extension-aaa-ldap
Classification: oVirt
Component: Profile.ad (Show other bugs)
1.1.2
All Linux
unspecified Severity urgent (vote)
: ---
: ---
Assigned To: Itamar Heim
Ondra Machacek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-27 08:15 EST by el_Lechu
Modified: 2016-01-27 08:46 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-27 08:40:11 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?

Attachments (Terms of Use)
bad/good query/response to/from DNS (8.51 KB, text/plain)
2016-01-27 08:15 EST, el_Lechu 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description el_Lechu 2016-01-27 08:15:48 EST 
Created attachment 1118783 [details]
bad/good query/response to/from DNS

Description of problem:
After install ovirt(3.6.1.3-1) and ovirt-engine-extension-aaa-ldap-setup-1.1.2-1.el7.centos.noarch and copy and edit example config:
-------
include = <ad.properties>

vars.forest = win2k8.local

vars.user = ovirt-test@${global:vars.forest}
vars.password = password!

pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.forest}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

-------

ovirt cant query dns in a good way. It seems like ovirt want to query "_ldap._tcp.<domain> " for SRV record (with space at the end), but it should be without space at the end.


Log from ovirt-engine:
[ovirt-engine-extension-aaa-ldap.authz::profile1-authz] Creating LDAP pool 'authz'
2016-01-27 13:52:33 WARNING [ovirt-engine-extension-aaa-ldap.authz::profile1-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldap._tcp.win2k8.local ':  javax.naming.CommunicationException: DNS error [Root exception is java.net.SocketTimeoutException: Receive timed out]; remaining name '_ldap._tcp.win2k8.local ' caused by java.net.SocketTimeoutException: Receive timed out

--------

Configuration with vars.domain works fine.
In attachment log from dns server (first bad query from ovirt - `host -t SRV "_ldap._tcp.win2k8.local "`, at the end good query from shell - without space - `host -t SRV "_ldap._tcp.win2k8.local"`)

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Configure ovirt with aaa-ldap and put "vars.forest" configuration like in example
2.
3.

Actual results:
Can't coonect ovirt to ldap with "vars.forest" config

Expected results:
DNS query from aaa-ldap works fine, SRV record could be find like here (using dig or host):
# host -t SRV _ldap._tcp.win2k8.local
_ldap._tcp.win2k8.local has SRV record 0 100 389 win-nd8lecpmi69.win2k8.local.

Additional info:
Comment 1 Ondra Machacek 2016-01-27 08:30:38 EST 
Please ensure that you don't have trailing space at one of those lines:

vars.forest = win2k8.local
pool.default.serverset.srvrecord.domain = ${global:vars.forest}
Comment 2 el_Lechu 2016-01-27 08:40:11 EST 
LOL, you r right.  In "vars.forest = win2k8.local" I have a space. Thank you.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.