1302313 – Active Directory forest configuration - bad DNS query

Bug 1302313 - Active Directory forest configuration - bad DNS query

Summary: Active Directory forest configuration - bad DNS query

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	ovirt-engine-extension-aaa-ldap
Classification:	oVirt
Component:	Profile.ad
Sub Component:
Version:	1.1.2
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	---
Assignee:	Itamar Heim
QA Contact:	Ondra Machacek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-27 13:15 UTC by el_Lechu
Modified:	2016-01-27 13:46 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2016-01-27 13:40:11 UTC
oVirt Team:	Infra
Embargoed:
Flags:	rule-engine: planning_ack? rule-engine: devel_ack? rule-engine: testing_ack?

Attachments	(Terms of Use)
bad/good query/response to/from DNS (8.51 KB, text/plain) 2016-01-27 13:15 UTC, el_Lechu	no flags	Details
View All

Description el_Lechu 2016-01-27 13:15:48 UTC

Created attachment 1118783 [details]
bad/good query/response to/from DNS

Description of problem:
After install ovirt(3.6.1.3-1) and ovirt-engine-extension-aaa-ldap-setup-1.1.2-1.el7.centos.noarch and copy and edit example config:
-------
include = <ad.properties>

vars.forest = win2k8.local

vars.user = ovirt-test@${global:vars.forest}
vars.password = password!

pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.forest}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

-------

ovirt cant query dns in a good way. It seems like ovirt want to query "_ldap._tcp.<domain> " for SRV record (with space at the end), but it should be without space at the end.


Log from ovirt-engine:
[ovirt-engine-extension-aaa-ldap.authz::profile1-authz] Creating LDAP pool 'authz'
2016-01-27 13:52:33 WARNING [ovirt-engine-extension-aaa-ldap.authz::profile1-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldap._tcp.win2k8.local ':  javax.naming.CommunicationException: DNS error [Root exception is java.net.SocketTimeoutException: Receive timed out]; remaining name '_ldap._tcp.win2k8.local ' caused by java.net.SocketTimeoutException: Receive timed out

--------

Configuration with vars.domain works fine.
In attachment log from dns server (first bad query from ovirt - `host -t SRV "_ldap._tcp.win2k8.local "`, at the end good query from shell - without space - `host -t SRV "_ldap._tcp.win2k8.local"`)

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Configure ovirt with aaa-ldap and put "vars.forest" configuration like in example
2.
3.

Actual results:
Can't coonect ovirt to ldap with "vars.forest" config

Expected results:
DNS query from aaa-ldap works fine, SRV record could be find like here (using dig or host):
# host -t SRV _ldap._tcp.win2k8.local
_ldap._tcp.win2k8.local has SRV record 0 100 389 win-nd8lecpmi69.win2k8.local.

Additional info:

Comment 1 Ondra Machacek 2016-01-27 13:30:38 UTC

Please ensure that you don't have trailing space at one of those lines:

vars.forest = win2k8.local
pool.default.serverset.srvrecord.domain = ${global:vars.forest}

Comment 2 el_Lechu 2016-01-27 13:40:11 UTC

LOL, you r right.  In "vars.forest = win2k8.local" I have a space. Thank you.

Note You need to log in before you can comment on or make changes to this bug.