Bug 1302313 - Active Directory forest configuration - bad DNS query
Summary: Active Directory forest configuration - bad DNS query
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: ovirt-engine-extension-aaa-ldap
Classification: oVirt
Component: Profile.ad
Version: 1.1.2
Hardware: All
OS: Linux
unspecified
urgent
Target Milestone: ---
: ---
Assignee: Itamar Heim
QA Contact: Ondra Machacek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-27 13:15 UTC by el_Lechu
Modified: 2016-01-27 13:46 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-01-27 13:40:11 UTC
oVirt Team: Infra
Embargoed:
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?


Attachments (Terms of Use)
bad/good query/response to/from DNS (8.51 KB, text/plain)
2016-01-27 13:15 UTC, el_Lechu
no flags Details

Description el_Lechu 2016-01-27 13:15:48 UTC
Created attachment 1118783 [details]
bad/good query/response to/from DNS

Description of problem:
After install ovirt(3.6.1.3-1) and ovirt-engine-extension-aaa-ldap-setup-1.1.2-1.el7.centos.noarch and copy and edit example config:
-------
include = <ad.properties>

vars.forest = win2k8.local

vars.user = ovirt-test@${global:vars.forest}
vars.password = password!

pool.default.serverset.type = srvrecord
pool.default.serverset.srvrecord.domain = ${global:vars.forest}
pool.default.auth.simple.bindDN = ${global:vars.user}
pool.default.auth.simple.password = ${global:vars.password}

-------

ovirt cant query dns in a good way. It seems like ovirt want to query "_ldap._tcp.<domain> " for SRV record (with space at the end), but it should be without space at the end.


Log from ovirt-engine:
[ovirt-engine-extension-aaa-ldap.authz::profile1-authz] Creating LDAP pool 'authz'
2016-01-27 13:52:33 WARNING [ovirt-engine-extension-aaa-ldap.authz::profile1-authz] Cannot initialize LDAP framework, deferring initialization. Error: An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldap._tcp.win2k8.local ':  javax.naming.CommunicationException: DNS error [Root exception is java.net.SocketTimeoutException: Receive timed out]; remaining name '_ldap._tcp.win2k8.local ' caused by java.net.SocketTimeoutException: Receive timed out

--------

Configuration with vars.domain works fine.
In attachment log from dns server (first bad query from ovirt - `host -t SRV "_ldap._tcp.win2k8.local "`, at the end good query from shell - without space - `host -t SRV "_ldap._tcp.win2k8.local"`)

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Configure ovirt with aaa-ldap and put "vars.forest" configuration like in example
2.
3.

Actual results:
Can't coonect ovirt to ldap with "vars.forest" config

Expected results:
DNS query from aaa-ldap works fine, SRV record could be find like here (using dig or host):
# host -t SRV _ldap._tcp.win2k8.local
_ldap._tcp.win2k8.local has SRV record 0 100 389 win-nd8lecpmi69.win2k8.local.

Additional info:

Comment 1 Ondra Machacek 2016-01-27 13:30:38 UTC
Please ensure that you don't have trailing space at one of those lines:

vars.forest = win2k8.local
pool.default.serverset.srvrecord.domain = ${global:vars.forest}

Comment 2 el_Lechu 2016-01-27 13:40:11 UTC
LOL, you r right.  In "vars.forest = win2k8.local" I have a space. Thank you.


Note You need to log in before you can comment on or make changes to this bug.