Bug 1313583 – aaa-ldap setup tool shouldn't offer advanced option to specify custom DNS servers as it cannot be verified

Bug 1313583 - aaa-ldap setup tool shouldn't offer advanced option to specify custom DNS servers as it cannot be verified

Summary:	aaa-ldap setup tool shouldn't offer advanced option to specify custom DNS ser...

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	ovirt-engine-extension-aaa-ldap
Classification:	oVirt
Component:	Profile.ad (Show other bugs)
Sub Component:
Version:	1.1.2
Hardware:	x86_64 Linux

Priority	low Severity low (vote)
Target Milestone:	ovirt-3.6.5
Target Release:	1.1.3
Assigned To:	Ondra Machacek
QA Contact:	Gonza
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2016-03-01 19:23 EST by Badalyan Vyacheslav
Modified:	2016-04-21 10:41 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: We have removed advanced option to specify custom DNS servers from ovirt-engine-extension-aaa-ldap-setup tool. Consequence: All references to specifying custom DNS servers in ovirt-engine-extension-aaa-ldap-setup have to be removed from documentation (Chapter 13.3. Configuring an External LDAP Provider) Fix: Please remove ability to specify custom DNS servers from chapter 13.3.2. Attaching an Active Directory, procedure 13.2. Configuring an External LDAP Provider, step 5. From now on only DNS servers configured in /etc/resolv.conf can be used to resolve specified AD forrest name Result:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-04-21 10:41:39 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Flags:	rule-engine: ovirt‑3.6.z+ mgoldboi: planning_ack+ mperina: devel_ack+ pstehlik: testing_ack+

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
oVirt gerrit	55134	None	None	None	2016-03-24 11:21 EDT

Groups: None (edit)

Description Badalyan Vyacheslav 2016-03-01 19:23:17 EST

Description of problem:
setup was need DNS servers in resolve conf to resolve domain. Entered in setup DNS dont used,


Version-Release number of selected component (if applicable):


How reproducible:
1. echo "8.8.8.8" > /etc/resolv.conf
2. Try add AD with local DNS

Expected results:
Resolving in setup must use entered DNS.

Comment 1 Ondra Machacek 2016-03-02 03:51:03 EST

When it's not resolved by server in resolv.conf, you should be asked a question:
"Please enter space seperated list of Active Directory DNS Servers names"
Where you specify additional AD DNS servers, which are used.
This question you won't get or using that servers it doesnt' work?

Can you please send a log? Thanks.

Comment 2 Badalyan Vyacheslav 2016-03-13 13:01:47 EDT

I don't have logs. I was setup its few weeks ago.

Yes. it's ask but check for login or search user does not woek without adding DNS to resolv.conf. After install i remove dns from resolve conf and all work. 
It's look that setup don't use DNS what i posted to "Please enter space seperated list of Active Directory DNS Servers names".

Errors was look like "Can't resolve SERVERDC.local". Setup Found AD tree. It's found main DC server name in AD, but can't connect to it, becouse can't resolve its IP.

Comment 3 Martin Perina 2016-03-24 11:21:54 EDT

aaa-ldap currently provides an option to specify DNS servers to resolve LDAP server name which cannot be resolved by DNS configuration of the host. This is pretty non standard (it's supported only by unboundid-ldapsdk library used by aaa-ldap) and it bypasses standard host DNS configuration which could lead to issues. oVirt relies on valid DNS configuration and this specific advanced configuration shouldn't be available in aaa-ldap setup tool, which offers only basic configuration of aaa-ldap. That's why we decided to remove this option from aaa-ldap setup tool.

Comment 4 Mike McCune 2016-03-28 19:15:27 EDT

This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Comment 5 Martin Perina 2016-03-31 08:21:30 EDT

Fix will be contained in ovirt-engine-extension-aaa-ldap-1.1.3

Comment 6 Gonza 2016-04-11 03:07:19 EDT

Verified with:
ovirt-engine-extension-aaa-ldap-setup-1.1.3-1.el6ev.noarch

No option for custom DNS during aaa-ldap-setup.

Note You need to log in before you can comment on or make changes to this bug.