Description of problem: our ad forest _ldap._tcp.gc._msdcs.<forest> has too many entries for a udp lookup. That means dig returns nothing and setup fails. Problem is here: https://github.com/oVirt/ovirt-engine-extension-aaa-ldap/blob/8208f97c86b421327c63564942332f2b4f0ddd1b/setup/plugins/ovirt-engine-extension-aaa-ldap/ldap/common.py#L152 +ignore means no fallback to tcp for answers that are too long for udp Version-Release number of selected component (if applicable): How reproducible: Have a srv record that is too long for udp and run ovirt-engine-extension-aaa-ldap-setup Actual results: [ ERROR ] Failed to execute stage 'Environment customization': Active Directory forest is not resolvable, please make sure you've entered correct forest name. If for some reason you can't use forest and you need some special configuration instead, please refer to examples directory provided by ovirt-engine-extension-aaa-ldap package. Expected results: working ad setup Additional info: Support Case 02433928
If I remove the +ignore it seems to work.
No need to have both upstream and downstream bugs *** This bug has been marked as a duplicate of bug 1733111 ***