>> Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On >> the DNS server I'm using ? >On DNS you are using, usually on AD DNS.
Well actually this DNS name doesn't exist and seem to be only an unspecified variable in ovirt...I have no reason to create a DNS entry for it. I think you missed my previous mail (with the error logs with different parameters for DNS) :) >> Actually, it's using ldaps yes. It doesnt solve my issue but I don't know >> where this DNS server comes from, I think it doesn't exist... >In AD startTLS usually works by default, strange. Why you disable it? Here we're using ldaps > > I tried to configure it by adding vars.dns = dns://one_of_the_adservers.com > and the same with ":636" at the end, but none of them works, it's still > trying to reach this weird address with underlines : > _ldaps._tcp.university.mydomain.com >This error means, that you don't have SRV record for >'_ldaps._tcp.university.mydomain.com'. You need to create first, before >changing aaa-ldap configuration. >You can check if it's resolvable, by running following command: > $ dig @one_of_the_adservers.com _ldaps._tcp.university.mydomain.com SRV dig @one_of_the_adservers.com _ldaps._tcp.university.mydomain.com SRV ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @one_of_the_adservers.com _ldaps._tcp.university.mydomain.com SRV ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29630 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;_ldaps._tcp.university.mydomain.com. IN SRV ;; AUTHORITY SECTION: university.mydomain.com. 3600 IN SOA one_of_the_adservers.com. another_server.com. 36174 900 600 86400 3600 ;; Query time: 5 msec ;; SERVER: X.X.X.X#53(X.X.X.X) ;; WHEN: Thu May 26 11:36:43 2016 ;; MSG SIZE rcvd: 134 It seems to confirm what I said : this DNS entry doesn't seem to exist. >> Actually that's what I said : only .properties file are detected. The >> problem is about the namespaces : when LDAP.properties file and >> AD.properties file are activated, the >>namespace suggested in the web >> interface in the user tab, when choosing AD, is the DN of the LDAP...Which >> seems to be a bug....Namespaces of everything are mixed...And if I >>select >> internal and then select again AD, a new namespace appears : * (from >> internal). >> This a weird behavior, right ? >> >Yes, that's weird, but I guess it's misconfigured. Doesn't your names of >extensions conflict? >I think that you combine values(names) 'ovirt.engine.extension.name' for >both AD and OpenLDAP. It should differ. Can you post those configurations? Actually I don't have any ovirt.engine.extension.name parameter in the aaa/.properties If you mean the authn and authz files, here they are (is that single line with ovirt-engine/ at the end of the first (AD) authz a normal thing...?) : AD : ovirt.engine.extension.name = AD-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = ../aaa/AD.properties ovirt-engine/ ovirt.engine.extension.name = AD-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = AD ovirt.engine.aaa.authn.authz.plugin = AD-authz config.profile.file.1 = ../aaa/AD.properties LDAP : ovirt.engine.extension.name = public-authz ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthzExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authz config.profile.file.1 = ../aaa/public.properties ovirt.engine.extension.name = public-authn ovirt.engine.extension.bindings.method = jbossmodule ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.aaa.ldap ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.aaa.ldap.AuthnExtension ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.aaa.Authn ovirt.engine.aaa.authn.profile.name = public ovirt.engine.aaa.authn.authz.plugin = public-authz config.profile.file.1 = ../aaa/public.properties _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
