I log my Linux machines into my domain using the infor provided by Red Hat:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-file_and_print_servers#setting_up_samba_as_a_domain_member I can login to ovirt or the other nodes without adding ldap or any special plugins. You can assign machines using AD authentication for either a specific user or group. When I login to the Ovirt or node consoles, it logs me in automatically as my domain user. I think adding the permissions to the AD users would be sufficient, but I have not tested this at all. Just passing along some information that I hope helps someone. If you have any questions, I will do my best to answer them. Eric Evans Digital Data Services LLC. 304.660.9080 From: Lucie Leistnerova <[email protected]> Sent: Thursday, February 27, 2020 10:52 AM To: Budur Nagaraju <[email protected]>; users <[email protected]> Subject: [ovirt-users] Re: ldaps-config Hi, I've checked again the options in the aaa tool. On 2/27/20 4:20 PM, Budur Nagaraju wrote: can some one help me on the issue ? badly stuck on this have not got any pointer on fix . An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldaps._tcp.abc.net <http://tcp.psecure.net> ': NameNotFoundException(DNS name not found [response code 3]), ldapSDKVersion=4.0.7, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58 It seems your DNS is not configured to resolve ldap servers. Please disable DNS and use direct fqdn/ip of the server or configure the DNS SRV record. >From the documentation: Press Enter to accept the default and configure domain name resolution for your LDAP server name: It is highly recommended to use DNS resolution for LDAP server. If for some reason you intend to use hosts or plain address disable DNS usage. Use DNS (Yes, No) [Yes]: Thanks, Nagaraju On Thu, Feb 27, 2020 at 8:48 PM Budur Nagaraju <[email protected] <mailto:[email protected]> > wrote: Hi Lucie, Can you please help me on this issue? am using ldaps for the configuration. Thanks, Nagaraju On Thu, Feb 27, 2020 at 4:00 PM Budur Nagaraju <[email protected] <mailto:[email protected]> > wrote: Hi Lucie, Have tried the option but when trying to logon from the browser getting the below error. Any tweaks can be made ? An error occurred while attempting to query DNS in order to retrieve SRV records with name '_ldaps._tcp.psecure.net <http://tcp.psecure.net> ': NameNotFoundException(DNS name not found [response code 3]), ldapSDKVersion=4.0.7, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58 Thanks, Nagaraju On Thu, Feb 27, 2020 at 3:51 PM Lucie Leistnerova <[email protected] <mailto:[email protected]> > wrote: Hi Budur, or just use the tool for it - Configuring an External LDAP Provider https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles.html Best regards, Lucie On 2/27/20 9:32 AM, Eduardo Mayoral wrote: Should be as simple as this: [root@ovirt-hc0 ~]# cat /etc/ovirt-engine/aaa/activedirectory.properties include = <ad.properties> vars.domain = XXXXXX vars.user = YYYYYYYYYYY vars.password = ZZZZZZZZZ pool.default.ssl.startTLS = true pool.default.ssl.startTLSProtocol = TLSv1.2 pool.default.auth.simple.bindDN = ${global:vars.user} pool.default.auth.simple.password = ${global:vars.password} pool.default.serverset.type = srvrecord pool.default.serverset.srvrecord.domain = ${global:vars.domain} Just remember to trust the certificate authority for the ldaps certificate in the ovirt engine server. https://stackoverflow.com/questions/37043442/how-to-add-certificate-authority-file-in-centos-7 On 27/2/20 4:42, Budur Nagaraju wrote: Hi Can someone help me in configuring ldaps in oVirt Engine 4.x ? Thanks, Nagaraju _______________________________________________ Users mailing list -- [email protected] <mailto:[email protected]> To unsubscribe send an email to [email protected] <mailto:[email protected]> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/P6QHPSFZLOZ6EZEVFQPBNII37PNIATU3/ -- Eduardo Mayoral Jimeno Systems engineer, platform department. Arsys Internet. [email protected] <mailto:[email protected]> - +34 941 620 105 - ext 2153 _______________________________________________ Users mailing list -- [email protected] <mailto:[email protected]> To unsubscribe send an email to [email protected] <mailto:[email protected]> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/ADWCGNS353CUN3CIHFBZDUWAXRHL66JB/ -- Lucie Leistnerova Senior Quality Engineer, QE Cloud, RHVM Red Hat EMEA IRC: lleistne @ #rhev-qe -- Lucie Leistnerova Senior Quality Engineer, QE Cloud, RHVM Red Hat EMEA IRC: lleistne @ #rhev-qe
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/5JMN4CL55DDFXACK5YEDN45PGCYMGWIK/
