[ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory
nicola gentile
nicola.gentile.to at gmail.com
Wed Oct 11 12:37:32 UTC 2017
Yes I created by aaa-setup tool.
I noticed that the CA certificate was expired, than I download new
certificate and I run aaa-setup tool.
is there a specific place to put the certificate file ca? I put in root home.
Thank a lot
Nick
2017-10-11 14:18 GMT+02:00 Ondra Machacek <omachace at redhat.com>:
> It fails on SSL handshake:
> sun.security.validator.ValidatorException: No trusted certificate found
>
> How did you create 'polito.it.jks' file? By aaa-setup tool?
> Are use sure you've entered correct CA certificate there?
>
> On Wed, Oct 11, 2017 at 1:30 PM, nicola gentile
> <nicola.gentile.to at gmail.com> wrote:
>> 2017-10-11 10:11 GMT+02:00 nicola gentile <nicola.gentile.to at gmail.com>:
>>> Hi Martin,
>>> I attach aaa.log you suggest
>>>
>>> Nick
>>>
>>> 2017-10-10 20:41 GMT+02:00 Martin Perina <mperina at redhat.com>:
>>>> Hi,
>>>>
>>>> most probably you are affected by [1], so could you please check
>>>> certificates on all your AD servers?
>>>> You can verify using following command:
>>>>
>>>> ovirt-engine-extensions-tool --log-level=FINEST aaa login-user
>>>> --user-name=<USERNAME> --profile=<PROFILE NAME>
>>>>
>>>>
>>>> Thanks
>>>>
>>>> Martin
>>>>
>>>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1465463
>>>>
>>>>
>>>> On Tue, Oct 10, 2017 at 6:13 PM, Luca 'remix_tj' Lorenzetto
>>>> <lorenzetto.luca at gmail.com> wrote:
>>>>>
>>>>> On Tue, Oct 10, 2017 at 4:41 PM, nicola gentile
>>>>> <nicola.gentile.to at gmail.com> wrote:
>>>>> > I run the command you suggest
>>>>> > ldapsearch -h domaincontroller.dom.it -b "dc=dom,dc=it" -D user at dom.it
>>>>> > -W -x sAMAccountName=user_to_search userPrincipalName | grep
>>>>> > userPrincipalName
>>>>> >
>>>>> > This is the result:
>>>>> >
>>>>> > Enter LDAP Password:
>>>>> > # requesting: userPrincipalName
>>>>> >
>>>>>
>>>>> Supposing you're using all the right parameters in ldapsearch command,
>>>>> it seems that the user you were looking up is not a valid user in that
>>>>> directory server.
>>>>>
>>>>> Please check with someone that can access to AD and verify the status
>>>>> of the user with ADSI Edit.
>>>>>
>>>>> Luca
>>>>>
>>>>>
>>>>> --
>>>>> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
>>>>> calcoli che potrebbero essere affidati a chiunque se si usassero delle
>>>>> macchine"
>>>>> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
>>>>>
>>>>> "Internet è la più grande biblioteca del mondo.
>>>>> Ma il problema è che i libri sono tutti sparsi sul pavimento"
>>>>> John Allen Paulos, Matematico (1945-vivente)
>>>>>
>>>>> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net ,
>>>>> <lorenzetto.luca at gmail.com>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
More information about the Users
mailing list