[ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

Wed Oct 11 12:56:33 UTC 2017

You can download it just a temporary, for example to /tmp.
Then aaa-setup-tool wil create jks file in /etc/ovirt-engine/aaa/ directory.
After that you can remove the CA file and keep just jks file.

On Wed, Oct 11, 2017 at 2:37 PM, nicola gentile
<nicola.gentile.to at gmail.com> wrote:
> Yes I created by aaa-setup tool.
> I noticed that the CA certificate was expired, than I download new
> certificate and I run aaa-setup tool.
>
> is there a specific place to put the certificate file ca? I put in root home.
>
> Thank a lot
>
> Nick
>
> 2017-10-11 14:18 GMT+02:00 Ondra Machacek <omachace at redhat.com>:
>> It fails on SSL handshake:
>>  sun.security.validator.ValidatorException: No trusted certificate found
>>
>> How did you create 'polito.it.jks' file? By aaa-setup tool?
>> Are use sure you've entered correct CA certificate there?
>>
>> On Wed, Oct 11, 2017 at 1:30 PM, nicola gentile
>> <nicola.gentile.to at gmail.com> wrote:
>>> 2017-10-11 10:11 GMT+02:00 nicola gentile <nicola.gentile.to at gmail.com>:
>>>> Hi Martin,
>>>> I attach aaa.log you suggest
>>>>
>>>> Nick
>>>>
>>>> 2017-10-10 20:41 GMT+02:00 Martin Perina <mperina at redhat.com>:
>>>>> Hi,
>>>>>
>>>>> most probably you are affected by [1], so could you please check
>>>>> certificates on all your AD servers?
>>>>> You can verify using following command:
>>>>>
>>>>>   ovirt-engine-extensions-tool --log-level=FINEST aaa login-user
>>>>> --user-name=<USERNAME> --profile=<PROFILE NAME>
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>> Martin
>>>>>
>>>>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1465463
>>>>>
>>>>>
>>>>> On Tue, Oct 10, 2017 at 6:13 PM, Luca 'remix_tj' Lorenzetto
>>>>> <lorenzetto.luca at gmail.com> wrote:
>>>>>>
>>>>>> On Tue, Oct 10, 2017 at 4:41 PM, nicola gentile
>>>>>> <nicola.gentile.to at gmail.com> wrote:
>>>>>> > I run the command you suggest
>>>>>> > ldapsearch -h domaincontroller.dom.it -b "dc=dom,dc=it" -D user at dom.it
>>>>>> > -W -x sAMAccountName=user_to_search userPrincipalName | grep
>>>>>> > userPrincipalName
>>>>>> >
>>>>>> > This is the result:
>>>>>> >
>>>>>> > Enter LDAP Password:
>>>>>> > # requesting: userPrincipalName
>>>>>> >
>>>>>>
>>>>>> Supposing you're using all the right parameters in ldapsearch command,
>>>>>> it seems that the user you were looking up is not a valid user in that
>>>>>> directory server.
>>>>>>
>>>>>> Please check with someone that can access to AD and verify the status
>>>>>> of the user with ADSI Edit.
>>>>>>
>>>>>> Luca
>>>>>>
>>>>>>
>>>>>> --
>>>>>> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare
>>>>>> calcoli che potrebbero essere affidati a chiunque se si usassero delle
>>>>>> macchine"
>>>>>> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
>>>>>>
>>>>>> "Internet è la più grande biblioteca del mondo.
>>>>>> Ma il problema è che i libri sono tutti sparsi sul pavimento"
>>>>>> John Allen Paulos, Matematico (1945-vivente)
>>>>>>
>>>>>> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net ,
>>>>>> <lorenzetto.luca at gmail.com>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at ovirt.org
>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>
>>>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>