<div dir="ltr"><div><div><div><div>Good that you make it work.<br></div><div><br>AFAIK in Active Directory is very rarely used anonymous bind, so you should<br></div>always use the username/password configuration in your properties files.<br></div><div>Or properly setup the anonymous bind, because according to logs there<br></div><div>are some ldap attributes with strange values.<br></div><div><br></div>The aaa-ldap doesn't use the user from the login fields, as it's not correct.<br></div>You should have setup some search user which does authorization, it<br></div>should not be performed by user which is trying to login.<br><div><div><div><div><div><div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 13, 2016 at 9:35 PM, Bill Bill <span dir="ltr"><<a href="mailto:jax2568@outlook.com" target="_blank">jax2568@outlook.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div class="m_7719534996206518839WordSection1">
<p class="MsoNormal">I was actually able to resolve this by renaming the corresponding files in the /etc/pki/ovirt-engine/aaa directory and the extentions.d directory. Then, I simply ran the ovirt-engine-extension-aaa-<wbr>ldap-setup command and re-added the AD
back. The users were not affected since they were already in oVirt.</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I have found that in the properties file, it stores the login information I used to set the connection up. If I remove those, the error is generated. It seems as though unless there’s a username/password stored in plain text in that file,
the AD connection will not work. Is this correct or are there some variables that can be entered to use the info from the login fields?</p>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="border:none;padding:0in"><b>From: </b><a href="mailto:mperina@redhat.com" target="_blank">Martin Perina</a><br>
<b>Sent: </b>Tuesday, December 13, 2016 3:28 AM<br>
<b>To: </b><a href="mailto:jax2568@outlook.com" target="_blank">Bill Bill</a><br>
<b>Cc: </b><a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a>; <a href="mailto:omachace@redhat.com" target="_blank">
Ondra Machacek</a><br>
<b>Subject: </b>Re: [ovirt-users] unexpected comma found at the end of DN string</p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div><div><div class="h5">
<div>
<div dir="ltr">
<div>Hi,<br>
<br>
</div>
<div>could you please execute following command to get full logs from login flow and share those logs?<br>
<br>
ovirt-engine-extensions-tool --log-level=FINEST aaa login-user --profile=<PROFILE_NAME> --user-name=<USERNAME><br>
<br>
</div>
<div>Please replace <PROFILE_NAME> and <USERNAME> according to your setup.<br>
<br>
</div>
<div>Thanks<br>
<br>
</div>
<div>Martin Perina<br>
<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Dec 13, 2016 at 9:03 AM, Bill Bill <span dir="ltr">
<<a href="mailto:jax2568@outlook.com" target="_blank">jax2568@outlook.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="#954F72" lang="EN-US">
<div class="m_7719534996206518839m_1628617985248980709WordSection1">
<p class="MsoNormal">Hello,</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Getting this and have no idea where to begin:</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">server_error: Unexpected comma or semicolon found at the end of the DN string.</p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Server is set up with AD for authentication. The problem started after attempting to change SSL certificates with our own however, that failed so we rolled back. Now, authentication doesn’t work anymore and the error is vague.
</p>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.phx.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.phx.ovirt.org/mai<wbr>lman/listinfo/users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div></div></div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.phx.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.phx.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div></div></div></div></div></div></div></div></div>