On 05/02/2016 09:35 AM, Alexis HAUSER wrote:
>> Should I report this on the bugzilla ?
>>
> You can, but I beleive this is not bug, but some misconfiguration, many
> times I've tried completelly simillar setup and it worked.
>
> Btw.. did you used 'ovirt-engine-extension-aaa-ldap-setup'? If not you
> can install it.
> $ yum install ovirt-engine-extension-aaa-ldap-setup
>
> Then just run:
> $ ovirt-engine-extension-aaa-ldap-setup
>
> And follow the steps. This tool handle for you all perms and typos
> issues, which could be introduces by manually creating those properties
> files.
Yes this is actually the tool I used first, then I modified manually as on the
documentation.
The problem in this approach is the fact you need a .profile file to be able to set up a
TLS connection between the LDAP and the engine. But this file is generated after the
interactive setup. But the interactive setup doesn't allow you to setup things
properly as the TLS isn't set up...
I am unsure I understand. What is missing in interactive setup to
properly setup TLS?
You just enter CA certificte path/url/system and Java keystore file is
created for you by the tool.
So I had to setup things with "insecure" mode and then edit it manually...