5:03 p.m.
On Thu, May 30, 2019 at 3:43 PM <rubennunes12(a)gmail.com> wrote:
It gives the same error that can't connect because of invalid
credentials
and when i try to put the hostname on the option of Single Server it can't
resolve the host but when i ping him i can resolve it.
[snip]
NOTE:
It is highly recommended to use DNS resolution for LDAP server.
If for some reason you intend to use hosts or plain address
disable DNS usage.
Use DNS (Yes, No) [Yes]:
Available policy method:
1 - Single server
2 - DNS domain LDAP SRV record
3 - Round-robin between multiple hosts
4 - Failover between multiple hosts
Please select: 1
Please enter host address: 192.168.16.114
[WARNING] Detected plain IP address '192.168.16.114', disabling DNS.
I was in error... Here you should put hostname and not ip... ldap.lab.local
NOTE:
It is highly recommended to use secure protocol to access the
LDAP server.
Protocol startTLS is the standard recommended method to do so.
Only in cases in which the startTLS is not supported, fallback
to non standard ldaps protocol.
Use plain for test environments only.
Please select protocol to use (startTLS, ldaps, plain)
[startTLS]:
Please select method to obtain PEM encoded CA certificate (File,
URL, Inline, System, Insecure): Insecure
I was wrong also here...
The steps above you should not select the default, so "startTLS", but
"plain" if your ldap server doesn't listen on secure port
Actually it seems it listens, but its certificate is something like this
below with localhost....
2019-05-30 14:29:04,594+01 WARNING
[ovirt-engine-extension-aaa-ldap.authn::lab.local-authn] TLS/SSL insecure
mode
2019-05-30 14:29:04,674+01 WARNING Exception: The connection
reader was unable to successfully complete TLS negotiation:
LDAPException(resultCode=91 (connect error), errorMessage='Hostname
verification failed because the expected hostname '192.168.16.114' was not
found in peer certificate 'subject='CN=localhost'
dNSName='localhost'
dNSName='localhost' dNSName='localhost.localdomain''.',
ldapSDKVersion=4.0.5, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58)
2019-05-30 14:29:04,675+01 INFO Extension
'lab.local-authn'
initialized
2019-05-30 14:29:04,675+01 INFO Initializing extension
'lab.local'
2019-05-30 14:29:04,676+01 INFO
[ovirt-engine-extension-aaa-ldap.authz::lab.local] Creating LDAP pool
'authz'
2019-05-30 14:29:04,676+01 WARNING
[ovirt-engine-extension-aaa-ldap.authz::lab.local] TLS/SSL insecure mode
2019-05-30 14:29:04,776+01 WARNING Exception: The connection
reader was unable to successfully complete TLS negotiation:
LDAPException(resultCode=91 (connect error), errorMessage='Hostname
verification failed because the expected hostname '192.168.16.114' was not
found in peer certificate 'subject='CN=localhost'
dNSName='localhost'
dNSName='localhost' dNSName='localhost.localdomain''.',
ldapSDKVersion=4.0.5, revision=b28fb50058dfe2864171df2448ad2ad2b4c2ad58)
Retry using ldap.lab.local and plain
And also, in the second part when it tries to run a login flow, don't use
your bind user (node1), but a real user that I think it should already
exist on ldap server and that should be one of the users that have to
authenticate in oVirt....
Gianluca