Re: [ovirt-users] Errors while trying to join an external LDPA provider
On 05/02/2016 03:02 PM, Alexis HAUSER wrote:
>> I am unsure I understand. What is missing in interactive setup to
>> properly setup TLS?
>> You just enter CA certificte path/url/system and Java keystore file is
>> created for you by the tool.
> I'll try to generate a new file with the interactive setup and tell you if the
result is different.
So, here is my problem when using the interactive setup :
[ INFO ] Connecting to LDAP using 'ldaps://xxxx:636'
[WARNING] Cannot connect using 'ldaps://xxxx:636': {'info': "TLS
error -8172:Peer's certificate issuer has been marked as not trusted by the
user.", 'desc': "Can't contact LDAP server"}
[ ERROR ] Cannot connect using any of available options
Are you sure you've specified correct CA?
Can you try running this command:
LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x
-D '@USERDN@' -w '@USERPW@' -b '@BASEDN@'
If it fail then most probably you have incorrect CA certificate.
If it succeed, please open bug in bugzilla with logs of setup tool if
possible.