On 05/27/2016 11:15 AM, Alexis HAUSER wrote:
> you use '_ldaps._tcp' in ovirt not '_ldap._tcp'
as in dig.
> And '_ldaps' is what's missing in your DNS.
Oh ! you're right, I didn't even see that ! I was confused by all this. I'll
ask someone to add these SRV records.
> Unfortunatelly using '_ldaps._tcp' is not any standart. But that's what
> usually people do if they can't use startTLS.
So, in a way we could say that Ovirt expect users to use Start_TLS with AD, but not ldaps
?
Should I open a RFE about this ?
Well startTLS is prefered always before ldaps, not only in AD. So maybe
you can open
documentation bug, so we will properly describe how this DNS SRV server
set works and what
needs to be done, to get it properly working.
> This message doesn't say much. Can you please send full Java exception
> stack trace?
Yes, here is the full log when trying to use StartTLS :
https://bpaste.net/show/5719b47c45e5
Please tell me if it gives you see anything in it.
Unfortunatelly no, I can only see that's something wrong with SSL.
'ovirt-engine-extensions-tool' logs would be more helpfull.
Btw, did you installed it via 'ovirt-engine-extension-aaa-ldap-setup'?
There you can choose startTLS, so you can avoid typos in configuration.
(and again, thanks for all your help)
you're welcome