Re: [ovirt-users] [ATN] LDAP Users please read

From: "Alon Bar-Lev" <alonbl(a)redhat.com&gt; To: "Joop" <jvdwege(a)xs4all.nl&gt; Cc: users(a)ovirt.org Sent: Thursday, August 6, 2015 7:05:38 PM Subject: Re: [ovirt-users] [ATN] LDAP Users please read ----- Original Message ----- > From: "Joop" <jvdwege(a)xs4all.nl&gt; > To: users(a)ovirt.org > Sent: Thursday, August 6, 2015 4:28:00 PM > Subject: Re: [ovirt-users] [ATN] LDAP Users please read > > Hi Alon, > > I'll take the bait :-) Good! > I have just installed the extension and the examples are there. > I also installed the migration tool. Now it comes. > We use Samba4 as our AD provider and have succesfully connected > Foreman-1.8 to it using the cert that I got from the server. > The same cert doesn't work with the migration tool. So either I'm > confused or .. The first possibility is most likely. I always trip over > certs and terminology. > Error I got: > [root@mgmt01 ~]# ovirt-engine-kerbldap-migration-tool --debug --domain > ad.nieuwland.nl --cacert ad02.pem > [INFO ] tool: ovirt-engine-kerbldap-migration-1.0.2 > (ovirt-engine-kerbldap-migration-1.0.2-1.el6ev) > [INFO ] Connecting to database > [INFO ] Sanity checks > [INFO ] Loading options > [INFO ] Using ldap URI: ldap://ad01.ad.nieuwland.nl:389 > [ERROR ] Conversion failed: {'info': "TLS error -8172:Peer's > certificate issuer has been marked as not trusted by the user.", 'desc': > 'Connect error'} > > And now... Interesting. Can you please attach the ad02.pem certificate, and paste the output of the following command? $ openssl s_client -connect ad01.ad.nieuwland.nl:636 -showcerts < /dev/null There is no leak of sensitive information, it will enable me to determine what is wrong,.