Re: [ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

Yes I created by aaa-setup tool. I noticed that the CA certificate was expired, than I download new certificate and I run aaa-setup tool. is there a specific place to put the certificate file ca? I put in root home. Thank a lot Nick 2017-10-11 14:18 GMT+02:00 Ondra Machacek <omachace(a)redhat.com&gt;: > It fails on SSL handshake: > sun.security.validator.ValidatorException: No trusted certificate found > > How did you create 'polito.it.jks' file? By aaa-setup tool? > Are use sure you've entered correct CA certificate there? > > On Wed, Oct 11, 2017 at 1:30 PM, nicola gentile > <nicola.gentile.to(a)gmail.com&gt; wrote: >> 2017-10-11 10:11 GMT+02:00 nicola gentile <nicola.gentile.to(a)gmail.com&gt;: >>> Hi Martin, >>> I attach aaa.log you suggest >>> >>> Nick >>> >>> 2017-10-10 20:41 GMT+02:00 Martin Perina <mperina(a)redhat.com&gt;: >>>> Hi, >>>> >>>> most probably you are affected by [1], so could you please check >>>> certificates on all your AD servers? >>>> You can verify using following command: >>>> >>>> ovirt-engine-extensions-tool --log-level=FINEST aaa login-user >>>> --user-name=<USERNAME> --profile=<PROFILE NAME> >>>> >>>> >>>> Thanks >>>> >>>> Martin >>>> >>>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1465463 >>>> >>>> >>>> On Tue, Oct 10, 2017 at 6:13 PM, Luca 'remix_tj' Lorenzetto >>>> <lorenzetto.luca(a)gmail.com&gt; wrote: >>>>> >>>>> On Tue, Oct 10, 2017 at 4:41 PM, nicola gentile >>>>> <nicola.gentile.to(a)gmail.com&gt; wrote: >>>>> > I run the command you suggest >>>>> > ldapsearch -h domaincontroller.dom.it -b "dc=dom,dc=it" -D user(a)dom.it >>>>> > -W -x sAMAccountName=user_to_search userPrincipalName | grep >>>>> > userPrincipalName >>>>> > >>>>> > This is the result: >>>>> > >>>>> > Enter LDAP Password: >>>>> > # requesting: userPrincipalName >>>>> > >>>>> >>>>> Supposing you're using all the right parameters in ldapsearch command, >>>>> it seems that the user you were looking up is not a valid user in that >>>>> directory server. >>>>> >>>>> Please check with someone that can access to AD and verify the status >>>>> of the user with ADSI Edit. >>>>> >>>>> Luca >>>>> >>>>> >>>>> -- >>>>> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare >>>>> calcoli che potrebbero essere affidati a chiunque se si usassero delle >>>>> macchine" >>>>> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) >>>>> >>>>> "Internet è la più grande biblioteca del mondo. >>>>> Ma il problema è che i libri sono tutti sparsi sul pavimento" >>>>> John Allen Paulos, Matematico (1945-vivente) >>>>> >>>>> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , >>>>> <lorenzetto.luca(a)gmail.com&gt; >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users(a)ovirt.org >>>>> http://lists.ovirt.org/mailman/listinfo/users >>>> >>>> >> >> _______________________________________________ >> Users mailing list >> Users(a)ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >>