Hi,
I'm trying to use the directory services provided by the
ovirt-engine-extension-aaa-ldap, and I can get it to successfully login
when I run the tests in the setup script, but when I login via the GUI, it
gives me:
unexpected error was encountered during validation processing:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated'
and fails login. It looks a bit like it is expecting to already be joined
to the domain, so I tried doing that manually via realmd and sssd. It
involved installing a lot of packages, such as kerberos and samba, which I
am nervous about on an engine host. Anyway, once I was joined, it still
gives me the same 'peer not authenticated' message. Does it need to be
separately bound to the domain, i.e., do you need all the other stuff
installed and running for it to work, or is the
ovirt-engine-extension-aaa-ldap package all that is needed?
Anyway, I ran the ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz command
suggested in an earlier post, and it only gave me one exception, which was:
2016-09-28 16:08:15 SEVERE Extension domain-authz could not be found
2016-09-28 16:08:15 FINE Exception:
org.ovirt.engine.core.extensions.mgr.ConfigurationException: Extension
domain-authz could not be found
Thanks for any help,
Cam