2:04 a.m.
--_000_ff591869654646c7bc8df4c4af6d898fdoongaorg_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi,
I've been pulling my hair out over this one. Here's the outp=
ut of ovirt-engine-extension-aaa-ldap-setup. Everything works fine if I use=
"plain" but I don't really want to do that. I searched the error that's
sh=
own below and tried several different "fixes" but none of them helped. Thes=
e are Server 2016 DCs. Not too sure where to go next.
[ INFO ] Stage: Initializing
[ INFO ] Stage: Environment setup
Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup=
.conf.d/10-packaging.conf']
Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-201707151709=
53-wfo1pk.log
Version: otopi-1.6.2 (otopi-1.6.2-1.el7.centos)
[ INFO ] Stage: Environment packages setup
[ INFO ] Stage: Programs detection
[ INFO ] Stage: Environment customization
Welcome to LDAP extension configuration program
Available LDAP implementations:
1 - 389ds
2 - 389ds RFC-2307 Schema
3 - Active Directory
4 - IBM Security Directory Server
5 - IBM Security Directory Server RFC-2307 Schema
6 - IPA
7 - Novell eDirectory RFC-2307 Schema
8 - OpenLDAP RFC-2307 Schema
9 - OpenLDAP Standard Schema
10 - Oracle Unified Directory RFC-2307 Schema
11 - RFC-2307 Schema (Generic)
12 - RHDS
13 - RHDS RFC-2307 Schema
14 - iPlanet
Please select: 3
Please enter Active Directory Forest name: home.doonga.org
[ INFO ] Resolving Global Catalog SRV record for home.doonga.org
[ INFO ] Resolving LDAP SRV record for home.doonga.org
NOTE:
It is highly recommended to use secure protocol to access the LDA=
P server.
Protocol startTLS is the standard recommended method to do so.
Only in cases in which the startTLS is not supported, fallback to=
non standard ldaps protocol.
Use plain for test environments only.
Please select protocol to use (startTLS, ldaps, plain) [startTLS]=
: ldaps
Please select method to obtain PEM encoded CA certificate (File, =
URL, Inline, System, Insecure): System
[ INFO ] Resolving SRV record 'home.doonga.org'
[ INFO ] Connecting to LDAP using 'ldaps://DC1.home.doonga.org:636'
[WARNING] Cannot connect using 'ldaps://DC1.home.doonga.org:636': {'info':
=
'TLS error -8157:Certificate extension not found.', 'desc':
"Can't contact =
LDAP server"}
[ INFO ] Connecting to LDAP using 'ldaps://DC2.home.doonga.org:636'
[WARNING] Cannot connect using 'ldaps://DC2.home.doonga.org:636': {'info':
=
'TLS error -8157:Certificate extension not found.', 'desc':
"Can't contact =
LDAP server"}
[ INFO ] Connecting to LDAP using 'ldaps://DC3.home.doonga.org:636'
[WARNING] Cannot connect using 'ldaps://DC3.home.doonga.org:636': {'info':
=
'TLS error -8157:Certificate extension not found.', 'desc':
"Can't contact =
LDAP server"}
[ ERROR ] Cannot connect using any of available options
Also:
2017-07-15 18:18:06 INFO otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap=
.common common._connectLDAP:391 Connecting to LDAP using 'ldap://DC2.home.d=
oonga.org:389'
2017-07-15 18:18:06 INFO otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap=
.common common._connectLDAP:442 Executing startTLS
2017-07-15 18:18:06 DEBUG otopi.plugins.ovirt_engine_extension_aaa_ldap.lda=
p.common common._connectLDAP:459 Exception
Traceback (most recent call last):
File "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovi=
rt-engine-extension-aaa-ldap/ldap/common.py", line 443, in _connectLDAP
c.start_tls_s()
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 564, i=
n start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in=
_ldap_call
result =3D func(*args,**kwargs)
CONNECT_ERROR: {'info': 'TLS error -8157:Certificate extension not
found.',=
'desc': 'Connect error'}
2017-07-15 18:18:06 WARNING otopi.plugins.ovirt_engine_extension_aaa_ldap.l=
dap.common common._connectLDAP:463 Cannot connect using 'ldap://DC2.home.do=
onga.org:389': {'info': 'TLS error -8157:Certificate extension not
found.',=
'desc': 'Connect error'}
2017-07-15 18:18:06 INFO otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap=
.common common._connectLDAP:391 Connecting to LDAP using 'ldap://DC3.home.d=
oonga.org:389'
2017-07-15 18:18:06 INFO otopi.plugins.ovirt_engine_extension_aaa_ldap.ldap=
.common common._connectLDAP:442 Executing startTLS
2017-07-15 18:18:06 DEBUG otopi.plugins.ovirt_engine_extension_aaa_ldap.lda=
p.common common._connectLDAP:459 Exception
Traceback (most recent call last):
File "/usr/share/ovirt-engine-extension-aaa-ldap/setup/bin/../plugins/ovi=
rt-engine-extension-aaa-ldap/ldap/common.py", line 443, in _connectLDAP
c.start_tls_s()
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 564, i=
n start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in=
_ldap_call
result =3D func(*args,**kwargs)
CONNECT_ERROR: {'info': 'TLS error -8157:Certificate extension not
found.',=
'desc': 'Connect error'}
Any help would be appreciated!
Thanks
--_000_ff591869654646c7bc8df4c4af6d898fdoongaorg_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml"
xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word"
=
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"
xmlns=3D"http:=
//www.w3.org/TR/REC-html40" <head <meta http-equiv=3D"Content-Type"
content=3D"text/html; charset=3Dus-ascii"=
<meta name=3D"Generator" content=3D"Microsoft
Word 15 (filtered medium)" <style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" / </xml><![endif]--><!--[if gte mso
9]><xml <o:shapelayout
v:ext=3D"edit" <o:idmap v:ext=3D"edit"
data=3D"1" /
</o:shapelayout></xml><![endif]--
</head <body lang=3D"EN-US"
link=3D"#0563C1" vlink=3D"#954F72" <div
class=3D"WordSection1" <p
class=3D"MsoNormal">Hi,<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; I’ve been pulling my hair
out over t=
his one. Here’s the output of ovirt-engine-extension-aaa-ldap-setup. =
Everything works fine if I use “plain” but I don’t really=
want to do that. I searched the error that’s shown below and
tried several different “fixes” but none of them helped. These=
are Server 2016 DCs. Not too sure where to go next.<o:p></o:p></p <p
class=3D"MsoNormal"><o:p> </o:p></p <p class=3D"MsoNormal">[ INFO ]
Stage: Initializing<o:p></o:p></p <p
class=3D"MsoNormal">[ INFO ] Stage: Environment
setup<o:p></o:p></=
p <p
class=3D"MsoNormal"> &nbs=
p; Configuration files: ['/etc/ovirt-engine-extension-aaa-ldap-setup.conf.d=
/10-packaging.conf']<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; Log file: /tmp/ovirt-engine-extension-aaa-ldap-setup-20170715170953-wfo1=
pk.log<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; Version: otopi-1.6.2 (otopi-1.6.2-1.el7.centos)<o:p></o:p></p <p class=3D"MsoNormal">[ INFO ]
Stage: Environment packages setup<o:p=
></o:p></p <p
class=3D"MsoNormal">[ INFO ] Stage: Programs
detection<o:p></o:p><=
/p <p class=3D"MsoNormal">[ INFO ]
Stage: Environment customization<o:p>=
</o:p></p <p
class=3D"MsoNormal"> &nbs=
p; Welcome to LDAP extension configuration program<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; Available LDAP implementations:<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 1 - 389ds<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 2 - 389ds RFC-2307 Schema<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 3 - Active Directory<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 4 - IBM Security Directory Server<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 5 - IBM Security Directory Server RFC-2307
Schema<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 6 - IPA<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 7 - Novell eDirectory RFC-2307 Schema<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 8 - OpenLDAP RFC-2307 Schema<o:p></o:p></p <p
class=3D"MsoNormal">
&nb=
sp; 9 - OpenLDAP Standard Schema<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 10 - Oracle Unified Directory RFC-2307 Schema<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 11 - RFC-2307 Schema (Generic)<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 12 - RHDS<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 13 - RHDS RFC-2307 Schema<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; 14 - iPlanet<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; Please select: 3<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; Please enter Active Directory Forest name:
home.doonga.org<o:p></o:p></p=
<p class=3D"MsoNormal">[ INFO ]
Resolving Global Catalog SRV record f=
or home.doonga.org<o:p></o:p></p <p
class=3D"MsoNormal">[ INFO ] Resolving LDAP SRV record for
home.do=
onga.org<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; NOTE:<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; It is highly recommended to use secure protocol to access the LDAP serve=
r.<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; Protocol startTLS is the standard recommended method to do so.<o:p></o:p=
></p <p
class=3D"MsoNormal"> &nbs=
p; Only in cases in which the startTLS is not supported, fallback to non st=
andard ldaps protocol.<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; Use plain for test environments only.<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; Please select protocol to use (startTLS, ldaps, plain) [startTLS]: ldaps=
<o:p></o:p></p <p
class=3D"MsoNormal"> &nbs=
p; Please select method to obtain PEM encoded CA certificate (File, URL, In=
line, System, Insecure): System<o:p></o:p></p <p
class=3D"MsoNormal">[ INFO ] Resolving SRV record
'home.doonga.org=
'<o:p></o:p></p <p
class=3D"MsoNormal">[ INFO ] Connecting to LDAP using
'ldaps://DC1=
.home.doonga.org:636'<o:p></o:p></p <p
class=3D"MsoNormal">[WARNING] Cannot connect using
'ldaps://DC1.home.doo=
nga.org:636': {'info': 'TLS error -8157:Certificate extension not
found.', =
'desc': "Can't contact LDAP
server"}<o:p></o:p></p <p
class=3D"MsoNormal">[ INFO ] Connecting to LDAP using
'ldaps://DC2=
.home.doonga.org:636'<o:p></o:p></p <p
class=3D"MsoNormal">[WARNING] Cannot connect using
'ldaps://DC2.home.doo=
nga.org:636': {'info': 'TLS error -8157:Certificate extension not
found.', =
'desc': "Can't contact LDAP
server"}<o:p></o:p></p <p
class=3D"MsoNormal">[ INFO ] Connecting to LDAP using
'ldaps://DC3=
.home.doonga.org:636'<o:p></o:p></p <p
class=3D"MsoNormal">[WARNING] Cannot connect using
'ldaps://DC3.home.doo=
nga.org:636': {'info': 'TLS error -8157:Certificate extension not
found.', =
'desc': "Can't contact LDAP
server"}<o:p></o:p></p <p
class=3D"MsoNormal">[ ERROR ] Cannot connect using any of available opti=
ons<o:p></o:p></p <p
class=3D"MsoNormal"><o:p> </o:p></p <p
class=3D"MsoNormal">Also:<o:p></o:p></p <p class=3D"MsoNormal">2017-07-15 18:18:06 INFO
otopi.plugins.ovirt_engine_=
extension_aaa_ldap.ldap.common common._connectLDAP:391 Connecting to LDAP u=
sing 'ldap://DC2.home.doonga.org:389'<o:p></o:p></p <p class=3D"MsoNormal">2017-07-15 18:18:06 INFO
otopi.plugins.ovirt_engine_=
extension_aaa_ldap.ldap.common common._connectLDAP:442 Executing startTLS<o=
:p></o:p></p <p
class=3D"MsoNormal">2017-07-15 18:18:06 DEBUG otopi.plugins.ovirt_engine=
_extension_aaa_ldap.ldap.common common._connectLDAP:459 Exception<o:p></o:p=
></p <p
class=3D"MsoNormal">Traceback (most recent call
last):<o:p></o:p></p <p
class=3D"MsoNormal"> File
"/usr/share/ovirt-engine-extension-=
aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.p=
y", line 443, in _connectLDAP<o:p></o:p></p <p
class=3D"MsoNormal">
c.start_tls_s()<o:p></o:p></p <p
class=3D"MsoNormal"> File
"/usr/lib64/python2.7/site-packages=
/ldap/ldapobject.py", line 564, in start_tls_s<o:p></o:p></p <p
class=3D"MsoNormal"> return
self._ldap_call(self._l.st=
art_tls_s)<o:p></o:p></p <p
class=3D"MsoNormal"> File
"/usr/lib64/python2.7/site-packages=
/ldap/ldapobject.py", line 99, in _ldap_call<o:p></o:p></p <p
class=3D"MsoNormal"> result =3D
func(*args,**kwargs)<o=
:p></o:p></p <p
class=3D"MsoNormal">CONNECT_ERROR: {'info': 'TLS error
-8157:Certificate=
extension not found.', 'desc': 'Connect
error'}<o:p></o:p></p <p
class=3D"MsoNormal">2017-07-15 18:18:06 WARNING otopi.plugins.ovirt_engi=
ne_extension_aaa_ldap.ldap.common common._connectLDAP:463 Cannot connect us=
ing 'ldap://DC2.home.doonga.org:389': {'info': 'TLS error
-8157:Certificate=
extension not found.', 'desc': 'Connect
error'}<o:p></o:p></p <p
class=3D"MsoNormal">2017-07-15 18:18:06 INFO otopi.plugins.ovirt_engine_=
extension_aaa_ldap.ldap.common common._connectLDAP:391 Connecting to LDAP u=
sing 'ldap://DC3.home.doonga.org:389'<o:p></o:p></p <p class=3D"MsoNormal">2017-07-15 18:18:06 INFO
otopi.plugins.ovirt_engine_=
extension_aaa_ldap.ldap.common common._connectLDAP:442 Executing startTLS<o=
:p></o:p></p <p
class=3D"MsoNormal">2017-07-15 18:18:06 DEBUG otopi.plugins.ovirt_engine=
_extension_aaa_ldap.ldap.common common._connectLDAP:459 Exception<o:p></o:p=
></p <p
class=3D"MsoNormal">Traceback (most recent call
last):<o:p></o:p></p <p
class=3D"MsoNormal"> File
"/usr/share/ovirt-engine-extension-=
aaa-ldap/setup/bin/../plugins/ovirt-engine-extension-aaa-ldap/ldap/common.p=
y", line 443, in _connectLDAP<o:p></o:p></p <p
class=3D"MsoNormal">
c.start_tls_s()<o:p></o:p></p <p
class=3D"MsoNormal"> File
"/usr/lib64/python2.7/site-packages=
/ldap/ldapobject.py", line 564, in start_tls_s<o:p></o:p></p <p
class=3D"MsoNormal"> return
self._ldap_call(self._l.st=
art_tls_s)<o:p></o:p></p <p
class=3D"MsoNormal"> File
"/usr/lib64/python2.7/site-packages=
/ldap/ldapobject.py", line 99, in _ldap_call<o:p></o:p></p <p
class=3D"MsoNormal"> result =3D
func(*args,**kwargs)<o=
:p></o:p></p <p
class=3D"MsoNormal">CONNECT_ERROR: {'info': 'TLS error
-8157:Certificate=
extension not found.', 'desc': 'Connect
error'}<o:p></o:p></p <p
class=3D"MsoNormal"><o:p> </o:p></p <p class=3D"MsoNormal">Any help would be
appreciated!<o:p></o:p></p <p
class=3D"MsoNormal">Thanks<o:p></o:p></p </div
</body </html
--_000_ff591869654646c7bc8df4c4af6d898fdoongaorg_--