I do this already. The CA certificate that i download is fine also for ldap? Nick 2017-10-11 14:56 GMT+02:00 Ondra Machacek <omachace@redhat.com>:
You can download it just a temporary, for example to /tmp. Then aaa-setup-tool wil create jks file in /etc/ovirt-engine/aaa/ directory. After that you can remove the CA file and keep just jks file.
On Wed, Oct 11, 2017 at 2:37 PM, nicola gentile <nicola.gentile.to@gmail.com> wrote:
Yes I created by aaa-setup tool. I noticed that the CA certificate was expired, than I download new certificate and I run aaa-setup tool.
is there a specific place to put the certificate file ca? I put in root home.
Thank a lot
Nick
2017-10-11 14:18 GMT+02:00 Ondra Machacek <omachace@redhat.com>:
It fails on SSL handshake: sun.security.validator.ValidatorException: No trusted certificate found
How did you create 'polito.it.jks' file? By aaa-setup tool? Are use sure you've entered correct CA certificate there?
On Wed, Oct 11, 2017 at 1:30 PM, nicola gentile <nicola.gentile.to@gmail.com> wrote:
2017-10-11 10:11 GMT+02:00 nicola gentile <nicola.gentile.to@gmail.com>:
Hi Martin, I attach aaa.log you suggest
Nick
2017-10-10 20:41 GMT+02:00 Martin Perina <mperina@redhat.com>:
Hi,
most probably you are affected by [1], so could you please check certificates on all your AD servers? You can verify using following command:
ovirt-engine-extensions-tool --log-level=FINEST aaa login-user --user-name=<USERNAME> --profile=<PROFILE NAME>
Thanks
Martin
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1465463
On Tue, Oct 10, 2017 at 6:13 PM, Luca 'remix_tj' Lorenzetto <lorenzetto.luca@gmail.com> wrote: > > On Tue, Oct 10, 2017 at 4:41 PM, nicola gentile > <nicola.gentile.to@gmail.com> wrote: > > I run the command you suggest > > ldapsearch -h domaincontroller.dom.it -b "dc=dom,dc=it" -D user@dom.it > > -W -x sAMAccountName=user_to_search userPrincipalName | grep > > userPrincipalName > > > > This is the result: > > > > Enter LDAP Password: > > # requesting: userPrincipalName > > > > Supposing you're using all the right parameters in ldapsearch command, > it seems that the user you were looking up is not a valid user in that > directory server. > > Please check with someone that can access to AD and verify the status > of the user with ADSI Edit. > > Luca > > > -- > "E' assurdo impiegare gli uomini di intelligenza eccellente per fare > calcoli che potrebbero essere affidati a chiunque se si usassero delle > macchine" > Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) > > "Internet è la più grande biblioteca del mondo. > Ma il problema è che i libri sono tutti sparsi sul pavimento" > John Allen Paulos, Matematico (1945-vivente) > > Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , > <lorenzetto.luca@gmail.com> > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users