Re: [ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

You can download it just a temporary, for example to /tmp. Then aaa-setup-tool wil create jks file in /etc/ovirt-engine/aaa/ directory. After that you can remove the CA file and keep just jks file. On Wed, Oct 11, 2017 at 2:37 PM, nicola gentile <nicola.gentile.to(a)gmail.com&gt; wrote: > Yes I created by aaa-setup tool. > I noticed that the CA certificate was expired, than I download new > certificate and I run aaa-setup tool. > > is there a specific place to put the certificate file ca? I put in root home. > > Thank a lot > > Nick > > 2017-10-11 14:18 GMT+02:00 Ondra Machacek <omachace(a)redhat.com&gt;: >> It fails on SSL handshake: >> sun.security.validator.ValidatorException: No trusted certificate found >> >> How did you create 'polito.it.jks' file? By aaa-setup tool? >> Are use sure you've entered correct CA certificate there? >> >> On Wed, Oct 11, 2017 at 1:30 PM, nicola gentile >> <nicola.gentile.to(a)gmail.com&gt; wrote: >>> 2017-10-11 10:11 GMT+02:00 nicola gentile <nicola.gentile.to(a)gmail.com&gt;: >>>> Hi Martin, >>>> I attach aaa.log you suggest >>>> >>>> Nick >>>> >>>> 2017-10-10 20:41 GMT+02:00 Martin Perina <mperina(a)redhat.com&gt;: >>>>> Hi, >>>>> >>>>> most probably you are affected by [1], so could you please check >>>>> certificates on all your AD servers? >>>>> You can verify using following command: >>>>> >>>>> ovirt-engine-extensions-tool --log-level=FINEST aaa login-user >>>>> --user-name=<USERNAME> --profile=<PROFILE NAME> >>>>> >>>>> >>>>> Thanks >>>>> >>>>> Martin >>>>> >>>>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1465463 >>>>> >>>>> >>>>> On Tue, Oct 10, 2017 at 6:13 PM, Luca 'remix_tj' Lorenzetto >>>>> <lorenzetto.luca(a)gmail.com&gt; wrote: >>>>>> >>>>>> On Tue, Oct 10, 2017 at 4:41 PM, nicola gentile >>>>>> <nicola.gentile.to(a)gmail.com&gt; wrote: >>>>>> > I run the command you suggest >>>>>> > ldapsearch -h domaincontroller.dom.it -b "dc=dom,dc=it" -D user(a)dom.it >>>>>> > -W -x sAMAccountName=user_to_search userPrincipalName | grep >>>>>> > userPrincipalName >>>>>> > >>>>>> > This is the result: >>>>>> > >>>>>> > Enter LDAP Password: >>>>>> > # requesting: userPrincipalName >>>>>> > >>>>>> >>>>>> Supposing you're using all the right parameters in ldapsearch command, >>>>>> it seems that the user you were looking up is not a valid user in that >>>>>> directory server. >>>>>> >>>>>> Please check with someone that can access to AD and verify the status >>>>>> of the user with ADSI Edit. >>>>>> >>>>>> Luca >>>>>> >>>>>> >>>>>> -- >>>>>> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare >>>>>> calcoli che potrebbero essere affidati a chiunque se si usassero delle >>>>>> macchine" >>>>>> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) >>>>>> >>>>>> "Internet è la più grande biblioteca del mondo. >>>>>> Ma il problema è che i libri sono tutti sparsi sul pavimento" >>>>>> John Allen Paulos, Matematico (1945-vivente) >>>>>> >>>>>> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , >>>>>> <lorenzetto.luca(a)gmail.com&gt; >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> Users(a)ovirt.org >>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>> >>>>> >>> >>> _______________________________________________ >>> Users mailing list >>> Users(a)ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >>>