--_000_CO2PR0801MB0743F2EF9B05536554E0BBE4A69B0CO2PR0801MB0743_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable I was actually able to resolve this by renaming the corresponding files in = the /etc/pki/ovirt-engine/aaa directory and the extentions.d directory. The= n, I simply ran the ovirt-engine-extension-aaa-ldap-setup command and re-ad= ded the AD back. The users were not affected since they were already in oVi= rt. I have found that in the properties file, it stores the login information I= used to set the connection up. If I remove those, the error is generated. = It seems as though unless there=92s a username/password stored in plain tex= t in that file, the AD connection will not work. Is this correct or are the= re some variables that can be entered to use the info from the login fields= ? From: Martin Perina<mailto:mperina@redhat.com> Sent: Tuesday, December 13, 2016 3:28 AM To: Bill Bill<mailto:jax2568@outlook.com> Cc: users@ovirt.org<mailto:users@ovirt.org>; Ondra Machacek<mailto:omachace= @redhat.com> Subject: Re: [ovirt-users] unexpected comma found at the end of DN string Hi, could you please execute following command to get full logs from login flow= and share those logs? ovirt-engine-extensions-tool --log-level=3DFINEST aaa login-user --profil= e=3D<PROFILE_NAME> --user-name=3D<USERNAME> Please replace <PROFILE_NAME> and <USERNAME> according to your setup. Thanks Martin Perina On Tue, Dec 13, 2016 at 9:03 AM, Bill Bill <jax2568@outlook.com<mailto:jax2= 568@outlook.com>> wrote: Hello, Getting this and have no idea where to begin: server_error: Unexpected comma or semicolon found at the end of the DN stri= ng. Server is set up with AD for authentication. The problem started after atte= mpting to change SSL certificates with our own however, that failed so we r= olled back. Now, authentication doesn=92t work anymore and the error is vag= ue. _______________________________________________ Users mailing list Users@ovirt.org<mailto:Users@ovirt.org> http://lists.phx.ovirt.org/mailman/listinfo/users --_000_CO2PR0801MB0743F2EF9B05536554E0BBE4A69B0CO2PR0801MB0743_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable <html> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1= 252"> </head> <body> <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri",sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:#954F72; text-decoration:underline;} .MsoChpDefault {mso-style-type:export-only;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --></style> <div class=3D"WordSection1"> <p class=3D"MsoNormal">I was actually able to resolve this by renaming the = corresponding files in the /etc/pki/ovirt-engine/aaa directory and the exte= ntions.d directory. Then, I simply ran the ovirt-engine-extension-aaa-ldap-= setup command and re-added the AD back. The users were not affected since they were already in oVirt.</p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">I have found that in the properties file, it stores = the login information I used to set the connection up. If I remove those, t= he error is generated. It seems as though unless there=92s a username/passw= ord stored in plain text in that file, the AD connection will not work. Is this correct or are there some variabl= es that can be entered to use the info from the login fields?</p> <p class=3D"MsoNormal"><o:p> </o:p></p> <div style=3D"mso-element:para-border-div;border:none;border-top:solid #E1E= 1E1 1.0pt;padding:3.0pt 0in 0in 0in"> <p class=3D"MsoNormal" style=3D"border:none;padding:0in"><b>From: </b><a hr= ef=3D"mailto:mperina@redhat.com">Martin Perina</a><br> <b>Sent: </b>Tuesday, December 13, 2016 3:28 AM<br> <b>To: </b><a href=3D"mailto:jax2568@outlook.com">Bill Bill</a><br> <b>Cc: </b><a href=3D"mailto:users@ovirt.org">users@ovirt.org</a>; <a href= =3D"mailto:omachace@redhat.com"> Ondra Machacek</a><br> <b>Subject: </b>Re: [ovirt-users] unexpected comma found at the end of DN s= tring</p> </div> <p class=3D"MsoNormal"><o:p> </o:p></p> </div> <div> <div dir=3D"ltr"> <div style=3D"font-family:arial,helvetica,sans-serif" class=3D"gmail_defaul= t">Hi,<br> <br> </div> <div style=3D"font-family:arial,helvetica,sans-serif" class=3D"gmail_defaul= t">could you please execute following command to get full logs from login f= low and share those logs?<br> <br> ovirt-engine-extensions-tool --log-level=3DFINEST aaa login-user --p= rofile=3D<PROFILE_NAME> --user-name=3D<USERNAME><br> <br> </div> <div style=3D"font-family:arial,helvetica,sans-serif" class=3D"gmail_defaul= t">Please replace <PROFILE_NAME> and <USERNAME> according to yo= ur setup.<br> <br> </div> <div style=3D"font-family:arial,helvetica,sans-serif" class=3D"gmail_defaul= t">Thanks<br> <br> </div> <div style=3D"font-family:arial,helvetica,sans-serif" class=3D"gmail_defaul= t">Martin Perina<br> <br> </div> </div> <div class=3D"gmail_extra"><br> <div class=3D"gmail_quote">On Tue, Dec 13, 2016 at 9:03 AM, Bill Bill <span= dir=3D"ltr"> <<a href=3D"mailto:jax2568@outlook.com" target=3D"_blank">jax2568@outloo= k.com</a>></span> wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> <div link=3D"blue" vlink=3D"#954F72" lang=3D"EN-US"> <div class=3D"m_1628617985248980709WordSection1"> <p class=3D"MsoNormal">Hello,</p> <p class=3D"MsoNormal"><u></u> <u></u></p> <p class=3D"MsoNormal">Getting this and have no idea where to begin:</p> <p class=3D"MsoNormal"><u></u> <u></u></p> <p class=3D"MsoNormal">server_error: Unexpected comma or semicolon found at= the end of the DN string.</p> <p class=3D"MsoNormal"><u></u> <u></u></p> <p class=3D"MsoNormal">Server is set up with AD for authentication. The pro= blem started after attempting to change SSL certificates with our own howev= er, that failed so we rolled back. Now, authentication doesn=92t work anymo= re and the error is vague. </p> </div> </div> <br> ______________________________<wbr>_________________<br> Users mailing list<br> <a href=3D"mailto:Users@ovirt.org">Users@ovirt.org</a><br> <a href=3D"http://lists.phx.ovirt.org/mailman/listinfo/users" rel=3D"norefe= rrer" target=3D"_blank">http://lists.phx.ovirt.org/<wbr>mailman/listinfo/us= ers</a><br> <br> </blockquote> </div> <br> </div> </div> </body> </html> --_000_CO2PR0801MB0743F2EF9B05536554E0BBE4A69B0CO2PR0801MB0743_--