On 09/28/2016 05:14 PM, cmc wrote:
Hi,
I'm trying to use the directory services provided by the
ovirt-engine-extension-aaa-ldap, and I can get it to successfully login
when I run the tests in the setup script, but when I login via the GUI,
it gives me:
unexpected error was encountered during validation processing:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated'
and fails login. It looks a bit like it is expecting to already be
joined to the domain, so I tried doing that manually via realmd and
sssd. It involved installing a lot of packages, such as kerberos and
samba, which I am nervous about on an engine host. Anyway, once I was
joined, it still gives me the same 'peer not authenticated' message.
Does it need to be separately bound to the domain, i.e., do you need all
the other stuff installed and running for it to work, or is the
ovirt-engine-extension-aaa-ldap package all that is needed?
Not really. aaa-ldap by default uses just simple bind, no gssapi.
If you have any problems with certificate I would suggest you to check
if you are using the correct one, correctly. More info for it can be
found here:
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=b...
Anyway, I ran the ovirt-engine-extensions-tool --log-level=FINEST
--log-file=/tmp/aaa.log aaa search --extension-name=domain-authz command
suggested in an earlier post, and it only gave me one exception, which was:
2016-09-28 16:08:15 SEVERE Extension domain-authz could not be found
2016-09-28 16:08:15 FINE Exception:
org.ovirt.engine.core.extensions.mgr.ConfigurationException: Extension
domain-authz could not be found
Well, you need to replace 'domain-authz', with your real authz-name to
see any reasonable results.
Thanks for any help,
Cam
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users