On 09/28/2016 05:14 PM, cmc wrote:
Hi,
I'm trying to use the directory services provided by the ovirt-engine-extension-aaa-ldap, and I can get it to successfully login when I run the tests in the setup script, but when I login via the GUI, it gives me:
unexpected error was encountered during validation processing: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated'
and fails login. It looks a bit like it is expecting to already be joined to the domain, so I tried doing that manually via realmd and sssd. It involved installing a lot of packages, such as kerberos and samba, which I am nervous about on an engine host. Anyway, once I was joined, it still gives me the same 'peer not authenticated' message. Does it need to be separately bound to the domain, i.e., do you need all the other stuff installed and running for it to work, or is the ovirt-engine-extension-aaa-ldap package all that is needed?
Not really. aaa-ldap by default uses just simple bind, no gssapi. If you have any problems with certificate I would suggest you to check if you are using the correct one, correctly. More info for it can be found here: https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob...
Anyway, I ran the ovirt-engine-extensions-tool --log-level=FINEST --log-file=/tmp/aaa.log aaa search --extension-name=domain-authz command suggested in an earlier post, and it only gave me one exception, which was:
2016-09-28 16:08:15 SEVERE Extension domain-authz could not be found 2016-09-28 16:08:15 FINE Exception: org.ovirt.engine.core.extensions.mgr.ConfigurationException: Extension domain-authz could not be found
Well, you need to replace 'domain-authz', with your real authz-name to see any reasonable results.
Thanks for any help,
Cam
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users