
Hi, On 08/06/2015 03:28 PM, Joop wrote:
Hi Alon,
I'll take the bait :-)
I have just installed the extension and the examples are there. I also installed the migration tool. Now it comes. We use Samba4 as our AD provider and have succesfully connected Foreman-1.8 to it using the cert that I got from the server. The same cert doesn't work with the migration tool. So either I'm confused or .. The first possibility is most likely. I always trip over certs and terminology. Error I got: [root@mgmt01 ~]# ovirt-engine-kerbldap-migration-tool --debug --domain ad.nieuwland.nl --cacert ad02.pem [INFO ] tool: ovirt-engine-kerbldap-migration-1.0.2 (ovirt-engine-kerbldap-migration-1.0.2-1.el6ev) [INFO ] Connecting to database [INFO ] Sanity checks [INFO ] Loading options [INFO ] Using ldap URI: ldap://ad01.ad.nieuwland.nl:389 [ERROR ] Conversion failed: {'info': "TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.", 'desc': 'Connect error'}
Can you try run command: LDAPTLS_CACERT=ad02.pem ldapsearch -ZZ -H ldap://ad01.ad.nieuwland.nl:389 -x -D "@user@" -W @password@ -b "@basedn@" If it fail, it's problem with certificate(please notice - ad02 vs ad01) Anyway would be nice if you sent the debug log. (append parameter --log=debug.log) Thanks, Ondra
And now...
Joop
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users