Hi,
I'm trying to use the directory services provided by the ovirt-engine-extension-aaa-ldap, and I can get it to successfully login when I run the tests in the setup script, but when I login via the GUI, it gives me:
unexpected error was encountered during validation processing: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated'
and fails login. It looks a bit like it is expecting to already be joined to the domain, so I tried doing that manually via realmd and sssd. It involved installing a lot of packages, such as kerberos and samba, which I am nervous about on an engine host. Anyway, once I was joined, it still gives me the same 'peer not authenticated' message. Does it need to be separately bound to the domain, i.e., do you need all the other stuff installed and running for it to work, or is the ovirt-engine-extension-aaa-ldap package all that is needed?
Anyway, I ran the ovirt-engine-extensions-tool --log-level=FINEST --log-file=/tmp/aaa.log aaa search --extension-name=domain-authz command suggested in an earlier post, and it only gave me one exception, which was:
2016-09-28 16:08:15 SEVERE Extension domain-authz could not be found
2016-09-28 16:08:15 FINE Exception:
org.ovirt.engine.core.extensions.mgr.ConfigurationException: Extension domain-authz could not be found