For those wondering, I was able to fix this by running ovirt-engine-extension-aaa-ldap-setup and setting the CA certificate method to "Insecure".

Please select method to obtain PEM encoded CA certificate (File, URL, Inline, System, Insecure): Insecure

I was previously using "System" but that does not work despite our internal CA being installed as a trusted certificate authority. On 09/11/2018 10:07 AM, Michael Watters wrote:

I've just upgraded our ovirt engine server to ovirt 4.6 and it appears that LDAP logins no longer work.  When I attempt to log in using an AD account the following errors are shown in the engine log.

2018-09-11 10:03:44,610-04 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-10) [] Internal Server Error: Cannot locate principal 'username@example.com' 2018-09-11 10:03:44,610-04 ERROR [org.ovirt.engine.core.sso.utils.SsoUtils] (default task-10) [] Cannot locate principal 'username@example.com' 2018-09-11 10:03:44,645-04 ERROR [org.ovirt.engine.core.aaa.servlet.SsoPostLoginServlet] (default task-10) [] server_error: Cannot locate principal 'username@example.com'

I have not changed any LDAP settings and ldapsearch is able to find this object without any issues.  Does anybody have any idea what would cause this?

_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/JRRXINSYZXLGD4...