[ovirt-users] [ATN] LDAP Users please read
Alon Bar-Lev
alonbl at redhat.com
Thu Aug 6 16:05:38 UTC 2015
----- Original Message -----
> From: "Joop" <jvdwege at xs4all.nl>
> To: users at ovirt.org
> Sent: Thursday, August 6, 2015 4:28:00 PM
> Subject: Re: [ovirt-users] [ATN] LDAP Users please read
>
> Hi Alon,
>
> I'll take the bait :-)
Good!
> I have just installed the extension and the examples are there.
> I also installed the migration tool. Now it comes.
> We use Samba4 as our AD provider and have succesfully connected
> Foreman-1.8 to it using the cert that I got from the server.
> The same cert doesn't work with the migration tool. So either I'm
> confused or .. The first possibility is most likely. I always trip over
> certs and terminology.
> Error I got:
> [root at mgmt01 ~]# ovirt-engine-kerbldap-migration-tool --debug --domain
> ad.nieuwland.nl --cacert ad02.pem
> [INFO ] tool: ovirt-engine-kerbldap-migration-1.0.2
> (ovirt-engine-kerbldap-migration-1.0.2-1.el6ev)
> [INFO ] Connecting to database
> [INFO ] Sanity checks
> [INFO ] Loading options
> [INFO ] Using ldap URI: ldap://ad01.ad.nieuwland.nl:389
> [ERROR ] Conversion failed: {'info': "TLS error -8172:Peer's
> certificate issuer has been marked as not trusted by the user.", 'desc':
> 'Connect error'}
>
> And now...
Interesting.
Can you please attach the ad02.pem certificate, and paste the output of the following command?
$ openssl s_client -connect ad01.ad.nieuwland.nl:636 -showcerts < /dev/null
There is no leak of sensitive information, it will enable me to determine what is wrong,.
Thanks!
Alon
More information about the Users
mailing list