[ovirt-users] [ATN] LDAP Users please read

Ondra Machacek omachace at redhat.com
Thu Aug 6 14:57:14 UTC 2015


Hi,

On 08/06/2015 03:28 PM, Joop wrote:
> Hi Alon,
>
> I'll take the bait :-)
>
> I have just installed the extension and the examples are there.
> I also installed the migration tool. Now it comes.
> We use Samba4 as our AD provider and have succesfully connected
> Foreman-1.8 to it using the cert that I got from the server.
> The same cert doesn't work with the migration tool. So either I'm
> confused or .. The first possibility is most likely. I always trip over
> certs and terminology.
> Error I got:
> [root at mgmt01 ~]# ovirt-engine-kerbldap-migration-tool --debug --domain
> ad.nieuwland.nl --cacert ad02.pem
> [INFO   ] tool: ovirt-engine-kerbldap-migration-1.0.2
> (ovirt-engine-kerbldap-migration-1.0.2-1.el6ev)
> [INFO   ] Connecting to database
> [INFO   ] Sanity checks
> [INFO   ] Loading options
> [INFO   ] Using ldap URI: ldap://ad01.ad.nieuwland.nl:389
> [ERROR  ] Conversion failed: {'info': "TLS error -8172:Peer's
> certificate issuer has been marked as not trusted by the user.", 'desc':
> 'Connect error'}

Can you try run command:

LDAPTLS_CACERT=ad02.pem ldapsearch -ZZ -H 
ldap://ad01.ad.nieuwland.nl:389 -x -D "@user@" -W @password@ -b "@basedn@"

If it fail, it's problem with certificate(please notice - ad02 vs ad01)

Anyway would be nice if you sent the debug log. (append parameter 
--log=debug.log)

Thanks,
Ondra

>
> And now...
>
> Joop
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users




More information about the Users mailing list