[ovirt-users] [ATN] LDAP Users please read

Alon Bar-Lev alonbl at redhat.com
Mon Aug 10 12:55:00 UTC 2015



----- Original Message -----
> From: "Alon Bar-Lev" <alonbl at redhat.com>
> To: "Joop" <jvdwege at xs4all.nl>
> Cc: users at ovirt.org
> Sent: Thursday, August 6, 2015 7:05:38 PM
> Subject: Re: [ovirt-users] [ATN] LDAP Users please read
> 
> 
> 
> ----- Original Message -----
> > From: "Joop" <jvdwege at xs4all.nl>
> > To: users at ovirt.org
> > Sent: Thursday, August 6, 2015 4:28:00 PM
> > Subject: Re: [ovirt-users] [ATN] LDAP Users please read
> > 
> > Hi Alon,
> > 
> > I'll take the bait :-)
> 
> Good!
>  
> > I have just installed the extension and the examples are there.
> > I also installed the migration tool. Now it comes.
> > We use Samba4 as our AD provider and have succesfully connected
> > Foreman-1.8 to it using the cert that I got from the server.
> > The same cert doesn't work with the migration tool. So either I'm
> > confused or .. The first possibility is most likely. I always trip over
> > certs and terminology.
> > Error I got:
> > [root at mgmt01 ~]# ovirt-engine-kerbldap-migration-tool --debug --domain
> > ad.nieuwland.nl --cacert ad02.pem
> > [INFO   ] tool: ovirt-engine-kerbldap-migration-1.0.2
> > (ovirt-engine-kerbldap-migration-1.0.2-1.el6ev)
> > [INFO   ] Connecting to database
> > [INFO   ] Sanity checks
> > [INFO   ] Loading options
> > [INFO   ] Using ldap URI: ldap://ad01.ad.nieuwland.nl:389
> > [ERROR  ] Conversion failed: {'info': "TLS error -8172:Peer's
> > certificate issuer has been marked as not trusted by the user.", 'desc':
> > 'Connect error'}
> > 
> > And now...
> 
> Interesting.
> 
> Can you please attach the ad02.pem certificate, and paste the output of the
> following command?
> 
> $ openssl s_client -connect ad01.ad.nieuwland.nl:636 -showcerts < /dev/null
> 
> There is no leak of sensitive information, it will enable me to determine
> what is wrong,.

Hi Joop,

I am curios what went wrong, when you find time please send me the above information.

Thanks!
Alon



More information about the Users mailing list