[ovirt-users] Errors while trying to join an external LDPA provider

Ondra Machacek omachace at redhat.com
Mon May 2 13:11:45 UTC 2016

On 05/02/2016 03:02 PM, Alexis HAUSER wrote:
>>> I am unsure I understand. What is missing in interactive setup to
>>> properly setup TLS?
>>> You just enter CA certificte path/url/system and Java keystore file is
>>> created for you by the tool.
>> I'll try to generate a new file with the interactive setup and tell you if the result is different.
> So, here is my problem when using the interactive setup :
> [ INFO  ] Connecting to LDAP using 'ldaps://xxxx:636'
> [WARNING] Cannot connect using 'ldaps://xxxx:636': {'info': "TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.", 'desc': "Can't contact LDAP server"}
> [ ERROR ] Cannot connect using any of available options

Are you sure you've specified correct CA?

Can you try running this command:
  LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x 
-D '@USERDN@' -w '@USERPW@' -b '@BASEDN@'

If it fail then most probably you have incorrect CA certificate.
If it succeed, please open bug in bugzilla with logs of setup tool if 

More information about the Users mailing list