[ovirt-users] Errors while trying to join an external LDPA provider

Ondra Machacek omachace at redhat.com
Mon May 2 13:11:45 UTC 2016


On 05/02/2016 03:02 PM, Alexis HAUSER wrote:
>
>
>>> I am unsure I understand. What is missing in interactive setup to
>>> properly setup TLS?
>>> You just enter CA certificte path/url/system and Java keystore file is
>>> created for you by the tool.
>
>> I'll try to generate a new file with the interactive setup and tell you if the result is different.
>
> So, here is my problem when using the interactive setup :
>
> [ INFO  ] Connecting to LDAP using 'ldaps://xxxx:636'
> [WARNING] Cannot connect using 'ldaps://xxxx:636': {'info': "TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.", 'desc': "Can't contact LDAP server"}
> [ ERROR ] Cannot connect using any of available options
>

Are you sure you've specified correct CA?

Can you try running this command:
  LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x 
-D '@USERDN@' -w '@USERPW@' -b '@BASEDN@'

If it fail then most probably you have incorrect CA certificate.
If it succeed, please open bug in bugzilla with logs of setup tool if 
possible.



More information about the Users mailing list