[ovirt-users] Can't perform search after setting up an Active Directory

Ondra Machacek omachace at redhat.com
Fri May 27 11:19:18 UTC 2016

On 05/27/2016 11:15 AM, Alexis HAUSER wrote:
>> you use '_ldaps._tcp' in ovirt not '_ldap._tcp' as in dig.
>> And '_ldaps' is what's missing in your DNS.
> Oh ! you're right, I didn't even see that ! I was confused by all this. I'll ask someone to add these SRV records.
>> Unfortunatelly using '_ldaps._tcp' is not any standart. But that's what
>> usually people do if they can't use startTLS.
> So, in a way we could say that Ovirt expect users to use Start_TLS with AD, but not ldaps ?
> Should I open a RFE about this ?

Well startTLS is prefered always before ldaps, not only in AD. So maybe 
you can open
documentation bug, so we will properly describe how this DNS SRV server 
set works and what
needs to be done, to get it properly working.

>> This message doesn't say much. Can you please send full Java exception
>> stack trace?
> Yes, here is the full log when trying to use StartTLS :
> https://bpaste.net/show/5719b47c45e5
> Please tell me if it gives you see anything in it.

Unfortunatelly no, I can only see that's something wrong with SSL. 
'ovirt-engine-extensions-tool' logs would be more helpfull.

Btw, did you installed it via 'ovirt-engine-extension-aaa-ldap-setup'? 
There you can choose startTLS, so you can avoid typos in configuration.

> (and again, thanks for all your help)

you're welcome

More information about the Users mailing list