Can you connect to the Hosted Engine and run 'setenforce 0' to verify that it's SELINUX ? Most probably the certificate(s) should be in '/etc/pki/ovirt-engine/certs/' . Best Regards,Strahil NikolovĀ On Fri, Jan 20, 2023 at 7:32, hema...@gmail.com<hema...@gmail.com> wrote: I am dong AD integration of the Ovirt 4.4 manager. The Insecure method with plain text password saved in /etc/ovirt-engine/aaa/uat.xxxx.com.properties works fine. I am using ovirt-engine-extension-aaa-ldap-setup utility
However this is a hard coding method and insecure way. Hence I wanted to use starttls with PEM encoded certificate file. I obtained a root and intermediate CA from the Ad server and used with starttls I used below inputs for configuring AD auth with tool "ovirt-engine-extension-aaa-ldap-setup" Available LDAP implementations: 3 - Active Directory Please select: 3 Please enter Active Directory Forest name: uat.xxxx.com Please select protocol to use (startTLS, ldaps, plain) [startTLS]: startTLS Please select method to obtain PEM encoded CA certificate (File, URL, Inline, System, Insecure): file File path: /tmp/rootca.pem Enter search user DN (for example uid=username,dc=example,dc=com or leave empty for anonymous): mys...@uat.xxxx.com Enter search user password: Are you going to use Single Sign-On for Virtual Machines (Yes, No) [Yes]: No Please specify profile name that will be visible to users [uat.xxxx.com]: Please provide credentials to test login flow: Enter user name: mys...@uat.xxxx.com Enter user password: But I am facing error. What could be the resolution WARNING: Error while connecting to 'adserver.uat.xxxx.com': LDAPException(resultCode=82 (local error), errorMessage='The connection reader was unable to successfully complete TLS negotiation: SSLHandshakeException(No trusted certificate found), ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb') I did verify the root and intemediate certificate: # openssl verify -verboseĀ -CAfile uatrootca.pem uatca.pem uatca.pem: OK 1. What could be the reason for "No trusted certificate found" error? 2. Will this method also save the username and password of AD user as plain text in the file /etc/ovirt-engine/aaa/uat.xxxx.com.properties _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CKMCIQV4FI74E26I2A64KVSDPYYQMMZK/
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RRVP3NQUUUYNVKYNCZCOANAKZQZTLEDV/
