Re: [ovirt-users] ovirt-engine-extension-aaa-ldap active directory

2017-10-10 Thread Martin Perina
Hi, most probably you are affected by [1], so could you please check certificates on all your AD servers? You can verify using following command: ovirt-engine-extensions-tool --log-level=FINEST aaa login-user --user-name= --profile= Thanks Martin [1]

Re: [ovirt-users] ovirt-engine-extension-aaa-ldap active directory

2017-10-10 Thread Luca 'remix_tj' Lorenzetto
On Tue, Oct 10, 2017 at 4:41 PM, nicola gentile wrote: > I run the command you suggest > ldapsearch -h domaincontroller.dom.it -b "dc=dom,dc=it" -D u...@dom.it > -W -x sAMAccountName=user_to_search userPrincipalName | grep > userPrincipalName > > This is the result: >

Re: [ovirt-users] ovirt-engine-extension-aaa-ldap active directory

2017-10-10 Thread nicola gentile
yes is AD. Nick 2017-10-10 16:41 GMT+02:00 nicola gentile : > I run the command you suggest > ldapsearch -h domaincontroller.dom.it -b "dc=dom,dc=it" -D u...@dom.it > -W -x sAMAccountName=user_to_search userPrincipalName | grep > userPrincipalName > > This is the

Re: [ovirt-users] ovirt-engine-extension-aaa-ldap active directory

2017-10-10 Thread Luca 'remix_tj' Lorenzetto
On Tue, Oct 10, 2017 at 4:06 PM, nicola gentile wrote: > include = > > vars.domain = dom.it > vars.user = CN=myuser,OU=spuser,DC=dom,DC=it > vars.password = x > > pool.default.auth.simple.bindDN = ${global:vars.user} > pool.default.auth.simple.password =

Re: [ovirt-users] ovirt-engine-extension-aaa-ldap active directory

2017-10-10 Thread Luca 'remix_tj' Lorenzetto
Can you post the file? Luca On Tue, Oct 10, 2017 at 3:32 PM, nicola gentile wrote: > in my /etc/ovirt-engine/aaa/polito.it.properties the DN is written correctly: > > vars.user = CN=myuser,OU=spuser,DC=dom,DC=it > > I don't have ldap search. > > 2017-10-10 15:19

Re: [ovirt-users] ovirt-engine-extension-aaa-ldap active directory

2017-10-10 Thread nicola gentile
in my /etc/ovirt-engine/aaa/polito.it.properties the DN is written correctly: vars.user = CN=myuser,OU=spuser,DC=dom,DC=it I don't have ldap search. 2017-10-10 15:19 GMT+02:00 Luca 'remix_tj' Lorenzetto : > Hello Nicola, > > i don't see anything strange in your setup.

Re: [ovirt-users] ovirt-engine-extension-aaa-ldap active directory

2017-10-10 Thread Luca 'remix_tj' Lorenzetto
Hello Nicola, i don't see anything strange in your setup. Can you check if DN in files /etc/ovirt-engine/aaa/polito.it*.properties are written correctly? Can you also check with a ldapsearch if there is something strange in your LDAP entry? I found that some users were not logging in

Re: [ovirt-users] ovirt-engine-extension-aaa-ldap active directory

2017-10-10 Thread nicola.gentile.to
Sorry I forgot the attachment Nick Il 10/10/2017 14:50, nicola.gentile.to ha scritto: Hi, I have a problem. Suddenly from the user portal the users of AD not login and displays the error: server_error: Unexpected comma or semicolon found at the end of the DN string. Also, from Admin