I do this already. The CA certificate that i download is fine also for ldap?
Nick 2017-10-11 14:56 GMT+02:00 Ondra Machacek <omach...@redhat.com>: > You can download it just a temporary, for example to /tmp. > Then aaa-setup-tool wil create jks file in /etc/ovirt-engine/aaa/ directory. > After that you can remove the CA file and keep just jks file. > > On Wed, Oct 11, 2017 at 2:37 PM, nicola gentile > <nicola.gentile...@gmail.com> wrote: >> Yes I created by aaa-setup tool. >> I noticed that the CA certificate was expired, than I download new >> certificate and I run aaa-setup tool. >> >> is there a specific place to put the certificate file ca? I put in root home. >> >> Thank a lot >> >> Nick >> >> 2017-10-11 14:18 GMT+02:00 Ondra Machacek <omach...@redhat.com>: >>> It fails on SSL handshake: >>> sun.security.validator.ValidatorException: No trusted certificate found >>> >>> How did you create 'polito.it.jks' file? By aaa-setup tool? >>> Are use sure you've entered correct CA certificate there? >>> >>> On Wed, Oct 11, 2017 at 1:30 PM, nicola gentile >>> <nicola.gentile...@gmail.com> wrote: >>>> 2017-10-11 10:11 GMT+02:00 nicola gentile <nicola.gentile...@gmail.com>: >>>>> Hi Martin, >>>>> I attach aaa.log you suggest >>>>> >>>>> Nick >>>>> >>>>> 2017-10-10 20:41 GMT+02:00 Martin Perina <mper...@redhat.com>: >>>>>> Hi, >>>>>> >>>>>> most probably you are affected by [1], so could you please check >>>>>> certificates on all your AD servers? >>>>>> You can verify using following command: >>>>>> >>>>>> ovirt-engine-extensions-tool --log-level=FINEST aaa login-user >>>>>> --user-name=<USERNAME> --profile=<PROFILE NAME> >>>>>> >>>>>> >>>>>> Thanks >>>>>> >>>>>> Martin >>>>>> >>>>>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1465463 >>>>>> >>>>>> >>>>>> On Tue, Oct 10, 2017 at 6:13 PM, Luca 'remix_tj' Lorenzetto >>>>>> <lorenzetto.l...@gmail.com> wrote: >>>>>>> >>>>>>> On Tue, Oct 10, 2017 at 4:41 PM, nicola gentile >>>>>>> <nicola.gentile...@gmail.com> wrote: >>>>>>> > I run the command you suggest >>>>>>> > ldapsearch -h domaincontroller.dom.it -b "dc=dom,dc=it" -D u...@dom.it >>>>>>> > -W -x sAMAccountName=user_to_search userPrincipalName | grep >>>>>>> > userPrincipalName >>>>>>> > >>>>>>> > This is the result: >>>>>>> > >>>>>>> > Enter LDAP Password: >>>>>>> > # requesting: userPrincipalName >>>>>>> > >>>>>>> >>>>>>> Supposing you're using all the right parameters in ldapsearch command, >>>>>>> it seems that the user you were looking up is not a valid user in that >>>>>>> directory server. >>>>>>> >>>>>>> Please check with someone that can access to AD and verify the status >>>>>>> of the user with ADSI Edit. >>>>>>> >>>>>>> Luca >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> "E' assurdo impiegare gli uomini di intelligenza eccellente per fare >>>>>>> calcoli che potrebbero essere affidati a chiunque se si usassero delle >>>>>>> macchine" >>>>>>> Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) >>>>>>> >>>>>>> "Internet è la più grande biblioteca del mondo. >>>>>>> Ma il problema è che i libri sono tutti sparsi sul pavimento" >>>>>>> John Allen Paulos, Matematico (1945-vivente) >>>>>>> >>>>>>> Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , >>>>>>> <lorenzetto.l...@gmail.com> >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> Users@ovirt.org >>>>>>> http://lists.ovirt.org/mailman/listinfo/users >>>>>> >>>>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users@ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>>> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users