On Tue, May 31, 2016 at 4:24 PM, Alexis HAUSER <
alexis.hau...@telecom-bretagne.eu> wrote:
> >> Thank you, this actually works. Yes, I'll remove it as soon as possible.
> >> Now with RHEV + AD, it seems better than RHEV + LDAP for groups : it
> finds most of the groups a user belongs to. RHEV + LD
>> Thank you, this actually works. Yes, I'll remove it as soon as possible.
>> Now with RHEV + AD, it seems better than RHEV + LDAP for groups : it finds
>> most of the groups a user belongs to. RHEV + LDAP is only able to find one
>> group a user belongs to >>(which is not the same group found w
On 05/31/2016 03:29 PM, Alexis HAUSER wrote:
Until administrators will fix AD servers, in order to use SSL you can
temporarily use following setup:
pool.default.serverset.single.server = AD1
pool.default.dc-resolve.enable = false
pool.default.ssl.startTLS = true
But this is only temporary sol
>Until administrators will fix AD servers, in order to use SSL you can
>temporarily use following setup:
> pool.default.serverset.single.server = AD1
> pool.default.dc-resolve.enable = false
> pool.default.ssl.startTLS = true
>But this is only temporary solution and you should switch back to
>'
On 05/31/2016 12:03 PM, Alexis HAUSER wrote:
Oh, I see it, we was blind all the time. The problem is in AD2 and AD3.
AD1 and AD4 are fine.
So yes the problem is on AD side but only for AD2 and AD3, that's why it
worked for
aaa-ldap-setup :)
So actually this command shouldn't work for you:
LDAPTL
>Oh, I see it, we was blind all the time. The problem is in AD2 and AD3.
>AD1 and AD4 are fine.
>So yes the problem is on AD side but only for AD2 and AD3, that's why it
>worked for
>aaa-ldap-setup :)
>So actually this command shouldn't work for you:
> LDAPTLS_CACERT=/somewhere/myca.pem ldapsear
On 05/30/2016 06:17 PM, Alexis HAUSER wrote:
Default password is 'changeit' (without quotes).
Hmm, can you please try use the .jks file generated by aaa-ldap-setup
tool? Just to be sure.
I still have the same error with the default jks
Anyway, the strange thing is that aaa-ldap-setup tool
>Default password is 'changeit' (without quotes).
>Hmm, can you please try use the .jks file generated by aaa-ldap-setup
>tool? Just to be sure.
I still have the same error with the default jks
>Anyway, the strange thing is that aaa-ldap-setup tool passes, but
>extension don't work later.
>My
On 05/30/2016 03:11 PM, Alexis HAUSER wrote:
This is output of installation script
'ovirt-engine-extension-aaa-ldap-setup', which is written in python, but
aaa-ldap extension in Java. So the strange thing is that you can connect
via
startTLS in python script, but later you can't connect with aaa-
>This is output of installation script
>'ovirt-engine-extension-aaa-ldap-setup', which is written in python, but
>aaa-ldap extension in Java. So the strange thing is that you can connect
>via
>startTLS in python script, but later you can't connect with aaa-ldap
>Java extension.
>Can you please
On 05/30/2016 12:03 PM, Alexis HAUSER wrote:
'ovirt-engine-extensions-tool' logs would be more helpfull.
Here it is :
https://bpaste.net/show/a166df875909
I can't see anything else than this SSL error and what seems to be a missing python
module : "ImportError: No module named dnf"
Can you s
>'ovirt-engine-extensions-tool' logs would be more helpfull.
Here it is :
https://bpaste.net/show/a166df875909
I can't see anything else than this SSL error and what seems to be a missing
python module : "ImportError: No module named dnf"
Can you see something else or do you have any idea of wh
>Well startTLS is prefered always before ldaps, not only in AD. So maybe
>you can open
>documentation bug, so we will properly describe how this DNS SRV server
>set works and what
>needs to be done, to get it properly working.
Ok, I'll do that. I counted : that will be my 18th bug in my list (co
On 05/27/2016 11:15 AM, Alexis HAUSER wrote:
you use '_ldaps._tcp' in ovirt not '_ldap._tcp' as in dig.
And '_ldaps' is what's missing in your DNS.
Oh ! you're right, I didn't even see that ! I was confused by all this. I'll
ask someone to add these SRV records.
Unfortunatelly using '_ldap
>you use '_ldaps._tcp' in ovirt not '_ldap._tcp' as in dig.
>And '_ldaps' is what's missing in your DNS.
Oh ! you're right, I didn't even see that ! I was confused by all this. I'll
ask someone to add these SRV records.
>Unfortunatelly using '_ldaps._tcp' is not any standart. But that's what
On 05/26/2016 05:28 PM, Alexis HAUSER wrote:
This is really weird : If I manually run : dig _ldap._tcp.my_forst_name.com SRV
^_ldap
I can see the 4 AD servers in ANSWER, AUTHORITY and ADDITIONAL SECTION
If I use : pool.default.serverset.srvrecord.service = ldaps
In the logs I see this : "An
This is really weird : If I manually run : dig _ldap._tcp.my_forst_name.com SRV
I can see the 4 AD servers in ANSWER, AUTHORITY and ADDITIONAL SECTION
If I use : pool.default.serverset.srvrecord.service = ldaps
In the logs I see this : "An error occurred while attempting to query DNS in
order to
On 05/26/2016 03:35 PM, Alexis HAUSER wrote:
So it means that aaa-ldap then tries to do following:
LDAPTLS_CACERT=/somewhere/myca.pem ldapsearch -H
ldaps://mydomain.com:389 -x -D 'CN=Something,DC=myserver,DC=come' -w
'mypaswd' -b 'CN=users,DC=something,DC=com'
Which won't work, because you do lda
>So it means that aaa-ldap then tries to do following:
>LDAPTLS_CACERT=/somewhere/myca.pem ldapsearch -H
>ldaps://mydomain.com:389 -x -D 'CN=Something,DC=myserver,DC=come' -w
>'mypaswd' -b 'CN=users,DC=something,DC=com'
>Which won't work, because you do ldaps on 389 port. (I guess it don't
>work
On 05/26/2016 11:56 AM, Alexis HAUSER wrote:
Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On
the DNS server I'm using ?
On DNS you are using, usually on AD DNS.
Well actually this DNS name doesn't exist and seem to be only an unspecified
variable in ovirt...I hav
>> Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On
>> the DNS server I'm using ?
>On DNS you are using, usually on AD DNS.
Well actually this DNS name doesn't exist and seem to be only an unspecified
variable in ovirt...I have no reason to create a DNS entry for it.
On 05/26/2016 10:11 AM, Alexis HAUSER wrote:
You use 389 with SSL? I guess you wrongly specified it.
But, if you want to use SSL and you have it on 636, then you should
create new SRV dns
records for example: _ldaps._tcp.university.mydomain.com ... 636
Where should I add this ? in /etc/hosts ?
>Please don't port 636 for DNS server, 636 is only for LDAPS protocol:
>vars.dns = dns://one.of.adservers.com
Ok, but as I explained, even without using 636, the result is the same.
When using the option "pool.default.serverset.srvrecord.service = ldaps" and
"dns://one.of.adservers.com"
I get
On Thu, May 26, 2016 at 10:11 AM, Alexis HAUSER <
alexis.hau...@telecom-bretagne.eu> wrote:
> >You use 389 with SSL? I guess you wrongly specified it.
> >But, if you want to use SSL and you have it on 636, then you should
> >create new SRV dns
> >records for example: _ldaps._tcp.university.mydomai
On Thu, May 26, 2016 at 10:11 AM, Alexis HAUSER <
alexis.hau...@telecom-bretagne.eu> wrote:
> >You use 389 with SSL? I guess you wrongly specified it.
> >But, if you want to use SSL and you have it on 636, then you should
> >create new SRV dns
> >records for example: _ldaps._tcp.university.mydomai
>You use 389 with SSL? I guess you wrongly specified it.
>But, if you want to use SSL and you have it on 636, then you should
>create new SRV dns
>records for example: _ldaps._tcp.university.mydomain.com ... 636
Where should I add this ? in /etc/hosts ? Somewhere in the ovirt config ? On
the DNS
On 05/25/2016 03:47 PM, Alexis HAUSER wrote:
Can you please send what's happening during initialization of engine?
(logs right after ovirt-engine is restarted).
Or run this command and send output of file 'login.log':
$ ovirt-engine-extensions-tool --log-level=FINEST --log-file=login.log
>Can you please send what's happening during initialization of engine?
>(logs right after ovirt-engine is restarted).
>Or run this command and send output of file 'login.log':
> $ ovirt-engine-extensions-tool --log-level=FINEST --log-file=login.log
>aaa login-user --profile=ad --user-name=som
On 05/25/2016 12:20 PM, Alexis HAUSER wrote:
Hi,
I added an Active Directory server to RHEV, but I can't perform any search and
I don't see any namespace in the interface.
I'm able to perform search using with the same search user DN / passwd and
certificate :
LDAPTLS_CACERT=/somewhere/myca.
Hi,
I added an Active Directory server to RHEV, but I can't perform any search and
I don't see any namespace in the interface.
I'm able to perform search using with the same search user DN / passwd and
certificate :
LDAPTLS_CACERT=/somewhere/myca.pem ldapsearch -H ldaps://myserver.com -x -D
'
30 matches
Mail list logo