On 05/02/2016 03:02 PM, Alexis HAUSER wrote:
I am unsure I understand. What is missing in interactive setup to
properly setup TLS?
You just enter CA certificte path/url/system and Java keystore file is
created for you by the tool.
I'll try to generate a new file with the interactive setup and tell you if the
result is different.
So, here is my problem when using the interactive setup :
[ INFO ] Connecting to LDAP using 'ldaps://xxxx:636'
[WARNING] Cannot connect using 'ldaps://xxxx:636': {'info': "TLS error -8172:Peer's
certificate issuer has been marked as not trusted by the user.", 'desc': "Can't contact
LDAP server"}
[ ERROR ] Cannot connect using any of available options
Are you sure you've specified correct CA?
Can you try running this command:
LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x
-D '@USERDN@' -w '@USERPW@' -b '@BASEDN@'
If it fail then most probably you have incorrect CA certificate.
If it succeed, please open bug in bugzilla with logs of setup tool if
possible.
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
