Created attachment 917033 [details] engine.log Description of problem: Version-Release number of selected component (if applicable): ovirt-engine-extension-aaa-ldap-0.0.0-0.0.master.el6_5.noarch ovirt-engine-extensions-api-impl-3.5.0-0.0.master.20140629172257.git0b16ed7.el6.noarch How reproducible: always Steps to Reproduce: 1. create trustore with invalid certificate for domain and set it as for ad trustore pool.default.ssl.truststore.file = /tmp/ad.ts Actual results: extension is added but is not working[see attachment engine.log] Expected results: 1) extension is ignored with proper log message why it's ignored or 2) extension is added and proper messege is showed for user why not working if 2) then connected with bug 1106435 Additional info: 2014-07-10 11:26:01,370 ERROR [org.ovirt.engineextensions.aaa.ldap.AuthnExtension] (MSC service thread 1-2) Cannot initialize LDAP framework, deferring initialization. Error: The connection reader was unable to successfully complete TLS negotiation: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found caused by sun.security.validator.ValidatorException: No trusted certificate found
I do not understand the problem. If untrusted SSL connection is found extension should not permit ldap usage.
Well, then ignore that extension configuration. Current situation is that it can be used, with NPE in log.
(In reply to Ondra Machacek from comment #2) > Well, then ignore that extension configuration. > Current situation is that it can be used, with NPE in log. if there is NPE exception in engine log, please open separate bug on engine. extension cannot be disabled, as problem may be temporary. please close this bug if the extension behaves as designed.
Marking it as 3.5.0, if a fix is needed. If not, please close this bug.
Closing, as this is engine bug.
then please don't close as "not a bug" but reassign to the correct component? or if there is already a bug open for this on engine side close as duplicate? Thanks.
(In reply to Sven Kieske from comment #6) > then please don't close as "not a bug" but reassign to the correct component? > or if there is already a bug open for this on engine side close as duplicate? > Thanks. the behavior request is to be closed. a new specific bug can be opened with proper description. moving around bugs with long history that is not entirely relevant is confusing.
(In reply to Alon Bar-Lev from comment #7) > (In reply to Sven Kieske from comment #6) > > then please don't close as "not a bug" but reassign to the correct component? > > or if there is already a bug open for this on engine side close as duplicate? > > Thanks. > > the behavior request is to be closed. > > a new specific bug can be opened with proper description. > > moving around bugs with long history that is not entirely relevant is > confusing. For sure this is BZ, thus can't be closed as NOTABUG. *** This bug has been marked as a duplicate of bug 1117488 ***
I am sorry, but reclosing as notabug, as ignoring truststore/disable extension is not to be done, nor duplicate of bug#1117488 please ping me if you disagree, and we discuss.
Feel free to explain here, why you insist on NOTABUG solution. Based on above, feel free either WONTFIX or keep in standard workflow - thus for tjis tome ASSIGNED.
whatever needed in order to keep this closed.