Monday, April 5, 2021

[389-users] Re: Cert Problems with dsidm, and...

> On 6 Apr 2021, at 05:36, Bryan K. Walton <bwalton.21095@leepfrog.com> wrote:
>
> On Mon, Apr 05, 2021 at 02:59:11PM -0400, Mark Reynolds wrote:
>>>
>>> As for the version, our system is up to date. Maybe
>>> 389-ds-base-1.4.3.22-1 isn't in the CentOS repos, yet?
>>
>> The build was done two weeks ago, it should be available on centos 8:
>> https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-MODULAR-2021-5e13f174a7
>
> Looks like it is stuck in testing:
> https://download-ib01.fedoraproject.org/pub/epel/testing/8/Modular/x86_64/Packages/3/
>
>> The last option is just to use ldapi instead of ldaps. To use ldapi you can
>> remove the "uri" from the .dsrc because the tool use LDAPI by default, or
>> change "uri" to use "ldapi:// ..."
>>
>
> I did double check my settings. They are correct. However, using ldapi
> works. So, we have a workaround. Once the new rpm gets out of testing,
> I'll try it *without* ldapi.
>
> We would prefer to not use ldapi, because we have more than one machine
> making dsidm queries to our primary ldap server.

Because it's a cacertdir, have you run openssl rehash in the directory? Else it can't find and load the certs ...


>
> Thanks for your assistance!
> -Bryan
>
> --
> Bryan K. Walton 319-337-3877
> Linux Systems Administrator Leepfrog Technologies, Inc
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)