Monday, April 5, 2021

[389-users] Re: Cert Problems with dsidm, and...

On 4/5/21 2:02 PM, Bryan K. Walton wrote:
Hi Mark,    I've created our /root/.dsrc file.  I'm still getting the same error:    Error: Can't contact LDAP server - error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)    As for the version, our system is up to date.  Maybe  389-ds-base- isn't in the CentOS repos, yet?

The build was done two weeks ago, it should be available on centos 8:

Try this out.  If it still fails, can you confirm that the settings you used in .dsrc match the server on that machine?  Your .dsrc. probaly should not reference "slapd-localhost" but whatever instance name was ued during server setup.

The last option is just to use ldapi instead of ldaps.  To use ldapi you can remove the "uri" from the .dsrc because the tool use LDAPI by default, or change "uri" to use "ldapi:// ..."

An example can be seen here:

    uri = ldapi://%2fvar%2frun%2fslapd-YOUR_INSTANCE.socket


    -Bryan      On Mon, Apr 05, 2021 at 12:18:00PM -0400, Mark Reynolds wrote:  
  On 4/5/21 12:06 PM, Mark Reynolds wrote:  
  On 4/5/21 10:55 AM, Bryan K. Walton wrote:  
On Mon, Apr 05, 2021 at 10:42:45AM -0400, Mark Reynolds wrote:  
Hi Bryan,    What version of 389-ds-base is installed?  
Results of "rpm -qi 389-ds-base"    Version     :  Release     : 1.module_el8+10764+2b5f8656  Install Date: Mon 01 Feb 2021 09:33:07 AM CST  Source RPM  : 389-ds-base-  
Did you see my other comments from my previous email about the .dsrc  file?  
  And, I strongly suggest upgrading to: 389-ds-base-   I think there  are other bugs in that might prevent the .dsrc from working  correctly.    Mark    
--     389 Directory Server Development Team    
_______________________________________________  389-users mailing list --  To unsubscribe send an email to  Fedora Code of Conduct:  List Guidelines:  List Archives:  Do not reply to spam on the list, report it:  
--     389 Directory Server Development Team

No comments:

Post a Comment