[Freeipa-users] FreeIPA - Replicate Setup fails with SSL Error
Rob Crittenden
rcritten at redhat.com
Mon Mar 22 17:36:39 UTC 2010
Harshavardhana wrote:
> Hi Everyone,
>
> I have been recently configuring "Freeipa" server and client which
> i have achieved successfully.
>
> But i have hit a roadblock when i tried to "replicate" ipa server
> configuration from one already working node to another node. This is on
> "Fedora 11".
>
> I have followed exactly the same instructions written in "Replicate"
> documentation.
>
> But creating "ipa-replica-prepare" and then on the replica server with
> "ipa-replica-install".
>
> I have debug logs from the "replica-install" . It fails right at the
> time of "SSL" and complains about failing to connect with LDAP server on
> that node.
>
> Snippet from the debug logs
> ---
> 2010-03-22 13:23:11,660 DEBUG done configuring dirsrv.
> 2010-03-22 13:23:11,695 DEBUG Connection error: {'info':
> 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed', 'desc': "Can't contact LDAP server"}
> 2010-03-22 13:23:11,697 DEBUG Unable to connect to LDAP server
> testserver.gluster.priv.
> File "/usr/sbin/ipa-replica-install", line 294, in <module>
> main()
>
> File "/usr/sbin/ipa-replica-install", line 254, in main
> raise RuntimeError("Unable to connect to LDAP server %s." %
> config.host_name)
> ----
>
> Can someone explain how can i fix this issue and the way forward in
> getting this working?.
>
> Thanks
Can you give us some more information on your set up? Are you using the
built-in IPA CA for your SSL certificates or did you replace them at
some point?
Can you confirm that ports 636 and 389 are open in the firewall on each
of your IPA servers?
rob
More information about the Freeipa-users
mailing list