[Freeipa-users] cant create winsync reolication
Todd Maugh
tmaugh at boingo.com
Fri Jan 31 23:13:37 UTC 2014
asked: Can you provide your /etc/openldap/ldap.conf?
answer:
/etc/openldap/ldap.con
#File modified by ipa-client-install
URI ldaps://se-idm-01.boingo.com
BASE dc=boingo,dc=com
TLS_CACERT /etc/ipa/ca.crt
TLS_CACERTDIR /etc/openldap/cacerts/
TLS_REQCERT allow
ping
TLS: certificate [CN=QATESTDC2.boingoqa.local] is not valid - error -8179:Peer's Certificate issuer is not recognized..
This is saying QATESTDC2.boingoqa.local cannot be resolved - or the IP address does not match.
This is usually a problem, but perhaps you have set your ldap.conf to continue despite this problem?
PING qatestdc2.boingoqa.local (10.194.55.48) 56(84) bytes of data.
64 bytes from qatestdc2.boingoqa.local (10.194.55.48): icmp_seq=1 ttl=124 time=0.559 ms
64 bytes from qatestdc2.boingoqa.local (10.194.55.48): icmp_seq=2 ttl=124 time=0.660 ms
^C
--- qatestdc2.boingoqa.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1070ms
rtt min/avg/max/mdev = 0.559/0.609/0.660/0.056 ms
TLS certificate verification: subject: CN=QATESTDC2.boingoqa.local, issuer: CN=SKYWARPCA,DC=boingoqa,DC=local, cipher: AES-128, security level: high, secret key bits: 128, total key bits: 128, cache hits: 0, cache misses: 0, cache not reusable: 0
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140131/7c67beb0/attachment.htm>
More information about the Freeipa-users
mailing list