[Freeipa-users] Solaris 10 client configuration using profile

[Rob Crittenden]

sipazzo wrote:
> okay so this is working with the secure profile, thank you all, but I am getting a ton of errors in my logs on the solaris clients like this:
> 
> Oct 27 13:08:51 dc2.ipadomain.com ldap_cachemgr[15004]: [ID 545954 daemon.error] libsldap: makeConnection: failed to open connection to idm1.ipadomain.com
> Oct 27 13:08:51 dc2.ipadomain.com ldap_cachemgr[15004]: [ID 545954 daemon.error] libsldap: makeConnection: failed to open connection to idm2.ipadomain.com
> Oct 27 13:08:51 dc2.ipadomain.com ldap_cachemgr[15004]: [ID 687686 daemon.warning] libsldap: Falling back to anonymous, non-SSL mode for __ns_ldap_getRootDSE. openConnection: simple bind failed - Can't contact LDAP server
> Oct 27 13:08:51 dc2.ipadomain.com last message repeated 1 time
> Oct 27 13:08:51 dc2.ipadomain.com ldap_cachemgr[15004]: [ID 293258 daemon.warning] libsldap: Status: 81  Mesg: openConnection: simple bind failed - Can't contact LDAP server
> Oct 27 13:08:51 dc2.ipadomain.com ldap_cachemgr[15004]: [ID 545954 daemon.error] libsldap: makeConnection: failed to open connection to idm1-corp.ipadomain.com
> Oct 27 13:08:51 dc2-io.ipadomain.com ldap_cachemgr[15004]: [ID 687686 daemon.warning] libsldap: Falling back to anonymous, non-SSL mode for __ns_ldap_getRootDSE. openConnection: simple bind failed - Can't contact LDAP server
> 
> 
> I think this might be related to trying to use tls:simple for authentication so I went back over the steps for the cert set up and I am unable to generate or import the ca.pem cert into the nssdb database
> 
> certutil -N -d /var/ldap
> certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
> 
> 
> certutil -A -n "ca-cert" -i /etc/ipa/ca.pem -a -t CT -d /var/ldap
> certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

Does the directory /var/ldap exist and can the current user write to it?

rob