<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1" bgcolor="#FFFFFF">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;"><br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<div>asked:   Can you provide your /etc/openldap/ldap.conf?<br>
<br>
<br>
answer:<br>
<br>
/etc/openldap/ldap.con<br>
#File modified by ipa-client-install<br>
<br>
URI ldaps://se-idm-01.boingo.com<br>
BASE dc=boingo,dc=com<br>
TLS_CACERT /etc/ipa/ca.crt<br>
TLS_CACERTDIR /etc/openldap/cacerts/<br>
TLS_REQCERT allow<br>
ping <br>
<br>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">TLS: certificate [CN=QATESTDC2.boingoqa.local] is not valid - error -8179:Peer's Certificate issuer is not recognized..<br>
</div>
</blockquote>
<br>
This is saying QATESTDC2.boingoqa.local cannot be resolved - or the IP address does not match.<br>
<br>
This is usually a problem, but perhaps you have set your ldap.conf to continue despite this problem?<br>
PING qatestdc2.boingoqa.local (10.194.55.48) 56(84) bytes of data.<br>
64 bytes from qatestdc2.boingoqa.local (10.194.55.48): icmp_seq=1 ttl=124 time=0.559 ms<br>
64 bytes from qatestdc2.boingoqa.local (10.194.55.48): icmp_seq=2 ttl=124 time=0.660 ms<br>
^C<br>
--- qatestdc2.boingoqa.local ping statistics ---<br>
2 packets transmitted, 2 received, 0% packet loss, time 1070ms<br>
rtt min/avg/max/mdev = 0.559/0.609/0.660/0.056 ms<br>
<br>
<br>
<br>
<br>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">TLS certificate verification: subject: CN=QATESTDC2.boingoqa.local, issuer: CN=SKYWARPCA,DC=boingoqa,DC=local, cipher: AES-128, security level: high, secret key bits: 128, total key
 bits: 128, cache hits: 0, cache misses: 0, cache not reusable: 0<br>
Enter LDAP Password: <br>
ldap_sasl_bind<br>
ldap_send_initial_request<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</body>
</html>