On 01/10/2018 10:06 AM, Harald Dunkel via FreeIPA-users wrote:
On 12/14/17 17:09, Harald Dunkel via FreeIPA-users wrote:
Hi Flo, Rob,

On 12/14/17 9:27 AM, Florence Blanc-Renaud via FreeIPA-users wrote:

The files should contain multiple certificates (IPA CA and the external CA certificates). If it is not the case, please check first if there were AVC issues (if running in SElinux enforcing mode), and feel free to file a bug.


You are right, its a set of certificates.


Maybe a related problem: ldapmodify gives me

% ldapmodify -ZZ -D "cn=directory manager" -W -a
ldap_start_tls: Operations error (1)
         additional info: SSL connection already established.

Hi,

with -ZZ ldapsearch will be using startTLS and the error means that it's trying to establish a startTLS session over an ssl connection. This probably happens because the /etc/openldap/ldap.conf (or ldaprc, .ldaprc) defines URI ldaps://hostname

Can you try with ldap instead of ldaps:
ldapmodify -ZZ -D "cn=directory manager" -W  -H ldap://`hostname`

HTH,
Flo

???

Regards
Harri
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to