Harshavardhana wrote:
Hi Everyone,
I have been recently configuring "Freeipa" server and client which
i have achieved successfully.
But i have hit a roadblock when i tried to "replicate" ipa server
configuration from one already working node to another node. This is on
"Fedora 11".
I have followed exactly the same instructions written in "Replicate"
documentation.
But creating "ipa-replica-prepare" and then on the replica server with
"ipa-replica-install".
I have debug logs from the "replica-install" . It fails right at the
time of "SSL" and complains about failing to connect with LDAP server on
that node.
Snippet from the debug logs
---
2010-03-22 13:23:11,660 DEBUG done configuring dirsrv.
2010-03-22 13:23:11,695 DEBUG Connection error: {'info':
'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed', 'desc': "Can't contact LDAP server"}
2010-03-22 13:23:11,697 DEBUG Unable to connect to LDAP server
testserver.gluster.priv.
File "/usr/sbin/ipa-replica-install", line 294, in <module>
main()
File "/usr/sbin/ipa-replica-install", line 254, in main
raise RuntimeError("Unable to connect to LDAP server %s." %
config.host_name)
----
Can someone explain how can i fix this issue and the way forward in
getting this working?.
Thanks
Can you give us some more information on your set up? Are you using the
built-in IPA CA for your SSL certificates or did you replace them at
some point?
Can you confirm that ports 636 and 389 are open in the firewall on each
of your IPA servers?
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
