Harshavardhana wrote:
Hi Everyone,

I have been recently configuring "Freeipa" server and client which i have achieved successfully.

But i have hit a roadblock when i tried to "replicate" ipa server configuration from one already working node to another node. This is on "Fedora 11".

I have followed exactly the same instructions written in "Replicate" documentation.

But creating "ipa-replica-prepare" and then on the replica server with "ipa-replica-install".

I have debug logs from the "replica-install" . It fails right at the time of "SSL" and complains about failing to connect with LDAP server on that node.

Snippet from the debug logs
2010-03-22 13:23:11,660 DEBUG done configuring dirsrv.
2010-03-22 13:23:11,695 DEBUG Connection error: {'info': 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', 'desc': "Can't contact LDAP server"} 2010-03-22 13:23:11,697 DEBUG Unable to connect to LDAP server testserver.gluster.priv.
  File "/usr/sbin/ipa-replica-install", line 294, in <module>

  File "/usr/sbin/ipa-replica-install", line 254, in main
raise RuntimeError("Unable to connect to LDAP server %s." % config.host_name)

Can someone explain how can i fix this issue and the way forward in getting this working?.


Can you give us some more information on your set up? Are you using the built-in IPA CA for your SSL certificates or did you replace them at some point?

Can you confirm that ports 636 and 389 are open in the firewall on each of your IPA servers?


Freeipa-users mailing list

Reply via email to