asked:   Can you provide your /etc/openldap/ldap.conf?


#File modified by ipa-client-install

URI ldaps://
BASE dc=boingo,dc=com
TLS_CACERT /etc/ipa/ca.crt
TLS_CACERTDIR /etc/openldap/cacerts/

TLS: certificate [CN=QATESTDC2.boingoqa.local] is not valid - error 
-8179:Peer's Certificate issuer is not recognized..

This is saying QATESTDC2.boingoqa.local cannot be resolved - or the IP address 
does not match.

This is usually a problem, but perhaps you have set your ldap.conf to continue 
despite this problem?
PING qatestdc2.boingoqa.local ( 56(84) bytes of data.
64 bytes from qatestdc2.boingoqa.local ( icmp_seq=1 ttl=124 
time=0.559 ms
64 bytes from qatestdc2.boingoqa.local ( icmp_seq=2 ttl=124 
time=0.660 ms
--- qatestdc2.boingoqa.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1070ms
rtt min/avg/max/mdev = 0.559/0.609/0.660/0.056 ms

TLS certificate verification: subject: CN=QATESTDC2.boingoqa.local, issuer: 
CN=SKYWARPCA,DC=boingoqa,DC=local, cipher: AES-128, security level: high, 
secret key bits: 128, total key bits: 128, cache hits: 0, cache misses: 0, 
cache not reusable: 0
Enter LDAP Password:

Freeipa-users mailing list

Reply via email to