Hi, I don't use ldap myself so I may be of limited value.
First it would also useful to confirm that ldap works as expected over ssl by performing a ldapsearch -vx -ZZ <whatever you need to test your search> from your puppetmaster using the credentials you need. It would also be good to see the puppet.conf you are using that shows your ldap settings. I do notice you're using non standard ldaps port. Cheers, Den On 26/11/2011, at 7:24, Ganesh Sharma <[email protected]> wrote: > Hello, > > First of all thanks for such a great software and that too for no > cost. > I'm describing the problem below along with my Environment Details: > 1. LDAP: openDS > 2. Puppet: Version 2.7.3 (Both clients and servers) > 3. Certificates being used: Signed by cacert.org > 4. Node Definitions: in openDS > 5. LDAP(SSL) Port: 1636 > 6. Puppet Port: 8140 > 7. Puppet Runs by: Webrick > > Problem: > We have lot of servers which we control by puppet and the puppet node > definitions are stored in LDAP. > Everything was going perfect earlier. But for few days I see below > error: > > ------- > warning: Retrying LDAP connection > err: Failed when searching for node xxxxx.domain.com : LDAP Search > failed > ------- > > This error is for all the nodes. The server runs perfectly at port > 1389 which is non-ssl port. > > Solutions Applied: > > 1. Installed cacert's root certificate ca-bundle.crt in /etc/pki/tls/ > certs/ at puppet server. > 2. Tried to run the server at 1389 and still running it. But we fear > due to security reasons. > 3. Tried to install the cacert in openssl way i.e created soft link of > server to `hash of ca-bundle.crt`.0, but that too did not work. > > Any help provided will be highly appreciated. Since this is my first > post, please ignore my errors, but do let me know. And also, before > posting this, I searched this group for any possible solutions, but > did not find any. > > --- > Thanks > Ganesh > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
