2015-07-23 8:41 GMT+02:00 Alexander Bokovoy <aboko...@redhat.com>:
> On Thu, 23 Jul 2015, Ludwig Krispenz wrote: > >> - Directory server starts just fine but serves only port 389 >>> - krb5kdc starts just fine and works fine with LDAP server >>> - Dogtag tries to use LDAP server via port 636 and fails >>> >>> We need to see why port 636 is disabled. >>> >> why do you think so ? There is: >> >> [22/Jul/2015:18:14:54 +0200] - slapd started. Listening on All >> Interfaces port 389 for LDAP requests >> [22/Jul/2015:18:14:54 +0200] - Listening on All Interfaces port 636 for >> LDAPS requests >> [22/Jul/2015:18:14:54 +0200] - Listening on >> /var/run/slapd-NUMEEZY-FR.socket for LDAPI requests >> > Missed that part. However, dogtag was failing in accessing LDAP over > port 636. > > but what is failing is: >> agmt="cn=cloneAgreement1-inf-ipa-2.numeezy.fr-pki-tomcat" (inf-ipa:7389): >> Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP >> server) () >> >> Is dogtag on a different instance ? why do we use port 7389 ? >> > Because it was migration from RHEL6 to RHEL7. In RHEL6 dogtag was living > in a separate instance. > > -- > / Alexander Bokovoy > > If the problem is too hard to solve, maybe I should try to deploy another replica ?
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project