Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

SOLVED! Thank you Flo! That did the trick. Once I made the change to the certificate and restarted the IPA services everything came back up like it was supposed to. High five! *Mike Plemmons | Senior DevOps Engineer | CROSSCHX* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Thu,

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

On 05/18/2017 03:49 PM, Michael Plemmons wrote: *Mike Plemmons | Senior DevOps Engineer | CROSSCHX * 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Thu, May 18, 2017 at 8:02 AM, Florence Blanc-Renaud mailto:f...@redh

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

*Mike Plemmons | Senior DevOps Engineer | CROSSCHX* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Thu, May 18, 2017 at 8:02 AM, Florence Blanc-Renaud wrote: > On 05/15/2017 08:33 PM, Michael Plemmons wrote: > >> I have done more searching in my logs and I see the following errors.

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

On 05/15/2017 08:33 PM, Michael Plemmons wrote: I have done more searching in my logs and I see the following errors. This is in the localhost log file /var/lib/pki/pki-tomcat/logs May 15, 2017 3:08:08 PM org.apache.catalina.core.ApplicationContext log SEVERE: StandardWrapper.Throwable java.lan

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

Michael Plemmons wrote: > I just realized that I sent the reply directly to Rob and not to the > list. My response is inline Ok, this is actually good news. I made a similar proposal in another case and I was completely wrong. Flo had the user do something and it totally fixed their auth error,

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

I just realized that I sent the reply directly to Rob and not to the list. My response is inline *Mike Plemmons | Senior DevOps Engineer | CROSSCHX* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Thu, May 4, 2017 at 9:39 AM, Michael Plemmons < michael.plemm...@crosschx.com> wrote:

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

Michael Plemmons wrote: > I realized that I was not very clear in my statement about testing with > ldapsearch. I had initially run it without logging in with a DN. I was > just running the local ldapsearch -x command. I then tested on > ipa12.mgmt and ipa11.mgmt logging in with a full DN for th

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

I also looked at RUVs and here is what I found. I do not know if anything here is helpful. ldapsearch -ZZ -h ipa11.mgmt.crosschx.com -D "cn=Directory Manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=---))" | grep "nsds50ruv\|nsDS5ReplicaId" nsDS5Rep

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

I ran another test. I started IPA with the ignore service failure option and I tired doing ldap searches like this. ldapsearch -H ldaps://ipa12.mgmt.crosschx.com from both my laptop and from ipa11.mgmt and I get successful returns when logging in as the admin user and as the directory manager.

Re: [Freeipa-users] Could not connect to LDAP server host - IO Error creating JSS SSL Socket:

I realized that I was not very clear in my statement about testing with ldapsearch. I had initially run it without logging in with a DN. I was just running the local ldapsearch -x command. I then tested on ipa12.mgmt and ipa11.mgmt logging in with a full DN for the admin and "cn=Directory Manage