Joshua J. Kugler wrote:
On Friday, June 21, 2013 14:46:50 Rich Megginson wrote:
On 06/21/2013 02:39 PM, Joshua J. Kugler wrote:
On Friday, June 21, 2013 09:26:36 Rob Crittenden wrote:
We'd need to see /var/log/ipareplica-install.log to see what the LDAP
error is. If you look on the remote master DS access log it may have
additional information on what was requested.
Logs attached.
10.10.0.50 is the new replica.
No metion the new replica in the error logs. At least not that I can see.
2013-06-21T20:12:12Z INFO The ipa-replica-install command failed,
exception: PROTOCOL_ERROR: {'info': 'unsupported extended operation',
'desc': 'Protocol error'}
This is from here:
slapd-PKI-CA.access.log
[21/Jun/2013:13:26:54 -0700] conn=53 fd=64 slot=64 connection from
10.10.0.50 to 10.10.0.4
[21/Jun/2013:13:26:54 -0700] conn=53 op=0 EXT oid="1.3.6.1.4.1.1466.20037"
[21/Jun/2013:13:26:54 -0700] conn=53 op=0 RESULT err=2 tag=120
nentries=0 etime=0
[21/Jun/2013:13:26:54 -0700] conn=53 op=1 UNBIND
The server cannot respond to the startTLS request - which means the
server has not been configured for TLS/SSL.
Thanks for the quick reply!
OK...the system was set up (I assume, I wasn't here) with the standard ipa-
server-install script(s). So, it would seem that it didn't configure the PKI-
CA slapd to use SSL? Are there docs on doing that after the fact? Including
creating the SSL certs, and configuring the slapd server to use them. Being
the same host, could i use the same certs as are in use by the slapd-LAB-
WHAMCLOUD-LAB server? Do you know, off hand, the config file I would need to
tweak to put those settings in place?
j
That doesn't make any sense. Did you disable SSL?
You can see the settings with:
# grep nsslapd-secur /etc/dirsrv/slapd-PKI-IPA/dse.ldif
It's possible that this cert is expired too, can you check that?
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
