On 02/17/2015 12:08 AM, Rob Crittenden wrote: > Steven Jones wrote: >> ? >> >> ==== >> [root@xx ipa]# ldapsearch -Y GSSAPI -b cn=CAcert,cn=ipa,cn=etc,$SUFFIX >> SASL/GSSAPI authentication started >> SASL username: xxxx >> SASL SSF: 56 >> SASL data security layer installed. >> # extended LDIF >> # >> # LDAPv3 >> # base <cn=CAcert,cn=ipa,cn=etc,> with scope subtree >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # search result >> search: 4 >> result: 32 No such object >> >> # numResponses: 1 > > Did you literally use $SUFFIX? You need to use dc=example,dc=com, > whatever is appropriate for your install. > > rob
Right. Or even easier is to simply delete cn=CAcert,cn=ipa,cn=etc,SUFFIX and then running # ipa-ldap-updater --upgrade again. upload_cacrt.py plugin should simply re-upload the properly encoded certificate. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
