Thanks Den for your reply.
Yes search works perfectly. I tried it multiple times and it still
works.
It works at non-ssl port as well.
So far as non-standard port is concerned, openDS LDAP uses 1636 port
as standard.
Moreover it had been working in past at port 1636.
Here is the puppet.conf file in use:
At present ssl settings are commented out.
===================================================================================
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
node_terminus = ldap
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = puppet-server.domain,com
report = false
runinterval = 30
[master]
node_terminus = ldap
ldapssl = false
#ldapssl = true
ldapserver = puppet-server.domain,com
ldapbase = ou=appliances,o=gluu
#ldapport = 1636
ldapport = 1389
ldapuser = cn=directory manager
ldappassword = ********
===================================================================================
On Nov 26, 2:22 am, Denmat <tu2bg...@gmail.com> wrote:
> Hi,
>
> I don't use ldap myself so I may be of limited value.
>
> First it would also useful to confirm that ldap works as expected over ssl by
> performing a ldapsearch -vx -ZZ <whatever you need to test your search> from
> your puppetmaster using the credentials you need.
>
> It would also be good to see the puppet.conf you are using that shows your
> ldap settings. I do notice you're using non standard ldaps port.
>
> Cheers,
> Den
>
> On 26/11/2011, at 7:24, Ganesh Sharma <worldiswelc...@gmail.com> wrote:
>
> > Hello,
>
> > First of all thanks for such a great software and that too for no
> > cost.
> > I'm describing the problem below along with my Environment Details:
> > 1. LDAP: openDS
> > 2. Puppet: Version 2.7.3 (Both clients and servers)
> > 3. Certificates being used: Signed by cacert.org
> > 4. Node Definitions: in openDS
> > 5. LDAP(SSL) Port: 1636
> > 6. Puppet Port: 8140
> > 7. Puppet Runs by: Webrick
>
> > Problem:
> > We have lot of servers which we control by puppet and the puppet node
> > definitions are stored in LDAP.
> > Everything was going perfect earlier. But for few days I see below
> > error:
>
> > -------
> > warning: Retrying LDAP connection
> > err: Failed when searching for node xxxxx.domain.com : LDAP Search
> > failed
> > -------
>
> > This error is for all the nodes. The server runs perfectly at port
> > 1389 which is non-ssl port.
>
> > Solutions Applied:
>
> > 1. Installed cacert's root certificate ca-bundle.crt in /etc/pki/tls/
> > certs/ at puppet server.
> > 2. Tried to run the server at 1389 and still running it. But we fear
> > due to security reasons.
> > 3. Tried to install the cacert in openssl way i.e created soft link of
> > server to `hash of ca-bundle.crt`.0, but that too did not work.
>
> > Any help provided will be highly appreciated. Since this is my first
> > post, please ignore my errors, but do let me know. And also, before
> > posting this, I searched this group for any possible solutions, but
> > did not find any.
>
> > ---
> > Thanks
> > Ganesh
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group
> > athttp://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
