Thanks Den for your reply. Yes search works perfectly. I tried it multiple times and it still works. It works at non-ssl port as well.
So far as non-standard port is concerned, openDS LDAP uses 1636 port as standard. Moreover it had been working in past at port 1636. Here is the puppet.conf file in use: At present ssl settings are commented out. =================================================================================== [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl node_terminus = ldap [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig server = puppet-server.domain,com report = false runinterval = 30 [master] node_terminus = ldap ldapssl = false #ldapssl = true ldapserver = puppet-server.domain,com ldapbase = ou=appliances,o=gluu #ldapport = 1636 ldapport = 1389 ldapuser = cn=directory manager ldappassword = ******** =================================================================================== On Nov 26, 2:22 am, Denmat <tu2bg...@gmail.com> wrote: > Hi, > > I don't use ldap myself so I may be of limited value. > > First it would also useful to confirm that ldap works as expected over ssl by > performing a ldapsearch -vx -ZZ <whatever you need to test your search> from > your puppetmaster using the credentials you need. > > It would also be good to see the puppet.conf you are using that shows your > ldap settings. I do notice you're using non standard ldaps port. > > Cheers, > Den > > On 26/11/2011, at 7:24, Ganesh Sharma <worldiswelc...@gmail.com> wrote: > > > Hello, > > > First of all thanks for such a great software and that too for no > > cost. > > I'm describing the problem below along with my Environment Details: > > 1. LDAP: openDS > > 2. Puppet: Version 2.7.3 (Both clients and servers) > > 3. Certificates being used: Signed by cacert.org > > 4. Node Definitions: in openDS > > 5. LDAP(SSL) Port: 1636 > > 6. Puppet Port: 8140 > > 7. Puppet Runs by: Webrick > > > Problem: > > We have lot of servers which we control by puppet and the puppet node > > definitions are stored in LDAP. > > Everything was going perfect earlier. But for few days I see below > > error: > > > ------- > > warning: Retrying LDAP connection > > err: Failed when searching for node xxxxx.domain.com : LDAP Search > > failed > > ------- > > > This error is for all the nodes. The server runs perfectly at port > > 1389 which is non-ssl port. > > > Solutions Applied: > > > 1. Installed cacert's root certificate ca-bundle.crt in /etc/pki/tls/ > > certs/ at puppet server. > > 2. Tried to run the server at 1389 and still running it. But we fear > > due to security reasons. > > 3. Tried to install the cacert in openssl way i.e created soft link of > > server to `hash of ca-bundle.crt`.0, but that too did not work. > > > Any help provided will be highly appreciated. Since this is my first > > post, please ignore my errors, but do let me know. And also, before > > posting this, I searched this group for any possible solutions, but > > did not find any. > > > --- > > Thanks > > Ganesh > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.