Re: errors with ldap/init-directory

Hi Maciej, thanks for answer. Am Mittwoch, den 31.03.2021, 09:28 +0200 schrieb Maciej Delmanowski: yes, the ldapsearch command I tested on the remote host. I understand. You are right. Since we use an ansible controller for multiple debops projects the ca's from the several projects weren't included in the ca-certificates of the controller. No, since this isn't easy because the target ldap server is only reachable through ssh proxy jump and is not directly accessible. Ok, I did. But this wasn't enough. So my understanding now is that the ldap commands are executed directly from the controller - so the ldap port has to be open and routing has to work. I just brought the target ldap server into the local network and it worked. Since (most of? all?) other roles just rely on remote ssh connections I didn't think about this possibility. Is there any reason why the ldap statements are not executed remote? And is there any possiblity to change this behaviour? As long as I understand the ldap server (and all other hosts in the network?) have to be reachable from the ansible controller for all ldap based operations. This is in fact a limitation for our purposes. Is someone have any ideas ... Thanks and regards Jan