1:28 a.m.
Hi all,
since my first test with the debops_service_slapd role and an slapd
server worked at a first glance I now run into an error:
My proceeding was like:
Set up an slapd server with
debops bootstrap -l test-ldap.test.example.de
(-> put host in group debops_service_slapd)
debops -l test-ldap.test.example.de
slapd server is up and running and i can connect with ssl and the
cn=admin user via ldapsearch.
next step was:
debops ldap/init-directory -l test-ldap.test.example.de -vvv
and now I get:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
task path:
/usr/local/share/debops/debops/ansible/roles/ldap/tasks/ldap_tasks.yml:6
The full traceback is:
Traceback (most recent call last):
File
"/tmp/ansible_ldap_entry_payload_ks3b4tbf/ansible_ldap_entry_payload.zip/ansible/module_utils/ldap.py",
line 66, in _connect_to_ldap
connection.start_tls_s()
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 864, in
start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in
_ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in
_ldap_call
result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server",
'errno': 22,
'info': 'Invalid argument'}
fatal: [test-ldap.test.example.de -> localhost]: FAILED! => changed=false
details: '{''desc'': "Can''t contact LDAP server",
''errno'': 22,
''info'': ''Invalid argument''}'
invocation:
module_args:
attributes: {}
bind_dn: cn=admin,dc=test,dc=example,dc=de
bind_pw: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
dn: cn=admin,dc=test,dc=example,dc=de
objectClass: null
params: null
server_uri: ldaps://test-ldap.test.example.de
start_tls: true
state: absent
validate_certs: true
msg: Cannot start TLS.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error messages sounds like there is a problem with tls. But ldapsearch
with TLS seems to work and pki looks fine.
Any idea?
Kind regards
Jan