Re: errors with ldap/init-directory
On mar 31, Jan Kowalsky wrote:
since my first test with the debops_service_slapd role and an slapd
server worked at a first glance I now run into an error:
slapd server is up and running and i can connect with ssl and the
cn=admin user via ldapsearch.
You tested this on the remote host itself? The 'pki' role ensures that the
DebOps internal CA is trusted, but hosts outside of the DebOps control, like
the Ansible Controller itself if you don't manage it with DebOps, don't trust
the new CA by default.
next step was:
debops ldap/init-directory -l test-ldap.test.example.de -vvv
and now I get:
Error messages sounds like there is a problem with tls. But
ldapsearch
with TLS seems to work and pki looks fine.
Did you run the 'ldapsearch' command from the Ansible Controller itself?
DebOps 'ldap' role runs the LDAP tasks on the Ansible Controller and contacts
the LDAP server remotely.
You might need to add the DebOps CA to your system CA certificate store. If
it's Debian-based, you can put the created RootCA certificate from
'secret/pki/ca-certificates/' directory in
'/usr/local/share/ca-certificates/'
directory on your system and run 'update-ca-certificates'. After that your
local 'ldapsearch' client should trust the CA and be able to talk with the
server.
Let me know if that fixed the issue.
Cheers,
Maciej
Attachments:
- signature.asc (application/pgp-signature — 618 bytes)