HPE Storage Users Group

A Storage Administrator Community

Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: 3.3.1 MU3 Upgrade - Error: ldap-ssl-cacert must be defined.
PostPosted: Tue Sep 24, 2019 9:34 am 

Joined: Mon Nov 06, 2017 12:53 pm
Posts: 13
Hey everyone. I am working through writing docs to get MU3 installed across our fleet of 3par 8440s. Everything seems to be fine, except when I run the system readiness check I get the following test as failed:

Error: ldap-ssl-cacert must be defined.
Import a LDAP certificate via 'importcert ldap -ca <cert>'.

At the moment we're using a simple ldap binding to a federated AD global catalog (port 3269). We aren't using SSL certificates, and it's working just fine.

Can this failure be safely ignored, or is it a new hard requirement? My big concern is that our organization uses a massive p7b cert chain for its CA cert and a lot of devices have a very hard time leveraging it - 3par included. So a simple binding tends to work best for us.

Per microsoft, global catalogs don't necessarily support SSL by default:
Note that SSL is not available by default on your domain controllers. You need to deploy a PKI and issue certificate for your domain controller.

https://social.technet.microsoft.com/Fo ... inserverDS

So that would seem to indicate that this shouldn't be a hard requirement, correct?

Edit: I've been able to add in our CA root certificate (ignored the rest of the bundle), but doing so automatically switches from simple binding to SASL/DIGEST-MD5. As soon as we do that, we can no longer authenticate. Switching back to simple on the CLI seems to keep the CA cert, but also allows us to authenticate.

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

Who is online

Users browsing this forum: Google [Bot] and 30 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group | DVGFX2 by: Matt