Discussion:
[Freeipa-users] cannot connect to ldaps during replica install, port 636 not listening
Chris Herdt
2017-03-02 00:07:52 UTC
Permalink
I am attempting to set up a FreeIPA 4.4.0 replica on CentOS 7.3 from a
FreeIPA 3.0.0 master on CentOS 6.8 following the steps at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html

At this step:
ipa-replica-install --ip-address=xxx.xxx.xxx.xxx --mkhomedir
/var/lib/ipa/replica-info-replicaname.example.com.gpg

I get the error:
ERROR cannot connect to 'ldaps://master.example.com'

I ran ipa-replica-conncheck and found that port 636 is not accessible:
Port check failed! Inaccessible port(s): 636 (TCP)

The port is not blocked. I'm wondering where in the configuration for
FreeIPA 3.0.0 I should check the LDAPS (mis)configuration, or if there is a
way I can specify to use port 389 for setting up the replica.

Thanks!
--
Chris Herdt
Systems Administrator
Martin Basti
2017-03-02 08:48:29 UTC
Permalink
Post by Chris Herdt
I am attempting to set up a FreeIPA 4.4.0 replica on CentOS 7.3 from a
FreeIPA 3.0.0 master on CentOS 6.8 following the steps at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html
ipa-replica-install --ip-address=xxx.xxx.xxx.xxx --mkhomedir
/var/lib/ipa/replica-info-replicaname.example.com.gpg
ERROR cannot connect to 'ldaps://master.example.com
<http://master.example.com>'
Port check failed! Inaccessible port(s): 636 (TCP)
The port is not blocked. I'm wondering where in the configuration for
FreeIPA 3.0.0 I should check the LDAPS (mis)configuration, or if there
is a way I can specify to use port 389 for setting up the replica.
Thanks!
--
Chris Herdt
Systems Administrator
Hello,
this is known issue only in FreeIPA 4.4.x, this will be fixed in next
minor update which should be released soon to RHEL7.3 (I don't know how
fast it will be in Centos)

so you can wait, or enable it manually (not nice)

sorry for troubles
Martin
Chris Herdt
2017-03-02 15:55:28 UTC
Permalink
Post by Chris Herdt
I am attempting to set up a FreeIPA 4.4.0 replica on CentOS 7.3 from a
FreeIPA 3.0.0 master on CentOS 6.8 following the steps at
https://access.redhat.com/documentation/en-US/Red_Hat_
Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_
Guide/upgrading.html
ipa-replica-install --ip-address=xxx.xxx.xxx.xxx --mkhomedir
/var/lib/ipa/replica-info-replicaname.example.com.gpg
ERROR cannot connect to 'ldaps://master.example.com'
Port check failed! Inaccessible port(s): 636 (TCP)
The port is not blocked. I'm wondering where in the configuration for
FreeIPA 3.0.0 I should check the LDAPS (mis)configuration, or if there is a
way I can specify to use port 389 for setting up the replica.
Thanks!
--
Chris Herdt
Systems Administrator
Hello,
this is known issue only in FreeIPA 4.4.x, this will be fixed in next
minor update which should be released soon to RHEL7.3 (I don't know how
fast it will be in Centos)
so you can wait, or enable it manually (not nice)
sorry for troubles
Martin
Thanks for the reply! Before attempting this in my production environment,
I had set up a similar configuration in a test environment (FreeIPA 3.0.0
master on CentOS 6.8, FreeIPA 4.4.0 replica on CentOS 7.3) and the
ipa-replica-install went fine. I assumed this was an issue with my FreeIPA
3.0.0 production server.

To enable the fix manually, I'm assuming I'd need to install FreeIPA from
source on the intended replica? If I download the 4.4.3 release from
https://pagure.io/freeipa/releases, will that be sufficient?

Thanks again.
--
Chris Herdt
Systems Administrator
Martin Basti
2017-03-02 16:06:47 UTC
Permalink
Post by Martin Basti
Post by Chris Herdt
I am attempting to set up a FreeIPA 4.4.0 replica on CentOS 7.3
from a FreeIPA 3.0.0 master on CentOS 6.8 following the steps at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html
<https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html>
ipa-replica-install --ip-address=xxx.xxx.xxx.xxx --mkhomedir
/var/lib/ipa/replica-info-replicaname.example.com.gpg
ERROR cannot connect to 'ldaps://master.example.com
<http://master.example.com>'
Port check failed! Inaccessible port(s): 636 (TCP)
The port is not blocked. I'm wondering where in the configuration
for FreeIPA 3.0.0 I should check the LDAPS (mis)configuration, or
if there is a way I can specify to use port 389 for setting up
the replica.
Thanks!
--
Chris Herdt
Systems Administrator
Hello,
this is known issue only in FreeIPA 4.4.x, this will be fixed in
next minor update which should be released soon to RHEL7.3 (I
don't know how fast it will be in Centos)
so you can wait, or enable it manually (not nice)
sorry for troubles
Martin
Thanks for the reply! Before attempting this in my production
environment, I had set up a similar configuration in a test
environment (FreeIPA 3.0.0 master on CentOS 6.8, FreeIPA 4.4.0 replica
on CentOS 7.3) and the ipa-replica-install went fine. I assumed this
was an issue with my FreeIPA 3.0.0 production server.
To enable the fix manually, I'm assuming I'd need to install FreeIPA
from source on the intended replica? If I download the 4.4.3 release
from https://pagure.io/freeipa/releases, will that be sufficient?
Sorry,
I probably misread what you wrote, I thought that port is closed on
replica, but now I see that port is closed on 3.3.0 master, so this is
something different. I'm not aware of any issue on 3.3.0 that should
cause this.

Could you check your configuration on 3.3.0 master? Is port opened on
master? Do you have any errors in /var/log/dirsrv/slapd-*/errors log on
master?

Martin
Post by Martin Basti
Thanks again.
--
Chris Herdt
Systems Administrator
Chris Herdt
2017-03-02 17:25:14 UTC
Permalink
Post by Chris Herdt
Post by Chris Herdt
I am attempting to set up a FreeIPA 4.4.0 replica on CentOS 7.3 from a
FreeIPA 3.0.0 master on CentOS 6.8 following the steps at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterp
rise_Linux/7/html/Linux_Domain_Identity_Authentication_and_P
olicy_Guide/upgrading.html
ipa-replica-install --ip-address=xxx.xxx.xxx.xxx --mkhomedir
/var/lib/ipa/replica-info-replicaname.example.com.gpg
ERROR cannot connect to 'ldaps://master.example.com'
Port check failed! Inaccessible port(s): 636 (TCP)
The port is not blocked. I'm wondering where in the configuration for
FreeIPA 3.0.0 I should check the LDAPS (mis)configuration, or if there is a
way I can specify to use port 389 for setting up the replica.
Thanks!
--
Chris Herdt
Systems Administrator
Hello,
this is known issue only in FreeIPA 4.4.x, this will be fixed in next
minor update which should be released soon to RHEL7.3 (I don't know how
fast it will be in Centos)
so you can wait, or enable it manually (not nice)
sorry for troubles
Martin
Thanks for the reply! Before attempting this in my production environment,
I had set up a similar configuration in a test environment (FreeIPA 3.0.0
master on CentOS 6.8, FreeIPA 4.4.0 replica on CentOS 7.3) and the
ipa-replica-install went fine. I assumed this was an issue with my FreeIPA
3.0.0 production server.
To enable the fix manually, I'm assuming I'd need to install FreeIPA from
source on the intended replica? If I download the 4.4.3 release from
https://pagure.io/freeipa/releases, will that be sufficient?
Sorry,
I probably misread what you wrote, I thought that port is closed on
replica, but now I see that port is closed on 3.3.0 master, so this is
something different. I'm not aware of any issue on 3.3.0 that should cause
this.
Could you check your configuration on 3.3.0 master? Is port opened on
master? Do you have any errors in /var/log/dirsrv/slapd-*/errors log on
master?
Martin
When I compare the errors file on my production environment and my test
environment, I do note that the LDAPS entry is missing from my production
environment:

production:
[01/Mar/2017:17:30:07 -0600] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[01/Mar/2017:17:30:07 -0600] - Listening on
/var/run/slapd-PROD-EXAMPLE-COM.socket
for LDAPI requests

test:
[28/Feb/2017:13:37:50 -0600] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[28/Feb/2017:13:37:50 -0600] - Listening on All Interfaces port 636 for
LDAPS requests
[28/Feb/2017:13:37:50 -0600] - Listening on
/var/run/slapd-TEST-EXAMPLE-COM.socket
for LDAPI requests

I'm not sure why it is missing though. Which config file(s) should I be
checking?
--
Chris Herdt
Systems Administrator
Tomas Krizek
2017-03-03 10:22:59 UTC
Permalink
Post by Martin Basti
Post by Martin Basti
Post by Chris Herdt
I am attempting to set up a FreeIPA 4.4.0 replica on CentOS
7.3 from a FreeIPA 3.0.0 master on CentOS 6.8 following the
steps at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html
<https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html>
ipa-replica-install --ip-address=xxx.xxx.xxx.xxx --mkhomedir
/var/lib/ipa/replica-info-replicaname.example.com.gpg
ERROR cannot connect to 'ldaps://master.example.com
<http://master.example.com>'
Port check failed! Inaccessible port(s): 636 (TCP)
The port is not blocked. I'm wondering where in the
configuration for FreeIPA 3.0.0 I should check the LDAPS
(mis)configuration, or if there is a way I can specify to
use port 389 for setting up the replica.
Thanks!
--
Chris Herdt
Systems Administrator
Hello,
this is known issue only in FreeIPA 4.4.x, this will be
fixed in next minor update which should be released soon to
RHEL7.3 (I don't know how fast it will be in Centos)
so you can wait, or enable it manually (not nice)
sorry for troubles
Martin
Thanks for the reply! Before attempting this in my production
environment, I had set up a similar configuration in a test
environment (FreeIPA 3.0.0 master on CentOS 6.8, FreeIPA 4.4.0
replica on CentOS 7.3) and the ipa-replica-install went fine. I
assumed this was an issue with my FreeIPA 3.0.0 production server.
To enable the fix manually, I'm assuming I'd need to install
FreeIPA from source on the intended replica? If I download the
4.4.3 release from https://pagure.io/freeipa/releases
<https://pagure.io/freeipa/releases>, will that be sufficient?
Sorry,
I probably misread what you wrote, I thought that port is closed
on replica, but now I see that port is closed on 3.3.0 master, so
this is something different. I'm not aware of any issue on 3.3.0
that should cause this.
Could you check your configuration on 3.3.0 master? Is port opened
on master? Do you have any errors in
/var/log/dirsrv/slapd-*/errors log on master?
Martin
When I compare the errors file on my production environment and my
test environment, I do note that the LDAPS entry is missing from my
[01/Mar/2017:17:30:07 -0600] - slapd started. Listening on All
Interfaces port 389 for LDAP requests
[01/Mar/2017:17:30:07 -0600] - Listening on
/var/run/slapd-PROD-EXAMPLE-COM.socket for LDAPI requests
[28/Feb/2017:13:37:50 -0600] - slapd started. Listening on All
Interfaces port 389 for LDAP requests
[28/Feb/2017:13:37:50 -0600] - Listening on All Interfaces port 636
for LDAPS requests
[28/Feb/2017:13:37:50 -0600] - Listening on
/var/run/slapd-TEST-EXAMPLE-COM.socket for LDAPI requests
I'm not sure why it is missing though. Which config file(s) should I
be checking?
You can examine the file /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif to check
if the Directory Server has LDAP configured correctly. In particular,
you're interested in:

- nsslapd-security in cn=config
- cn=encryption,cn=config
- cn=RSA,cn=encryption,cn=config

Also, you can check if the certificate for LDAPS is available in the NSS
database:

certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L
Post by Martin Basti
--
Chris Herdt
Systems Administrator
--
Tomas Krizek

GPG key ID: 0xA1FBA5F7EF8C
4869 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
Chris Herdt
2017-03-03 23:51:49 UTC
Permalink
I am attempting to set up a FreeIPA 4.4.0 replica on CentOS 7.3 from a FreeIPA 3.0.0 master on CentOS 6.8 following the steps at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html
ipa-replica-install --ip-address=xxx.xxx.xxx.xxx --mkhomedir /var/lib/ipa/replica-info-replicaname.example.com.gpg
ERROR cannot connect to 'ldaps://master.example.com'
Port check failed! Inaccessible port(s): 636 (TCP)
The port is not blocked. I'm wondering where in the configuration for FreeIPA 3.0.0 I should check the LDAPS (mis)configuration, or if there is a way I can specify to use port 389 for setting up the replica.
Thanks!
--
Chris Herdt
Systems Administrator
Hello,
this is known issue only in FreeIPA 4.4.x, this will be fixed in next minor update which should be released soon to RHEL7.3 (I don't know how fast it will be in Centos)
so you can wait, or enable it manually (not nice)
sorry for troubles
Martin
Thanks for the reply! Before attempting this in my production environment, I had set up a similar configuration in a test environment (FreeIPA 3.0.0 master on CentOS 6.8, FreeIPA 4.4.0 replica on CentOS 7.3) and the ipa-replica-install went fine. I assumed this was an issue with my FreeIPA 3.0.0 production server.
To enable the fix manually, I'm assuming I'd need to install FreeIPA from source on the intended replica? If I download the 4.4.3 release from https://pagure.io/freeipa/releases, will that be sufficient?
Sorry,
I probably misread what you wrote, I thought that port is closed on replica, but now I see that port is closed on 3.3.0 master, so this is something different. I'm not aware of any issue on 3.3.0 that should cause this.
Could you check your configuration on 3.3.0 master? Is port opened on master? Do you have any errors in /var/log/dirsrv/slapd-*/errors log on master?
Martin
[01/Mar/2017:17:30:07 -0600] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[01/Mar/2017:17:30:07 -0600] - Listening on /var/run/slapd-PROD-EXAMPLE-COM.socket for LDAPI requests
[28/Feb/2017:13:37:50 -0600] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[28/Feb/2017:13:37:50 -0600] - Listening on All Interfaces port 636 for LDAPS requests
[28/Feb/2017:13:37:50 -0600] - Listening on /var/run/slapd-TEST-EXAMPLE-COM.socket for LDAPI requests
I'm not sure why it is missing though. Which config file(s) should I be checking?
- nsslapd-security in cn=config
- cn=encryption,cn=config
- cn=RSA,cn=encryption,cn=config
certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L
nsslapd-security was set to off. I set it to on, but SSL failed.

There were no certificates listed--which I think explains why SSL
failed--when running:
certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L

ipa-getcert list shows several certs, including one with
location='/etc/dirsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
Certificate DB' -- I'm not sure where this cert exists though.

I assume I need to get the NSS db to recognize the Server-Cert, for example:
certutil -A -d /etc/dirsrv/slapd-EXAMPLE-COM -i ?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Tomas Krizek
2017-03-06 09:20:33 UTC
Permalink
Post by Chris Herdt
I am attempting to set up a FreeIPA 4.4.0 replica on CentOS 7.3 from a FreeIPA 3.0.0 master on CentOS 6.8 following the steps at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html
ipa-replica-install --ip-address=xxx.xxx.xxx.xxx --mkhomedir /var/lib/ipa/replica-info-replicaname.example.com.gpg
ERROR cannot connect to 'ldaps://master.example.com'
Port check failed! Inaccessible port(s): 636 (TCP)
The port is not blocked. I'm wondering where in the configuration for FreeIPA 3.0.0 I should check the LDAPS (mis)configuration, or if there is a way I can specify to use port 389 for setting up the replica.
Thanks!
--
Chris Herdt
Systems Administrator
Hello,
this is known issue only in FreeIPA 4.4.x, this will be fixed in next minor update which should be released soon to RHEL7.3 (I don't know how fast it will be in Centos)
so you can wait, or enable it manually (not nice)
sorry for troubles
Martin
Thanks for the reply! Before attempting this in my production environment, I had set up a similar configuration in a test environment (FreeIPA 3.0.0 master on CentOS 6.8, FreeIPA 4.4.0 replica on CentOS 7.3) and the ipa-replica-install went fine. I assumed this was an issue with my FreeIPA 3.0.0 production server.
To enable the fix manually, I'm assuming I'd need to install FreeIPA from source on the intended replica? If I download the 4.4.3 release from https://pagure.io/freeipa/releases, will that be sufficient?
Sorry,
I probably misread what you wrote, I thought that port is closed on replica, but now I see that port is closed on 3.3.0 master, so this is something different. I'm not aware of any issue on 3.3.0 that should cause this.
Could you check your configuration on 3.3.0 master? Is port opened on master? Do you have any errors in /var/log/dirsrv/slapd-*/errors log on master?
Martin
[01/Mar/2017:17:30:07 -0600] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[01/Mar/2017:17:30:07 -0600] - Listening on /var/run/slapd-PROD-EXAMPLE-COM.socket for LDAPI requests
[28/Feb/2017:13:37:50 -0600] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[28/Feb/2017:13:37:50 -0600] - Listening on All Interfaces port 636 for LDAPS requests
[28/Feb/2017:13:37:50 -0600] - Listening on /var/run/slapd-TEST-EXAMPLE-COM.socket for LDAPI requests
I'm not sure why it is missing though. Which config file(s) should I be checking?
- nsslapd-security in cn=config
- cn=encryption,cn=config
- cn=RSA,cn=encryption,cn=config
certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L
nsslapd-security was set to off. I set it to on, but SSL failed.
There were no certificates listed--which I think explains why SSL
certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L
ipa-getcert list shows several certs, including one with
location='/etc/dirsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
Certificate DB' -- I'm not sure where this cert exists though.
certutil -A -d /etc/dirsrv/slapd-EXAMPLE-COM -i ?
You need a certificate and some Directory Server configuration.

The DocText for #1365858 [1] describes how to turn on LDAPS manually.
Please beware, that this process was tested on IPA 4.4 and it might be a
bit different for older versions.

[1] - https://bugzilla.redhat.com/show_bug.cgi?id=1365858

P.S.: Sorry for sending the message twice, Chris. I forgot to keep the list in reply.
--
Tomas Krizek

PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
Chris Herdt
2017-03-08 15:26:42 UTC
Permalink
Post by Tomas Krizek
Post by Chris Herdt
I am attempting to set up a FreeIPA 4.4.0 replica on CentOS 7.3 from a FreeIPA 3.0.0 master on CentOS 6.8 following the steps at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html
ipa-replica-install --ip-address=xxx.xxx.xxx.xxx --mkhomedir /var/lib/ipa/replica-info-replicaname.example.com.gpg
ERROR cannot connect to 'ldaps://master.example.com'
Port check failed! Inaccessible port(s): 636 (TCP)
The port is not blocked. I'm wondering where in the configuration for FreeIPA 3.0.0 I should check the LDAPS (mis)configuration, or if there is a way I can specify to use port 389 for setting up the replica.
Thanks!
--
Chris Herdt
Systems Administrator
Hello,
this is known issue only in FreeIPA 4.4.x, this will be fixed in next minor update which should be released soon to RHEL7.3 (I don't know how fast it will be in Centos)
so you can wait, or enable it manually (not nice)
sorry for troubles
Martin
Thanks for the reply! Before attempting this in my production environment, I had set up a similar configuration in a test environment (FreeIPA 3.0.0 master on CentOS 6.8, FreeIPA 4.4.0 replica on CentOS 7.3) and the ipa-replica-install went fine. I assumed this was an issue with my FreeIPA 3.0.0 production server.
To enable the fix manually, I'm assuming I'd need to install FreeIPA from source on the intended replica? If I download the 4.4.3 release from https://pagure.io/freeipa/releases, will that be sufficient?
Sorry,
I probably misread what you wrote, I thought that port is closed on replica, but now I see that port is closed on 3.3.0 master, so this is something different. I'm not aware of any issue on 3.3.0 that should cause this.
Could you check your configuration on 3.3.0 master? Is port opened on master? Do you have any errors in /var/log/dirsrv/slapd-*/errors log on master?
Martin
[01/Mar/2017:17:30:07 -0600] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[01/Mar/2017:17:30:07 -0600] - Listening on /var/run/slapd-PROD-EXAMPLE-COM.socket for LDAPI requests
[28/Feb/2017:13:37:50 -0600] - slapd started. Listening on All Interfaces port 389 for LDAP requests
[28/Feb/2017:13:37:50 -0600] - Listening on All Interfaces port 636 for LDAPS requests
[28/Feb/2017:13:37:50 -0600] - Listening on /var/run/slapd-TEST-EXAMPLE-COM.socket for LDAPI requests
I'm not sure why it is missing though. Which config file(s) should I be checking?
- nsslapd-security in cn=config
- cn=encryption,cn=config
- cn=RSA,cn=encryption,cn=config
certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L
nsslapd-security was set to off. I set it to on, but SSL failed.
There were no certificates listed--which I think explains why SSL
certutil -d /etc/dirsrv/slapd-EXAMPLE-COM/ -L
ipa-getcert list shows several certs, including one with
location='/etc/dirsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
Certificate DB' -- I'm not sure where this cert exists though.
certutil -A -d /etc/dirsrv/slapd-EXAMPLE-COM -i ?
You need a certificate and some Directory Server configuration.
The DocText for #1365858 [1] describes how to turn on LDAPS manually.
Please beware, that this process was tested on IPA 4.4 and it might be a
bit different for older versions.
[1] - https://bugzilla.redhat.com/show_bug.cgi?id=1365858
P.S.: Sorry for sending the message twice, Chris. I forgot to keep the list in reply.
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
The steps you provided worked perfectly on my FreeIPA 3.0.0 instance
-- I was able to get LDAPS working and was then able to create the
4.4.0 replica without any further problems. Thanks much for your help!
--
Chris Herdt
Systems Administrator
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Loading...