0

I'm attempting to use freeIPA with Chef LDAP and running into issues, mainly Chef reports that 'The LDAP server is not available' in the frontend. I have confirmed that LDAP is available (ssh users are able to get in via LDAP).

The IPA server has a self-signed certificate and we are our own cert authority so I'm curious to know if there are other considerations or changes that need to be made. We have many of these IPA servers so getting this many certs is not doable.

frasertweedale
  • 5,424
  • 3
  • 26
  • 38
Michael Hill
  • 85
  • 1
  • 1
  • 6
  • Chef 12 Open Source? – Roland Jun 01 '15 at 19:52
  • @Roland - yes, it's Chef 12. I've tried numerous locations to try and get these certs picked up by Chef with no luck. Sorry for the slow response, somehow missed your message. – Michael Hill Jun 14 '15 at 07:48
  • I'm not sure but: The Omnibus based distributions of chef contain a custom TLS root trust for openssl located at `/opt/opscode/embedded/ssl/certs/cacert.pem` - the LDAP part of chef is afaik Erlang, not sure if Erlang/OTP respects that file. If so, you may want to add your custom certificate/CA to that file. – Roland Jun 14 '15 at 18:09

0 Answers0