Environment
Novell Data Synchronizer
SUSE Linux Enterprise Server 11 Service Pack 2
Situation
You might run into LDAP connectivity problems during new Datasync install on SLES11 with SP2 applied or on existing Datasync installations after applying SP2.
Resolution
With the SP2 of SLES11 there were changes made in LDAP client configuration:
"5.4.1. Stricter SSL Certificate Checks for LDAP Clients With SP2 LDAP clients default to a stricter default setting for certificate verification. For that to work correctly, the CA certificate used to sign the LDAP server's certificate needs to be available on the client's file system. The YaST LDAP client module was enhanced to provide a way to download the CA certificate from a URL or to configure a file or directory from which the LDAP client should load the CA certificate. When updating from an SP1 system, this settings is not enabled automatically. To enable it, start the YaST LDAP client configuration wizard and configure a valid CA certificate to verify your LDAP server's certificate. Then make sure that /etc/openldap/ldap.conf either contains no TLS_REQCERT setting or set it to "demand" or "hard".
Therefore if you run into LDAP configuration problems with Datasync, verify if this is your case. Open the /etc/openldap/ldap.conf and check if the TLS_REQCERT parameter is listed. If yes, change its settings to the value "allow".
Alternatively you can keep TLS_REQCERT with a default value "hard" and add / correct next parameter that explains the LDAP client where is a certificate file location, i.e. anything like in example bellow:
TLS_CACERTDIR /etc/ssl/certs