Novell Home

My Favorites

Close

Please to see your favorites.

Datasync problems with a LDAP connection on SLES11 SP2.

This document (7010753) is provided subject to the disclaimer at the end of this document.

Environment

Novell Data Synchronizer
SUSE Linux Enterprise Server 11 Service Pack 2

Situation

You might run into LDAP connectivity problems during new Datasync install on SLES11 with SP2 applied or on existing Datasync installations after applying SP2.

Resolution

With the SP2 of SLES11 there were changes made in LDAP client configuration:
 
"5.4.1. Stricter SSL Certificate Checks for LDAP Clients With SP2 LDAP clients default to a stricter default setting for certificate verification. For that to work correctly, the CA certificate used to sign the LDAP server's certificate needs to be available on the client's file system. The YaST LDAP client module was enhanced to provide a way to download the CA certificate from a URL or to configure a file or directory from which the LDAP client should load the CA certificate. When updating from an SP1 system, this settings is not enabled automatically. To enable it, start the YaST LDAP client configuration wizard and configure a valid CA certificate to verify your LDAP server's certificate. Then make sure that /etc/openldap/ldap.conf either contains no TLS_REQCERT setting or set it to "demand" or "hard".
 
Therefore if you run into LDAP configuration problems with Datasync, verify if this is your case. Open the /etc/openldap/ldap.conf and check if the TLS_REQCERT parameter is listed. If yes, change its settings to the value "allow".
 
Alternatively you can keep TLS_REQCERT with a default value "hard" and add / correct next parameter that explains the LDAP client where is a certificate file location, i.e. anything like in example bellow:
 
TLS_CACERTDIR /etc/ssl/certs

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7010753
  • Creation Date:07-SEP-12
  • Modified Date:10-DEC-13
    • NovellData Synchronizer
      GroupWise
    • SUSESUSE Linux Enterprise Server

Did this document solve your problem? Provide Feedback