| 13 | === Trouble shooting === |
| 14 | |
| 15 | ==== Missing certificates for LDAP ==== |
| 16 | If ldapsearch commands fail with the following error message: |
| 17 | {{{ |
| 18 | ldap_start_tls: Can't contact LDAP server (-1) |
| 19 | additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain) |
| 20 | }}} |
| 21 | Try to add the root certificate for our server certificate to the trusted certificates. The root certificate can be found at https://www.pki.dfn.de/fileadmin/PKI/zertifikate/deutsche-telekom-root-ca-2.pem |
| 22 | Download that certificate, then do the following: |
| 23 | {{{ |
| 24 | export LDAPTLS_CACERT=/path/to/certificate/deutsche-telekom-root-ca-2.pem |
| 25 | ldapsearch -v -W -H ldaps://hbpacc.zam.kfa-juelich.de:636 -D o=FZJ,ou=sites,dc=hbp,dc=eu -b "ou=users,dc=hbp,dc=eu" uid |
| 26 | }}} |
| 27 | Afterwards, the LDAP commands should work. |