LDAP fails over secure port with DNS name

  • Document ID:7015228
  • Creation Date:18-Jun-2014
  • Modified Date:08-Jul-2014
    • Micro Focus Products:
      eDirectory

Environment

NetIQ eDirectory
Novell Open Enterprise Server 11 (OES 11) Linux
Novell Open Enterprise Server 2 (OES 2) Linux

Situation

LDAP can connect over ip but not over DNS
LDAP fails over 636 port with DNS name
LDAP is not listening on TLS port
LDAP fails over secure port

Resolution

When running the following commands:
This command does not work:
ldapsearch -x -H ldaps:// <DNS name of server>
 
This command does work:
ldapsearch -x -H ldaps://<ipaddress of server>
 
The SSL DNS certificate has the wrong subject name. This can affect other OES components like iPrint, DSfW, etc.
To resolve this delete and recreate the SSL DNS certificate by doing the following:
 
  1. Log into iManager
  2. Click Novell or NetIQ Certificate Access role
  3. Click the Server Certificates task
  4. Browse to the server in question
  5. Delete the SSL CertificateDNS certificate
  6. Click the Novell or NetIQ Certificate Server role
  7. Click the Repair Default Certificates task
  8. Select the server in question
  9. Click Next
  10. Select Yes to All Default Certificates will be overwritten
  11. Make sure under the Default DNS Address that the correct DNS address is selected. If not manually input the correct DNS address for the server in question
  12. Click Next
  13. Click Finish

Cause

It has the ip address and not the DNS name in the certificate.