Environment
NetIQ eDirectory
Novell Open Enterprise Server 11 (OES 11) Linux
Novell Open Enterprise Server 2 (OES 2) Linux
Situation
LDAP can connect over ip but not over DNS
LDAP fails over 636 port with DNS name
LDAP is not listening on TLS port
LDAP fails over secure port
Resolution
When running the following commands:
This command does not work:
ldapsearch -x -H ldaps:// <DNS name of server>
This command does work:
ldapsearch -x -H ldaps://<ipaddress of server>
The SSL DNS certificate has the wrong subject name. This can affect other OES components like iPrint, DSfW, etc.
To resolve this delete and recreate the SSL DNS certificate by doing the following:
-
Log into iManager
-
Click Novell or NetIQ Certificate Access role
-
Click the Server Certificates task
-
Browse to the server in question
-
Delete the SSL CertificateDNS certificate
-
Click the Novell or NetIQ Certificate Server role
-
Click the Repair Default Certificates task
-
Select the server in question
-
Click Next
-
Select Yes to All Default Certificates will be overwritten
-
Make sure under the Default DNS Address that the correct DNS address is selected. If not manually input the correct DNS address for the server in question
-
Click Next
-
Click Finish
Cause
It has the ip address and not the DNS name in the certificate.