LDAP Start-TLSまたはLDAPSを含むCIFSで「Required certificate with CA xxxx is not installed」エラーが発生する
環境
- ONTAP 9
- CIFS
- Lightweight Directory Access Protocol over SSL(LDAPS)
- Secure Lightweight Directory Access Protocol(LDAPと StartTLS)
問題
use-ldaps-for-ad-ldap
trueに設定されている
::> vserver cifs security show -vserver svm1 -fields use-ldaps-for-ad-ldap
vserver use-ldaps-for-ad-ldap
------- ---------------------
svm1 true
または
use-start-tls-for-ad-ldap
trueに設定されている
::> vserver cifs security show -vserver svm1 -fields use-start-tls-for-ad-ldap
vserver use-start-tls-for-ad-ldap
------- ---------------------
svm1 true
- CIFSサーバの作成または変更が失敗する
例(LDAPS):
[ 7] Successfully connected to ip XXXX, port 636 using TCP [ 11] Required certificate with CA XXXX is not installed [ 11] Unable to start LDAPS: Can't contact LDAP server [ 11] Additional info: error:0A000086:SSL routines::certificate verify failed (unable to get local issuer certificate) [ 11] Unable to connect to LDAP (NIS & Name Mapping) service on XXXX (Error: Can't contact LDAP server) [ 11] No servers available for LDAP_NIS_AND_NAME_MAPPING, vserver: 15, domain: . **[ 11] FAILURE: Unable to make a connection (LDAP (NIS & Name Mapping):), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE