LDAP over TLSエラー:ホスト名がピア証明書のCNと一致しません
環境
- ONTAP 9
- TLS経由のLDAPまたはLDAPS
- DNS
問題
- 正規名(CN)情報の不一致によりLDAPサーバへの接続が失敗する
- EMSは次のエラーを表示します:
12/31/2023 12:00:00 cluster1-01 ERROR secd.unexpectedFailure: Unexpected SecD failure in Vserver "svm1". Details: Error: Validate the Ldap configuration procedure failed
[ 0 ms] Hostname found in Name Service Cache
[ 1] IP Address found in Name Service Cache
[ 1] Resolved LDAP servers: 10.20.30.40. Vserver: 5
[ 1] Successfully connected to ip 10.20.30.40, port 389 using TCP
[ 18] Unable to start TLS: Connect error
[ 18] Additional info: TLS: hostname (server1.domain.com) does not match CN (server2.domain.com) in peer certificate
[ 18] Unable to connect to LDAP (NIS & Name Mapping) service on server1.example.com
[ 18] No servers available for LDAP_NIS_AND_NAME_MAPPING, vserver: 5, domain: .
**[ 18] FAILURE: Unable to make a connection (LDAP (NIS & Name Mapping):), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLEsecd.ldap.noServers: None of the LDAP servers configured for Vserver (SVM) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery)