使用LDAP Start-TLS或LPAPS的CIFS失败"未安装CA xxxx所需的证书"
适用场景
- ONTAP 9
- CIFS
- 基于SSL的轻型目录访问协议(LdAPS)
- 安全轻型目录访问协议(使用 StartTLS的LDAP)
问题描述
use-ldaps-for-ad-ldap
设置为true
::> vserver cifs security show -vserver svm1 -fields use-ldaps-for-ad-ldap
vserver use-ldaps-for-ad-ldap
------- ---------------------
svm1 true
或
use-start-tls-for-ad-ldap
设置为true
::> vserver cifs security show -vserver svm1 -fields use-start-tls-for-ad-ldap
vserver use-start-tls-for-ad-ldap
------- ---------------------
svm1 true
- 创建或修改CIFS服务器失败
示例(LdAPS):
[ 7] Successfully connected to ip XXXX, port 636 using TCP [ 11] Required certificate with CA XXXX is not installed [ 11] Unable to start LDAPS: Can't contact LDAP server [ 11] Additional info: error:0A000086:SSL routines::certificate verify failed (unable to get local issuer certificate) [ 11] Unable to connect to LDAP (NIS & Name Mapping) service on XXXX (Error: Can't contact LDAP server) [ 11] No servers available for LDAP_NIS_AND_NAME_MAPPING, vserver: 15, domain: . **[ 11] FAILURE: Unable to make a connection (LDAP (NIS & Name Mapping):), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE