由于"链中的自签名证书"、无法分配LDAP客户端配置
适用场景
- ONTAP 9
- LDAP
问题描述
- 尝试将LDEPS客户端配置分配给客户端时、由于"链中的自签名证书"、操作失败
- EMS中会显示以下消息:
Tue Aug 27 11:22:44 -0500 [node1: secd: secd.unexpectedFailure:error]: Unexpected SecD failure in Vserver "SVM1". Details: Error: Validate the Ldap configuration procedure failed
[ 0 ms] Hostname found in Name Service Cache
[ 0] IP Address found in Name Service Cache
[ 0] Resolved LDAP servers: 10.1.2.3. Vserver: 13
[ 1] Failed to initiate Kerberos authentication. Trying NTLM.
[ 1] Successfully connected to ip 10.1.2.3, port 636 using TCP
[ 46] Unable to start LDAPS: Can't contact LDAP server
[ 46] Additional info: error:0A000086:SSL routines::certificate verify failed (self-signed certificate in certificate chain)
[ 46] Unable to connect to LDAP (NIS & Name Mapping) service on hostname.domain.com (Error: Can't contact LDAP server)
[ 46] No servers available for LDAP_NIS_AND_NAME_MAPPING, vserver: 13, domain: .
**[ 46] FAILURE: Unable to make a connection (LDAP (NIS & Name Mapping):), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE