跳转到主内容

LDAP for UNIX名称服务在升级后失败、并显示证书已过期

Views:
4
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

适用场景

ONTAP 9

问题描述

  • 升级LDAP for UNIX名称服务失败并显示证书已过期后
::> ldap check -vserver VSERVER Vserver: VSERVER Client Configuration Name: Unix LDAP Status: down LDAP Status Details: Error: Validate the Ldap configuration procedure failed [ 0 ms] Hostname found in Name Service Cache [ 0] IP Address found in Name Service Cache [ 0] Resolved LDAP servers: 10.1.1.2. Vserver: vserverid [ 1] Successfully connected to ip 10.1.1.2, port 389 using TCP [ 8] Unable to start TLS: Connect error [ 8] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)
  • 在名称服务查找期间、secd日志还会显示已过期的证书
[ 10] Unable to start TLS: Connect error [ 10] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)
  • 这可能会影响NFS和其他访问、而 这些访问依赖于在名称服务切换中配置 为使用LDAP的(UNIX用户、UNIX组、名称映射、网络组)
  • 显示的server-ca证书有效 (未过期)
::*> security certificate show -vserver VSERVER -type server-ca Vserver Serial Number Certificate Name Type ---------- --------------- -------------------------------------- ------------ VSERVER 01234567890ABCDEF01234567890ABCD CERTIFICATENAME server-ca Certificate Authority: CERTIFICATEAUTHORITY Expiration Date: DAY MON DD hh:mm:ss YEAR
  •  LDAP检查可与通过SSH直接连接到集群中的另一个节点一起使用

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.