Ldap workaround
Jump to navigation
Jump to search
Here's how I do the authentication workaround: In this example, I am doing n-0-130.
- Copy alpha's ca.pem to localhost. This particular folder was one I knew that worked.
[s_bwong1@n-0-130 ~]$ scp alpha:/var/lib/puppet/ssl-beta-20190321/certs/ca.pem .
- copy original ca.pem just in case (it is expired but just to be safe...)
[s_bwong1@n-0-130 ~]$ sudo cp /etc/openldap/cacerts/ca.pem /etc/openldap/cacerts/ca.pem~orig-precertcrash
- Copy new ca.pem to openldap client directory
[s_bwong1@n-0-130 ~]$ sudo cp ca.pem /etc/openldap/cacerts/ca.pem
- Restart sssd
[s_bwong1@n-0-130 cacerts]$ sudo service sssd restart Stopping sssd: [ OK ] Starting sssd: [ OK ]
- dmytro's account is not recognized until successful reauthentication with beta because this account was made post-cert expiration
[s_bwong1@n-0-130 cacerts]$ id dmytro uid=15029(dmytro) gid=10500(bks) groups=10500(bks)
Also, I must track the machines I perform this workaround on. Once Puppet/Foreman are in working order, I must revert these changes. Check my trello for this information: