http://wiki.docking.org/index.php?action=history&feed=atom&title=Ldap_workaroundLdap workaround - Revision history2026-04-11T00:30:16ZRevision history for this page on the wikiMediaWiki 1.39.1http://wiki.docking.org/index.php?title=Ldap_workaround&diff=11589&oldid=prevFrodo: asdf2019-03-25T23:28:21Z<p>asdf</p>
<p><b>New page</b></p><div>Here's how I do the authentication workaround: In this example, I am doing n-0-130. <br />
<br />
# Copy alpha's ca.pem to localhost. This particular folder was one I knew that worked. <br />
[s_bwong1@n-0-130 ~]$ scp alpha:/var/lib/puppet/ssl-beta-20190321/certs/ca.pem .<br />
<br />
# copy original ca.pem just in case (it is expired but just to be safe...)<br />
[s_bwong1@n-0-130 ~]$ sudo cp /etc/openldap/cacerts/ca.pem /etc/openldap/cacerts/ca.pem~orig-precertcrash<br />
<br />
# Copy new ca.pem to openldap client directory<br />
[s_bwong1@n-0-130 ~]$ sudo cp ca.pem /etc/openldap/cacerts/ca.pem<br />
<br />
# Restart sssd<br />
[s_bwong1@n-0-130 cacerts]$ sudo service sssd restart<br />
Stopping sssd: [ OK ]<br />
Starting sssd: [ OK ]<br />
<br />
# dmytro's account is not recognized until successful reauthentication with beta because this account was made post-cert expiration<br />
[s_bwong1@n-0-130 cacerts]$ id dmytro <br />
uid=15029(dmytro) gid=10500(bks) groups=10500(bks)<br />
<br />
Also, I must track the machines I perform this workaround on. Once Puppet/Foreman are in working order, I must revert these changes. Check my trello for this information:</div>Frodo