CIFS with LDAP Start-TLS or LDAPS fails "Required certificate with CA xxxx is not installed"
Applies to
- ONTAP 9
- CIFS
- Lightweight Directory Access Protocol over SSL (LDAPS)
- Secure Lightweight Directory Access Protocol (LDAP with StartTLS)
Issue
use-ldaps-for-ad-ldapis set to true
::> vserver cifs security show -vserver svm1 -fields use-ldaps-for-ad-ldap
vserver use-ldaps-for-ad-ldap
------- ---------------------
svm1 true-
OR
use-start-tls-for-ad-ldapis set to true
::> vserver cifs security show -vserver svm1 -fields use-start-tls-for-ad-ldap
vserver use-start-tls-for-ad-ldap
------- ---------------------
svm1 true
- CIFS server creation or modification fails
Example (LDAPS):
[ 7] Successfully connected to ip XXXX, port 636 using TCP [ 11] Required certificate with CA XXXX is not installed [ 11] Unable to start LDAPS: Can't contact LDAP server [ 11] Additional info: error:0A000086:SSL routines::certificate verify failed (unable to get local issuer certificate) [ 11] Unable to connect to LDAP (NIS & Name Mapping) service on XXXX (Error: Can't contact LDAP server) [ 11] No servers available for LDAP_NIS_AND_NAME_MAPPING, vserver: 15, domain: . **[ 11] FAILURE: Unable to make a connection (LDAP (NIS & Name Mapping):), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE