Hey everyone. I am working through writing docs to get MU3 installed across our fleet of 3par 8440s. Everything seems to be fine, except when I run the system readiness check I get the following test as failed:
Quote:
Error: ldap-ssl-cacert must be defined.
Import a LDAP certificate via 'importcert ldap -ca <cert>'.
At the moment we're using a simple ldap binding to a federated AD global catalog (port 3269). We aren't using SSL certificates, and it's working just fine.
Can this failure be safely ignored, or is it a new hard requirement? My big concern is that our organization uses a massive p7b cert chain for its CA cert and a lot of devices have a very hard time leveraging it - 3par included. So a simple binding tends to work best for us.
Per microsoft, global catalogs don't necessarily support SSL by default:
Quote:
Note that SSL is not available by default on your domain controllers. You need to deploy a PKI and issue certificate for your domain controller.
https://social.technet.microsoft.com/Fo ... inserverDSSo that would seem to indicate that this shouldn't be a hard requirement, correct?
Edit: I've been able to add in our CA root certificate (ignored the rest of the bundle), but doing so automatically switches from simple binding to SASL/DIGEST-MD5. As soon as we do that, we can no longer authenticate. Switching back to simple on the CLI seems to keep the CA cert, but also allows us to authenticate.