I need new certs for some new ldap servers, and the certs on serpens and seaborgium expire in not all that long anyway.
|Resolved||• yuvipanda||T130446 Unable to SSH onto tools-login.wmflabs.org|
|Open||None||T130593 investigate slapd memory leak|
|Open||None||T217280 LDAP server running out of memory frequently and disrupting Cloud VPS clients|
|Open||None||T46720 Only list LDAP servers location in the same datacenter in the nslcd configuration|
|Open||None||T218133 Put our ldap servers behind LVS|
|Resolved||Andrew||T46722 Add two read-only LDAP servers in eqiad|
|Resolved||Andrew||T218398 Update openldap profile to use LE|
command for testing connection over ldaps with more debug info why it fails:
[ldap-eqiad-replica01:/etc/ldap] $ ldapsearch -H ldaps://ldap-eqiad-replica01.wikimedia.org -x mail="andrew*" -d1
that currently returns:
TLS: peer cert untrusted or revoked (0x42)
Valentin says we can copy the setup for librenms because currently there is another migration from certcentral to acme-chief.