From 6244e5f08ef0bbde25337db1bfd809717a5a5638 Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Mon, 27 Feb 2017 11:33:25 +0200 Subject: [PATCH] Add notes for 2017-02-27 --- content/post/2017-02.md | 22 ++++++++++++++++++++++ public/2017-02/index.html | 27 ++++++++++++++++++++++++++- public/index.xml | 25 +++++++++++++++++++++++++ public/post/index.xml | 25 +++++++++++++++++++++++++ public/tags/notes/index.xml | 25 +++++++++++++++++++++++++ 5 files changed, 123 insertions(+), 1 deletion(-) diff --git a/content/post/2017-02.md b/content/post/2017-02.md index 78e314fcf..b3d0ad9d5 100644 --- a/content/post/2017-02.md +++ b/content/post/2017-02.md @@ -229,3 +229,25 @@ UPDATE 58633 - This works but I'm thinking I'll wait on the replacement as there are perhaps some other places that rely on `http://hdl.handle.net` (grep the code, it's scary how many things are hard coded) - Send message to dspace-tech mailing list with concerns about this + +## 2017-02-27 + +- LDAP users cannot log in today, looks to be an issue with CGIAR's LDAP server: + +``` +$ openssl s_client -connect svcgroot2.cgiarad.org:3269 +CONNECTED(00000003) +depth=0 CN = SVCGROOT2.CGIARAD.ORG +verify error:num=20:unable to get local issuer certificate +verify return:1 +depth=0 CN = SVCGROOT2.CGIARAD.ORG +verify error:num=21:unable to verify the first certificate +verify return:1 +--- +Certificate chain + 0 s:/CN=SVCGROOT2.CGIARAD.ORG + i:/CN=CGIARAD-RDWA-CA +--- +``` + +- For some reason it is now signed by a private certificate authority diff --git a/public/2017-02/index.html b/public/2017-02/index.html index 92d6dcc17..3b2ca3da4 100644 --- a/public/2017-02/index.html +++ b/public/2017-02/index.html @@ -92,7 +92,7 @@ Looks like we’ll be using cg.identifier.ccafsprojectpii as the field name "headline": "February, 2017", "url": "https://alanorth.github.io/cgspace-notes/2017-02/", - "wordCount": "1595", + "wordCount": "1662", "datePublished": "2017-02-07T07:04:52-08:00", @@ -437,6 +437,31 @@ UPDATE 58633
  • Send message to dspace-tech mailing list with concerns about this
    • +

    2017-02-27

    + + + +
    $ openssl s_client -connect svcgroot2.cgiarad.org:3269
+CONNECTED(00000003)
+depth=0 CN = SVCGROOT2.CGIARAD.ORG
+verify error:num=20:unable to get local issuer certificate
+verify return:1
+depth=0 CN = SVCGROOT2.CGIARAD.ORG
+verify error:num=21:unable to verify the first certificate
+verify return:1
+---
+Certificate chain
+ 0 s:/CN=SVCGROOT2.CGIARAD.ORG
+   i:/CN=CGIARAD-RDWA-CA
+---
+
    + + + diff --git a/public/index.xml b/public/index.xml index e846fecc4..20c868df2 100644 --- a/public/index.xml +++ b/public/index.xml @@ -283,6 +283,31 @@ UPDATE 58633 <ul> <li>This works but I&rsquo;m thinking I&rsquo;ll wait on the replacement as there are perhaps some other places that rely on <code>http://hdl.handle.net</code> (grep the code, it&rsquo;s scary how many things are hard coded)</li> <li>Send message to dspace-tech mailing list with concerns about this</li> +</ul> + +<h2 id="2017-02-27">2017-02-27</h2> + +<ul> +<li>LDAP users cannot log in today, looks to be an issue with CGIAR&rsquo;s LDAP server:</li> +</ul> + +<pre><code>$ openssl s_client -connect svcgroot2.cgiarad.org:3269 +CONNECTED(00000003) +depth=0 CN = SVCGROOT2.CGIARAD.ORG +verify error:num=20:unable to get local issuer certificate +verify return:1 +depth=0 CN = SVCGROOT2.CGIARAD.ORG +verify error:num=21:unable to verify the first certificate +verify return:1 +--- +Certificate chain + 0 s:/CN=SVCGROOT2.CGIARAD.ORG + i:/CN=CGIARAD-RDWA-CA +--- +</code></pre> + +<ul> +<li>For some reason it is now signed by a private certificate authority</li> </ul> diff --git a/public/post/index.xml b/public/post/index.xml index d5381548e..7bc443ea4 100644 --- a/public/post/index.xml +++ b/public/post/index.xml @@ -283,6 +283,31 @@ UPDATE 58633 <ul> <li>This works but I&rsquo;m thinking I&rsquo;ll wait on the replacement as there are perhaps some other places that rely on <code>http://hdl.handle.net</code> (grep the code, it&rsquo;s scary how many things are hard coded)</li> <li>Send message to dspace-tech mailing list with concerns about this</li> +</ul> + +<h2 id="2017-02-27">2017-02-27</h2> + +<ul> +<li>LDAP users cannot log in today, looks to be an issue with CGIAR&rsquo;s LDAP server:</li> +</ul> + +<pre><code>$ openssl s_client -connect svcgroot2.cgiarad.org:3269 +CONNECTED(00000003) +depth=0 CN = SVCGROOT2.CGIARAD.ORG +verify error:num=20:unable to get local issuer certificate +verify return:1 +depth=0 CN = SVCGROOT2.CGIARAD.ORG +verify error:num=21:unable to verify the first certificate +verify return:1 +--- +Certificate chain + 0 s:/CN=SVCGROOT2.CGIARAD.ORG + i:/CN=CGIARAD-RDWA-CA +--- +</code></pre> + +<ul> +<li>For some reason it is now signed by a private certificate authority</li> </ul> diff --git a/public/tags/notes/index.xml b/public/tags/notes/index.xml index 78eb76821..ffdc092e2 100644 --- a/public/tags/notes/index.xml +++ b/public/tags/notes/index.xml @@ -282,6 +282,31 @@ UPDATE 58633 <ul> <li>This works but I&rsquo;m thinking I&rsquo;ll wait on the replacement as there are perhaps some other places that rely on <code>http://hdl.handle.net</code> (grep the code, it&rsquo;s scary how many things are hard coded)</li> <li>Send message to dspace-tech mailing list with concerns about this</li> +</ul> + +<h2 id="2017-02-27">2017-02-27</h2> + +<ul> +<li>LDAP users cannot log in today, looks to be an issue with CGIAR&rsquo;s LDAP server:</li> +</ul> + +<pre><code>$ openssl s_client -connect svcgroot2.cgiarad.org:3269 +CONNECTED(00000003) +depth=0 CN = SVCGROOT2.CGIARAD.ORG +verify error:num=20:unable to get local issuer certificate +verify return:1 +depth=0 CN = SVCGROOT2.CGIARAD.ORG +verify error:num=21:unable to verify the first certificate +verify return:1 +--- +Certificate chain + 0 s:/CN=SVCGROOT2.CGIARAD.ORG + i:/CN=CGIARAD-RDWA-CA +--- +</code></pre> + +<ul> +<li>For some reason it is now signed by a private certificate authority</li> </ul>