Once you have a Directory server installed, you are going to want to query against it from throughout the Network. For many reasons, you will want traffic to the server encrypted. Here are the steps to quest against a server using LDAPS from a remote machine.
Get the CA cert from your IPA server and add it to your openldap set of accepted certificates.Â It needs to end in pem.
sudo scp $IPASERVER:/etc/ipa/ca.crt /etc/openldap/cacerts/ipa-ca.pem
Get the c-rehash utility, which is in theÂ openldapÂ Perl utilities RPM:
sudo yum install openssl-perl
Rehash the CA cert directory
sudo c_rehash /etc/openldap/cacerts
And now query:
ldapsearchÂ Â -xÂ -H 'ldaps://$IPASERVER'Â -D "cn=Directory Manager" -w $PASSWORD -b "$IPA_BASE_DN"