Fix LDAP URL to use hostname instead of IP address

millevy · millevy · commit 94c7839c0be0 · 2026-01-01T10:06:28.000+02:00
Use edpm_node_hostname variable instead of IP address to avoid TLS certificate hostname mismatch error when keystone connects to LDAP server. The IP address (192.168.122.100) in the LDAP URL caused: 'ldap.SERVER_DOWN: TLS: hostname does not match name in peer certificate' This fix ensures the LDAP URL uses the hostname (ipa.ooo.test) which matches the certificate CN/SAN. Fixes: OSPRH-6861 Related: PR #970
diff --git a/tests/roles/keystone_adoption/tasks/main.yaml b/tests/roles/keystone_adoption/tasks/main.yaml
@@ -37,7 +37,7 @@
         [identity]
         driver = ldap
         [ldap]
-        url = ldaps://{{ standalone_ip | default(edpm_node_ip) }}
+        url = ldaps://{{ edpm_node_hostname | default('ipa.ooo.test') }}
         user = uid=svc-ldap,cn=users,cn=accounts,{{ ipa_basedn }}
         password = {{ ipa_admin_password | default('nomoresecrets') }}
         suffix = {{ ipa_basedn }}
