Hi,<br><br>I have some problems to synchronize 389-DS with AD<br><br><br>I have followed this HowTo : <a href="http://www.linuxmail.info/389-directory-active-directory-ssl-synch/">http://www.linuxmail.info/389-directory-active-directory-ssl-synch/</a><br>
<br>I have successfully imported cert files in both AD and 389-DS and can communicate in SSL mode (ldaps). I can login from my 389-DS to my AD server with 389-console or Apache Directory Studio, but synchronize does not work.<br>
<br>Here are the error logs from 389-DS :<br>[19/Jan/2011:14:37:07 +0100] NSMMReplicationPlugin - agmt="cn=Synchro ldap" (WINSERVER:636): Unable to parse the response to the startReplication extended operation. Replication is aborting.<br>
[19/Jan/2011:14:37:07 +0100] NSMMReplicationPlugin - agmt="cn=Synchro ldap" (WINSERVER:636): Incremental update failed and requires administrator action<br><br><br>If I try an ldapsearch :<br>/usr/lib64/mozldap/ldapsearch -ZZ -b "dc=mydomain,dc=com" -h WINSERVER -p 636 -R -D "CN=synchro ldap,CN=Users,DC=mydomain,DC=com" -w - "objectclass=*"<br>
Enter bind password: <br>ldap_start_tls_s failed: (Can't contact LDAP server)<br>ldap_simple_bind: Can't contact LDAP server<br> TLS/SSL error -5961 (TCP connection reset by peer.)<br><br><br>I have open the ports 88, 389 and 636. Should I open all this ports ? : <br>
<a href="http://technet.microsoft.com/fr-fr/library/bb967329.aspx">http://technet.microsoft.com/fr-fr/library/bb967329.aspx</a><br><br><br>Any idea ?<br><br>-Regards<br>