Dennis Crissman wrote:
I am really struggling to get Fedora Directory Server working using
ADSync. I am confused on a lot of fronts, it would be fair to say I am
a newbie when it comes to SSH, CAs, and synchronizing anything against
Active Directory. So I am at a disadvantage to start with.
I have been using
http://directory.fedoraproject.org/wiki/Howto:WindowsSync for my
instruction base as well as
http://directory.fedoraproject.org/wiki/Howto:SSL for setting up FDS
to use SSL.
Here are my steps so far:
1) Install and setup FDS and create my directory server. So far so good.
2) Execute setupssl.sh from the Howto:SSL link above.
* As far as I can tell this script automates everything in "Basic
Steps", so correct me if I am wrong, but I shouldn't have to actually
do any of them after running the script?
Correct.
3) Restart both my admin and directory servers.
After I have restarted my servers, it would seem to me that FDS would
be exclusively accessible over port 636. So I use an LDAP Browser to
verify, and it turns out that 389 is still available and the other
isn't. Why is this?
It should listen to both 389 and 636. Check the error log,
do netstat
-an | grep 636, and use ldapsearch instead of LDAP Browser to verify.
At this point I decide to move onto another step
(
http://directory.fedoraproject.org/wiki/Howto:WindowsSync#Enabling_SSL_fo...)
in the instructions and setup ADSync on the Active Directory box.
Install goes fine, though I am obviously unable to get it to connect
to the FDS yet.
I am able to create the cert8.db, but then hit a road block again when
I try to execute "pk12util -d . -P slapd-<instance> -o servercert.p12
-n Server-Cert", and yes I swap <instance> for my host name. I get
this exception: "pk12util: find user certs from nickname failed:
security library: bad database.". Any idea?
I think you can skip this step.
But when you give the -P argument, do
not forget the trailing dash - the prefix (-P) is really slapd-instance-
I know this is a lot, but I would appreciate any help I can get.
Thank you,
Dennis
--
The sender of this email subscribes to Perimeter eSecurity's email
anti-virus service. This email has been scanned for malicious code and is
believed to be virus free. For more information on email security please
visit:
http://www.perimeterusa.com/email-defense-content.html
This communication is confidential, intended only for the named
recipient(s)
above and may contain trade secrets or other information that is
exempt from
disclosure under applicable law. Any use, dissemination, distribution or
copying of this communication by anyone other than the named
recipient(s) is
strictly prohibited. If you have received this communication in error,
please
delete the email and immediately notify our Command Center at
203-541-3444.
Thanks
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users