[Fedora-directory-users] Re: FDS and Active directory Sync

Rich Megginson rmeggins at redhat.com
Thu Aug 14 01:23:51 UTC 2008 

Vipul Ramani wrote:
> Rich ,
>
> Do really need CA certification on ADC server to enable SSL on ADC ... 
> is not possible way to work out we can install self signed certified 
> which was signed my FDS ( linux server ) and we can install in to ADC 
> and make it SSL enable ??
I'm not sure.  Firstly, there is 
http://directory.fedoraproject.org/wiki/Howto:WindowsSync

In order for AD to be an SSL server, you have to generate a server cert 
from a CA or CA cert.  I don't know much about this part.  The easiest 
way is probably to use MS Cert Server to issue the AD SSL server cert.  
If you do that, you'll also have to get the CA cert because you must 
install that CA cert in the Fedora DS cert db.  In Windows sync (except 
for the password part), Fedora DS is the client side of SSL, so it must 
have the CA cert of the CA that issued the AD server cert.
For passsync, passsync is the client side of of SSL, so it must have the 
CA cert of the CA that issued the Fedora DS SSL server cert.
>
> is there any way to work around ???
>
>
>
> On Wed, Aug 13, 2008 at 4:15 PM, Vipul Ramani <vipulramani at gmail.com 
> <mailto:vipulramani at gmail.com>> wrote:
>
>     Cheers, Rich ,
>
>     Great only thing is now i have to find out how to enable SSL on
>     ADC ..and most of thing will be done .... it is sync over 389 port
>     ..but only password attribute is not replicated ..due to SSL is
>     not enable on ADC ...
>
>
>     anyways thanks for your gr8 ...help
>
>     I feel i will create documentation stepwise and share with
>     community ....
>
>         
>
>
>
>     On Wed, Aug 13, 2008 at 3:22 PM, Vipul Ramani
>     <vipulramani at gmail.com <mailto:vipulramani at gmail.com>> wrote:
>
>
>         Cheers , Rich
>
>         yes , your right ... i tried with hostname instead of ip
>         address. 
>
>         I created new windows sync aggreement. But this time i did not
>         selected SSL connecition.. then replication is happening.. but
>         i noticed..there is userPassword field is missing in all users
>         ( which are replicated from ADC ) .. why it is so ... SSL is
>         mandatory to copy password from ...ADC to FDS ??
>
>         Why userPassword ( windows password attribute not repliacated
>         on LDAP ??? ) .
>
>
>         I made some progress..
>
>
>
>
>
>     -- 
>     Regards
>
>     Vipul Ramani
>
>
>
>
> -- 
> Regards
>
> Vipul Ramani
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080813/bb0af0bd/attachment.bin>

More information about the 389-users mailing list