[389-users] win sync error

solarflow99 solarflow99 at gmail.com
Wed Jun 22 17:37:19 UTC 2011 

On Tue, Jun 21, 2011 at 2:51 PM, Rich Megginson <rmeggins at redhat.com> wrote:

> **
> On 06/21/2011 11:52 AM, solarflow99 wrote:
>
> On Tue, Jun 21, 2011 at 1:39 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>>  On 06/21/2011 11:23 AM, solarflow99 wrote:
>>
>>  I'm using self signed certs, did I miss something?
>>
>>   Probably.  There are many steps involved in getting winsync to use
>>> TLS/SSL to talk to AD, and getting AD PassSync to use TLS/SSL to talk to
>>> DS.  Which
>>>
>>
>> From the Docs listed online:
>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html
>>
>>  The 8.2 docs are better
>>
>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync
>>
>> and I went over everything else I could possibly find too.  It seems in
>> the case of self signed certificates,
>>
>>  Are you talking about self signed certs for 389 or for AD?
>>
>
> I guess that would be both.  This is all internal so no servers need real
> third party signed certificates, just trying to get it to work.
>
> Ok, I'm confused.  The RHDS 8.2 Admin Guide talks about setting up AD for
> TLS/SSL by installing the MS CA in Enterprise Root CA mode, creating a cert
> request, and using MS CA to issue the AD server cert.  It doesn't say
> anything about creating self signed certs for AD.
>

Ya, thats what I mean.  It would be nice if there was an example of getting
this to work with self signed certs.  I could add that to the wiki if that
would useful for anyone else.



# /usr/lib64/mozldap/ldapsearch -v -Z -P
/etc/dirsrv/slapd-ldapserver/cert8.db -h 10.10.10.210 -p 636 -D
"cn=administrator" -w mypassword -b "cn=users,dc=389testdomain,dc=local"
"objectclass=*"
ldapsearch: started Tue Jun 21 08:41:15 2011

ldap_init( 10.10.10.210, 636 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-ldapserver/cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-ldapserver/cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_simple_bind: Invalid credentials
ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903A9,
comment: AcceptSecurityContext error, data 52e, v1db1

>  -D "cn=administrator"
> You have to use the full DN - something like -D
> "cn=administrator,cn=users,dc=389testdomain,dc=local"
>

Got it! thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110622/2d2d0dc7/attachment.html>

More information about the 389-users mailing list