[389-users] win sync error
solarflow99
solarflow99 at gmail.com
Wed Jun 22 17:37:19 UTC 2011
On Tue, Jun 21, 2011 at 2:51 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> **
> On 06/21/2011 11:52 AM, solarflow99 wrote:
>
> On Tue, Jun 21, 2011 at 1:39 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>> On 06/21/2011 11:23 AM, solarflow99 wrote:
>>
>> I'm using self signed certs, did I miss something?
>>
>> Probably. There are many steps involved in getting winsync to use
>>> TLS/SSL to talk to AD, and getting AD PassSync to use TLS/SSL to talk to
>>> DS. Which
>>>
>>
>> From the Docs listed online:
>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html
>>
>> The 8.2 docs are better
>>
>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync
>>
>> and I went over everything else I could possibly find too. It seems in
>> the case of self signed certificates,
>>
>> Are you talking about self signed certs for 389 or for AD?
>>
>
> I guess that would be both. This is all internal so no servers need real
> third party signed certificates, just trying to get it to work.
>
> Ok, I'm confused. The RHDS 8.2 Admin Guide talks about setting up AD for
> TLS/SSL by installing the MS CA in Enterprise Root CA mode, creating a cert
> request, and using MS CA to issue the AD server cert. It doesn't say
> anything about creating self signed certs for AD.
>
Ya, thats what I mean. It would be nice if there was an example of getting
this to work with self signed certs. I could add that to the wiki if that
would useful for anyone else.
# /usr/lib64/mozldap/ldapsearch -v -Z -P
/etc/dirsrv/slapd-ldapserver/cert8.db -h 10.10.10.210 -p 636 -D
"cn=administrator" -w mypassword -b "cn=users,dc=389testdomain,dc=local"
"objectclass=*"
ldapsearch: started Tue Jun 21 08:41:15 2011
ldap_init( 10.10.10.210, 636 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-ldapserver/cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-ldapserver/cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_simple_bind: Invalid credentials
ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903A9,
comment: AcceptSecurityContext error, data 52e, v1db1
> -D "cn=administrator"
> You have to use the full DN - something like -D
> "cn=administrator,cn=users,dc=389testdomain,dc=local"
>
Got it! thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110622/2d2d0dc7/attachment.html>
More information about the 389-users
mailing list