[389-users] Multi master replication problem (389 DS - AD)
Alberto Viana
albertocrj at gmail.com
Fri Jul 5 17:38:34 UTC 2013
Noriko,
In my 389 DS:
root at hmg2:~# certutil -L -d /opt/dirsrv/etc/dirsrv/slapd-RNP/
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
homolog-HMG1-CA CT,,
Here is my CA details:
Data:
Version: 3 (0x2)
Serial Number:
0d:26:55:22:e7:1a:1b:84:4a:b0:69:8b:22:be:1d:f2
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=homolog-HMG1-CA,DC=homolog,DC=rnp"
Validity:
Not Before: Wed Jul 11 18:51:43 2012
Not After : Mon Jul 11 19:01:42 2022
Subject: "CN=homolog-HMG1-CA,DC=homolog,DC=rnp"
server-cert u,u,u
Here is my server cert details:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:bc:48:46:00:00:00:00:00:08
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=homolog-HMG1-CA,DC=homolog,DC=rnp"
Validity:
Not Before: Tue Jun 25 13:49:34 2013
Not After : Thu Jun 25 13:49:34 2015
Subject: "CN=hmg2.homolog.rnp,OU=GTI,O=Rede Nacional de Ensino e
Pesq
uisa,L=Rio de Janeiro,C=BR"
I already imported my certificates into 389 ds and windows 2008. I use
win2008 as CA. Just to remeber that the same enviroment was
working fine with my previous 389DS version.
Do you need something more specific?
Alberto Viana
On Fri, Jul 5, 2013 at 2:11 PM, Noriko Hosoi <nhosoi at redhat.com> wrote:
> Alberto Viana wrote:
>
> Hello,
>
> DS base: 1.3.0.4
> DS admin: 1.3.1.31
>
> I´m trying to setup a new version of 389 DS multi master replication
> with active directory(win 2008) and I´m getting the following erros:
>
>
> [04/Jul/2013:16:57:32 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1"
> (hmg1:636): binddn = CN=Conta de sincronizacao do AD com LDAP
> 389,CN=Users,DC=homolog,DC=rnp, passwd = {DES}Zdi9SkO9E8Jpy/LJq528zg==
> [04/Jul/2013:16:57:32 -0300] slapi_ldap_bind - Error: could not send
> bind request for id [CN=Conta de sincronizacao do AD com LDAP
> 389,CN=Users,DC=homolog,DC=rnp] mech [SIMPLE]: error -1 (Can't contact LDAP
> server) -5987 (Invalid function argument.) 115 (Operation now in progress
> "hmg1.homolog.rnp")
> [04/Jul/2013:16:57:32 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1"
> (hmg1:636): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't
> contact LDAP server) ((unknown error code))
>
>
> If I run a manual ldapsearch everything is ok and I can see all my
> objects in AD:
>
> ldapsearch -b "dc=homolog,dc=rnp" -x -H ldaps://hmg1.homolog.rnp -D
> "CN=Conta de sincronizacao do AD com LDAP 389,CN=Users,DC=homolog,DC=rnp"
> -W objectclass=*
>
> My AD user (CN=Conta de sincronizacao do AD com LDAP
> 389,CN=Users,DC=homolog,DC=rnp) has full access to the AD tree, and it was
> working normally with my previous 389 version (1.2.10.12) . The only thing
> that changed at windows machine was the winsync version.
>
>
> The only difference to my production enviroment is that I was using
> MOZILA SDK to compile 389 and now I´m using the OPENLDAP.
>
>
> Any clue?
>
> What does this command-line return on the Linux side?
>
> # certutil -L -d /etc/dirsrv/slapd-<YOURID>
>
> Does it contain an AD CA cert? Is it healthy, e.g., not expired?
> Thanks,
> --noriko
>
>
> Thanks
>
> Alberto Viana
>
>
> --
> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130705/8624426f/attachment.html>
More information about the 389-users
mailing list