It looks like your PassSync setup is working well. We should focus on the FDS side of things. In your replication agreement, are you using SSL and connecting to AD using port 636? Have you verified that you can connect to AD via SSL using another LDAP client like JXplorer? You will probably want to increase your logging level to include more replication info. In the console, you should change the settings for your error log to include replication info: 1. Log into console 2. Open your directory server 3. Click on the Config tab 4. Expand the Logs tree on the left 5. Select Error Log 6. Scroll down the form on the right until you see the Log Level list 7. Ctl-click on the Replication entry 8. Click Save Now you should be getting all replication data in your logs, in addition to errors. The following command will set up a ssl proxy on port 8638 that forwards connections to ADServer.domain.com. In the process it will decode the ssl traffic, dump extra info, and continue listening after the first connection, and dump everything into ~/ssltap.log ssltap -sxl -p 8636 ADServer.domain.com:636 > ~/ssltap.log In order to use this to debug replication you may have to set up a dummy replication agreement, dummy OU and dummy users. Point to the local host and port 8636 for the port, and then see what comes out. This is totally and completely experimental on my part, and I have not done this exact setup. -- Daniel Shackelford Systems Administrator Technology Services Spring Arbor University 517 750-6648 "For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many" Mark 10:45
