Thank you David. Anyone able to address the other questions about ssl? I was able to use the system version of ldapsearch to connect securely to my domain controller from the FDS box. I can also connect the same way to FDS. I have read that the -81 error means that there is a problem with my server cert, or the ca cert that was used to create it. I have 2 server certs signed by different CAs (nothing self-signed), and I have tried them both. The CA certs are installed, and seem to be fine. I even exported on to use on the local openldap in order to test connections to the domain controller without a problem. Is FDS dependent on specific versions of libssl3.so or ?... The thing that confuses me the most is that it all seems to be working fine in every other case. I am still not sure there isn't a problem with my Win2003 domain controller... Ack! >Date: Tue, 31 Jan 2006 15:17:18 -0500 >From: Daniel Shackelford <dshackel at arbor.edu> >Subject: Hosed sync with AD >To: FedoraUsers <fedora-directory-users at redhat.com> >Message-ID: <43DFC5CE.1050909 at arbor.edu> >Content-Type: text/plain; charset=ISO-8859-1; format=flowed > >Hello... > >Earlier this month we had an issue with one of our domain controllers >(Win2003) and took it down. It was the one the directory server was >pointing to for synchronization. Ever since then, no sync has occurred >and I am back to getting the > >-81 (Peer's Certificate issuer is not recognized.) > >I have checked the DC, and all looks well. We were merely moving the >logs to another volume, so it should not have an effect on ldap >connections. I did some fiddling and at one point I removed the native >java since I had installed the IBM version. Jessie depended on it, so >that was removed as well. I have since gotten new certs and CA certs, >and installed them, but still no luck on the connection. Certutil no >longer worked, so I installed mozilla-nss, and now it does not work >for other reasons: > >NSS_Initialize failed: An I/O error occurred during security authorization. > >All certificate management via the console seems to work fine... > >So, my questions are: > >Is there a way to get my ssl libraries so they line up with what FDS wants? >Was jessie even involved in this issue? >I already have all our data in this directory, so is there a way for me >to get this thing syncing again without a wipe and reinstall? >If I delete the sync agreement, and create a new one, what happens on >the first sync? Will it just pick up where it left off, or will it >choke on all the objects that were a part of the previous sync >agreement? Will I have problems with my data since it has been over 10 >days since the last sync? > > >
