Thanks Richard! Has absolutely forgotten, that the openldap-client is established. Safonov Alexey -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard Megginson Sent: Thursday, July 27, 2006 7:36 PM To: General discussion list for the Fedora Directory server project. Subject: Re: Error at work of the utility ldapsearch. Safonov Alexey wrote: > Hi ! > > I ask to help to solve a problem with the utility ldapsearch. > > is a problem to carry out synchronization between FDS and AD. Has made the > following: > 1) Install FDS > 2) Configuring SSL Enabled FDS. For this purpose has started script > setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh) from > HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL) > 3) Restart FDS. > netstat -atupn | grep ns- > tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd > tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd > 4) Enable SSL on AD. > Install Certificate Service > Check util ldp.exe: > Connected param: Server- srv-vm1.mup-example.vrn.ru > Port - 636 > Checkbox "SSL" > ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1); > Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, > LDAP_VERSION3); > Error <0x0> = ldap_connect(hLdap, NULL); > Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); > Host supports SSL, SSL cipher strength = 128 bits > Established connection to srv-vm1.mup-example.vrn.ru. > Retrieving base DSA information... > ..... > 5) Import AD CA certificate in DER mode. > 6) Copy, convert (PEM) and install AD CA certificate in FDS. Check: > [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P > slapd-asterisk1- > CA certificate CTu,u,u > server-cert u,u,u > Server-Cert u,u,u > ad-cert CT,C,C <- install this > > 6) [root at asterisk1 alias]# ldapsearch -Z -P > /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h > rv-vm1.mup-example.vrn.ru -p 636 -D > "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s > base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" > That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses openssl for crypto, which is completely different than NSS. You need to use the ldapsearch in /opt/fedora-ds/shared/bin e.g. cd /opt/fedora-ds/shared/bin ; ./ldapsearch .... > Error: > ldapsearch: unabel to parse protocol version > "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db" > > Help my! > Thanks > > ------------------------------------------------------ > My Setup: > > Fedora Core 5 (i386) > Fedora Directory Server 1.0.2 > Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru) > ------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
