Thanks Richard!
Now I start so:
[root at asterisk1 bin]# ./ldapsearch -Z -P
/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K
/opt/fedora-ds/alias/slapd-asterisk1-key3.db -h
rv-vm1.mup-example.vrn.ru -p 636 -D
"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w mupAdmin02 -s
base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v
Also I receive a error:
ldapsearch: started Fri Jul 28 16:21:39 2006
ldap_init( srv-vm1.mup-example.vrn.ru, 636 )
ldaptool_getcertpath -- /opt/fedora-ds/alias/slapd-asterisk1-cert8.db
ldaptool_getkeypath -- /opt/fedora-ds/alias/slapd-asterisk1-key3.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_simple_bind: Can't contact LDAP server
SSL error -8156 (Issuer certificate is invalid.)
Though the certificate ad-cert (from Windows DC) is established. The utility
certutil and Fedora Management Console (Manage Certificates) shows it.
[root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P
slapd-asterisk1-
CA certificate CTu,u,u
server-cert u,u,u
Server-Cert u,u,u
ad-cert CT,C,C
Help my!
Safonov Alexey
-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard
Megginson
Sent: Thursday, July 27, 2006 7:36 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: Error at work of the utility
ldapsearch.
Safonov Alexey wrote:
> Hi !
>
> I ask to help to solve a problem with the utility ldapsearch.
>
> is a problem to carry out synchronization between FDS and AD. Has made the
> following:
> 1) Install FDS
> 2) Configuring SSL Enabled FDS. For this purpose has started script
> setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh) from
> HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL)
> 3) Restart FDS.
> netstat -atupn | grep ns-
> tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd
> tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd
> 4) Enable SSL on AD.
> Install Certificate Service
> Check util ldp.exe:
> Connected param: Server- srv-vm1.mup-example.vrn.ru
> Port - 636
> Checkbox "SSL"
> ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1);
> Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
> LDAP_VERSION3);
> Error <0x0> = ldap_connect(hLdap, NULL);
> Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);
> Host supports SSL, SSL cipher strength = 128 bits
> Established connection to srv-vm1.mup-example.vrn.ru.
> Retrieving base DSA information...
> .....
> 5) Import AD CA certificate in DER mode.
> 6) Copy, convert (PEM) and install AD CA certificate in FDS. Check:
> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P
> slapd-asterisk1-
> CA certificate CTu,u,u
> server-cert u,u,u
> Server-Cert u,u,u
> ad-cert CT,C,C <- install this
>
> 6) [root at asterisk1 alias]# ldapsearch -Z -P
> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h
> rv-vm1.mup-example.vrn.ru -p 636 -D
> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s
> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*"
>
That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses
openssl for crypto, which is completely different than NSS. You need to
use the ldapsearch in /opt/fedora-ds/shared/bin e.g.
cd /opt/fedora-ds/shared/bin ; ./ldapsearch ....
> Error:
> ldapsearch: unabel to parse protocol version
> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db"
>
> Help my!
> Thanks
>
> ------------------------------------------------------
> My Setup:
>
> Fedora Core 5 (i386)
> Fedora Directory Server 1.0.2
> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru)
> ------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
