RHEL 4.0 redhat-ds-7.1SP1-3 Window 2003 Passync-1.msi from directory.fedora.com /opt/redhat-ds/alias certutil -N -d . certutil -G -d .certutil -S -n "my ca" -s "cn=ice" -x -t "CT,CT,CT" -m 1000 -v 120 -d . certutil -S -n "ice cert" -s "cn=ice.icesolution.com" -c "my ca" -t "u,u,u" -m 1001 -v 120 -d . ln -s cert8.db slap-ice-cert8.db ln -s key3.db slap-ice-key3.db pk12util -d . -o ca.pfx -n "my ca" pk12util -d . -o ice.pfx -n "ice cert" import on Win2003 certutil.exe -d . -N pk12util -d . -i ca.pfx pk12util -d . -i ice.pfx restart "password" sync service test with /opt/redhat-ds/share/bin/ldapsearch DS# ldapsearch -v -Z -D "cn=administrator,cn=users,dc=win2003,dc=icesolution,dc=com" -w 123456 -P /etc/redhat-ds/alias -h <ip_of_ADS> -p 636 -b "cn=users,dc=win2003,dc=icesolution,dc=com" objectClass=* return: -8156 isuer certificate is invalid DS# openssl s_client -connect -showcerts its return different CA certificate that not import from my self sign certificate. its look like default certificate for window2003 passync not not bind nss certificate to ADS' port 636 ? i try to reboot window2003 but still same result and from directory console i try to config sync agreement but it return cannot contact ADS Regards, Nattapon _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
