Please help me, I cannot get this to work. It's driving me crazy.
This is what I did:
Setup FDS over SSL using certutil.
Windows 2000 AD server with "Enterprise Certificate Authority"
Can search AD over SSL ( using ldp.exe, people search over ssl, and
openldap ldapsearch over ssl -H ldaps://)
Installed PassSync ( used FDS host, port 636, FDS Manager account
cn=Manager, FDS cert db password, FDS base )
Exported FDS certs ( per howto:ssl ) and imported them into AD (
certutil databases on windows side )
Setup changelog ( default ) and single master replication
Setup windows sync agreement ( bind as AD administrator account
cn=administrator,cn=users,....)
Then I test SSL connection from FDS to AD:
../shared/bin/ldapsearch -X -h ad-host -p 636 -D
"cn=administrator,cn=users,... -w - -s base -b "" "objectclass=*"
ldap_init( ad.server.xxx.xxx, 636 )
ldaptool_getcertpath -- .
ldaptool_getkeypath -- .
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_simple_bind: Can't contact LDAP server
SSL error -8179 (Peer's Certificate issuer is not recognized.)
OpenLDAP ldapsearch
ldapsearch -x -H ldaps://ad-host works
On Windows Machine:
certutil -L -d .
CA certificate CT,C,C
Server-Cert Pu,Pu,Pu
On FDS server (FC4):
# ../shared/bin/certutil -L -d .
CA certificate CTu,u,u
Server-Cert u,u,u
I have no idea what to try next. Please help
