PassSync setup still not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

One thing to note, in case it isn't already clear :

The SSL connection setup between FDS and AD is entirely
orthogonal to the SSL connection from PassSync running on  Win2k
and FDS.

 From your e-mail it isn't clear to me that you're aware of this.

e.g. the certutil command you're running on Windows will relate
only to the certs that PassSync will use to contact FDS. That has
nothing to do with the SSL connection from FDS to AD
(which will use the certs configured in FDS on one end,
and the cert configuration in AD on the Windows end --
entirely separate from the aforementioned PassSync
cert config).


Jeff Gamsby wrote:

> Please help me, I cannot get this to work. It's driving me crazy.
>
> This is what I did:
>
> Setup FDS over SSL using certutil.
>
> Windows 2000 AD server with "Enterprise Certificate Authority"
>
> Can search AD over SSL ( using ldp.exe, people search over ssl, and 
> openldap ldapsearch over ssl -H ldaps://)
>
> Installed PassSync ( used FDS host, port 636, FDS Manager account 
> cn=Manager, FDS cert db password, FDS base )
>
> Exported FDS certs ( per howto:ssl ) and imported them into AD ( 
> certutil databases on windows side )
>
> Setup changelog ( default ) and single master replication
>
> Setup windows sync agreement ( bind as AD administrator account 
> cn=administrator,cn=users,....)
>
> Then I test SSL connection from FDS to AD:
>
> ../shared/bin/ldapsearch -X -h ad-host -p 636 -D 
> "cn=administrator,cn=users,... -w - -s base -b "" "objectclass=*"
>
> ldap_init( ad.server.xxx.xxx, 636 )
> ldaptool_getcertpath -- .
> ldaptool_getkeypath -- .
> ldaptool_getmodpath -- (null)
> ldaptool_getdonglefilename -- (null)
> ldap_simple_bind: Can't contact LDAP server
>        SSL error -8179 (Peer's Certificate issuer is not recognized.)
>
> OpenLDAP ldapsearch
> ldapsearch -x -H ldaps://ad-host  works
>
> On Windows Machine:
> certutil -L -d .
> CA certificate    CT,C,C
> Server-Cert       Pu,Pu,Pu
>
> On FDS server (FC4):
> # ../shared/bin/certutil -L -d .
> CA certificate                                               CTu,u,u
> Server-Cert                                                  u,u,u
>
> I have no idea what to try next. Please help
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux