Jeff Gamsby wrote: > > >>> >> I think that you are getting hung up on a display issue. The >> supplier is just listed as a string to identify the instance. The >> synchronization is always[*] initiated from the FDS side, so as long >> as you are trying to connect to AD via SSL, everything will be >> encrypted. >> >> [*] The one exception to this is the PassSync service installed on >> the windows side. You need to configure this to connect to FDS over >> the SSL port. >> >> -NGK >> > OK, but when I set it up this way and I check the replication logs, I > see the suppliers port, and it's listed as 389. When configuring > PassSync, I do put it in secure mode with the secure port. So it > doesn't matter, since the PassSync config is set to SSL, and the FDS > to AD has to be SSL, then that 389 is just an identifier? Yes, that's just an identifier used in the synchronization agreement. To check if the PassSync connection in truly using SSL, check the access log on the FDS side. I'm not sure what connection logging AD provides, but there may be something similar. If not, you can use ethereal to verify that the traffic is being encrypted. -NGK > > Jeff > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060620/7ed500a8/attachment.bin
