Dennis Crissman wrote: > I am really struggling to get Fedora Directory Server working using > ADSync. I am confused on a lot of fronts, it would be fair to say I am > a newbie when it comes to SSH, CAs, and synchronizing anything against > Active Directory. So I am at a disadvantage to start with. > > I have been using > http://directory.fedoraproject.org/wiki/Howto:WindowsSync for my > instruction base as well as > http://directory.fedoraproject.org/wiki/Howto:SSL for setting up FDS > to use SSL. > > Here are my steps so far: > 1) Install and setup FDS and create my directory server. So far so good. > 2) Execute setupssl.sh from the Howto:SSL link above. > * As far as I can tell this script automates everything in "Basic > Steps", so correct me if I am wrong, but I shouldn't have to actually > do any of them after running the script? Correct. > 3) Restart both my admin and directory servers. > > After I have restarted my servers, it would seem to me that FDS would > be exclusively accessible over port 636. So I use an LDAP Browser to > verify, and it turns out that 389 is still available and the other > isn't. Why is this? It should listen to both 389 and 636. Check the error log, do netstat -an | grep 636, and use ldapsearch instead of LDAP Browser to verify. > > At this point I decide to move onto another step > (http://directory.fedoraproject.org/wiki/Howto:WindowsSync#Enabling_SSL_for_PassSync) > in the instructions and setup ADSync on the Active Directory box. > Install goes fine, though I am obviously unable to get it to connect > to the FDS yet. > > I am able to create the cert8.db, but then hit a road block again when > I try to execute "pk12util -d . -P slapd-<instance> -o servercert.p12 > -n Server-Cert", and yes I swap <instance> for my host name. I get > this exception: "pk12util: find user certs from nickname failed: > security library: bad database.". Any idea? I think you can skip this step. But when you give the -P argument, do not forget the trailing dash - the prefix (-P) is really slapd-instance- > > I know this is a lot, but I would appreciate any help I can get. > > Thank you, > Dennis > > > > > > -- > The sender of this email subscribes to Perimeter eSecurity's email > anti-virus service. This email has been scanned for malicious code and is > believed to be virus free. For more information on email security please > visit: http://www.perimeterusa.com/email-defense-content.html > This communication is confidential, intended only for the named > recipient(s) > above and may contain trade secrets or other information that is > exempt from > disclosure under applicable law. Any use, dissemination, distribution or > copying of this communication by anyone other than the named > recipient(s) is > strictly prohibited. If you have received this communication in error, > please > delete the email and immediately notify our Command Center at > 203-541-3444. > > Thanks > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070413/a05b458f/attachment.bin
