Hi, This is driving me crazy.... I'm trying to setup a SSL communication between Directory Server and AD. Without SSL, the synchronization works very well, I can see all user accounts in DS, but I need SSL to be able to synchronize the passwords as well. So, here what I did: On AD, I opened IE on this following address: http://localhost/certsrv/ I requested a new certificate and installed it. I can see the new certificate in MMC console, in Certificate->Personal->Certificates. After, I exported the CA Certificate from DS like this: pk12util -d . -o CAcert.pfx -n CAcert I transfered the file to AD and imported it right here: MMC Console->Certificate->Trusted Root Certification Authorites->Certificates Then, I exported the CA Certificate (from AD) from the same directory as above and imported in DS with the DS Console (section Manage Certificates->CA Certs) I tested the communication by doing this: /usr/lib/mozldap6/ldapsearch -Z -P /etc/dirsrv/slapd-myinst/cert8.db -h 1.1.1.1 -p 636 -D "cn=Windows Sync,cn=users,dc=domain,dc=local" -w _PASS_ -s sub -b "ou=users,dc=domain,dc=local" "(objectClass=*)" Work well, I have a listing of user accounts. Then, I re-created a new Windows Sync agreement (with SSL and port 636) and I'm always getting this following error: The consumer initialization has unsuccessfully completed. The error received by the replica is: 48 - LDAP error: Inappropriate authentication Thank you for your help in advance. _________________________________________________________________ If you like crossword puzzles, then you'll love Flexicon, a game which combines four overlapping crossword puzzles into one! http://g.msn.ca/ca55/208 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080826/26bd2106/attachment.html