SSL communication between AD and DS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Shame on me...  I forgot to restart the LDAP server to activate the SSL.


From: benetage at hotmail.com
To: fedora-directory-users at redhat.com
Date: Tue, 26 Aug 2008 13:15:17 -0400
Subject: SSL communication between AD and DS









Hi,

This is driving me crazy....  

I'm trying to setup a SSL communication between Directory Server and AD.

Without SSL, the synchronization works very well, I can see all user accounts in DS, but I need SSL to be able to synchronize the passwords as well.

So, here what I did:

On AD, I opened IE on this following address:

http://localhost/certsrv/

I requested a new certificate and installed it.  I can see the new certificate in MMC console, in Certificate->Personal->Certificates.

After, I exported the CA Certificate from DS like this:

pk12util -d . -o CAcert.pfx -n CAcert

I transfered the file to AD and imported it right here:

MMC Console->Certificate->Trusted Root Certification Authorites->Certificates

Then, I exported the CA Certificate (from AD) from the same directory as above and imported in DS with the DS Console (section Manage Certificates->CA Certs)

I tested the communication by doing this:

/usr/lib/mozldap6/ldapsearch -Z -P /etc/dirsrv/slapd-myinst/cert8.db -h 1.1.1.1 -p 636 -D "cn=Windows Sync,cn=users,dc=domain,dc=local" -w _PASS_ -s sub -b "ou=users,dc=domain,dc=local" "(objectClass=*)"

Work well, I have a listing of user accounts.

Then, I re-created a new Windows Sync agreement (with SSL and port 636) and I'm always getting this following error:


The consumer initialization has unsuccessfully completed.
The error received by the replica is: 48 - LDAP error: Inappropriate authentication

Thank you for your help in advance.


 

_________________________________________________________________
Try Chicktionary, a game that tests how many words you can form from the letters given. Find this and more puzzles at Live Search Games!
http://g.msn.ca/ca55/207
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080826/257fb26c/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux