kiran madala wrote: > I am using Java 1.4 on Fedora 6 with fedora ds1.1 > The stack trace below shows (libgcj.so.7rh) which means it is using the gcj free java. You must install a proprietary Java in order to run the console if you are not using Fedora 8. See http://directory.fedoraproject.org/wiki/Install_Guide#Java_is_required_for_the_console > ---------------------------------------- > >> Date: Wed, 9 Jan 2008 18:33:47 -0700 >> From: rmeggins at redhat.com >> To: fedora-directory-users at redhat.com >> Subject: Re: Windows Active Directory sync Help! >> >> kiran madala wrote: >> >>> Also the console give me thsi error when Icick on manage certificates on the DS server and never opens up. It works fine on AS server >>> >>> >> Looks like a bug. Are you using the IcedTea java on Fedora 8? >> >>> Exception during event dispatch: >>> java.lang.NullPointerException >>> at com.netscape.management.client.security.CertificateDialog.(Unknown Source) >>> at com.netscape.management.client.security.CertificateDialog.(Unknown Source) >>> at com.netscape.admin.dirserv.task.KeyCert.run(Unknown Source) >>> at com.netscape.management.client.TaskModel.actionObjectRun(Unknown Source) >>> at com.netscape.management.client.TaskPage$TaskList$ButtonMouseListener.mouseClicked(Unknown Source) >>> at java.awt.AWTEventMulticaster.mouseClicked(libgcj.so.7rh) >>> at java.awt.Component.processMouseEvent(libgcj.so.7rh) >>> at java.awt.Component.processEvent(libgcj.so.7rh) >>> at java.awt.Container.processEvent(libgcj.so.7rh) >>> at java.awt.Component.dispatchEventImpl(libgcj.so.7rh) >>> at java.awt.Container.dispatchEventImpl(libgcj.so.7rh) >>> at java.awt.Component.dispatchEvent(libgcj.so.7rh) >>> at java.awt.LightweightDispatcher.handleMouseEvent(libgcj.so.7rh) >>> at java.awt.LightweightDispatcher.dispatchEvent(libgcj.so.7rh) >>> at java.awt.Container.dispatchEventImpl(libgcj.so.7rh) >>> at java.awt.Window.dispatchEventImpl(libgcj.so.7rh) >>> at java.awt.Component.dispatchEvent(libgcj.so.7rh) >>> at java.awt.EventQueue.dispatchEvent(libgcj.so.7rh) >>> at java.awt.EventDispatchThread.run(libgcj.so.7rh) >>> Exception in thread "http://248.8.168.192.in-addr.arpa.dev:9830/"; java.lang.NullPointerException >>> at com.netscape.management.client.comm.HttpChannel.run(Unknown Source) >>> at java.lang.Thread.run(libgcj.so.7rh) >>> Exception in thread "http://248.8.168.192.in-addr.arpa.dev:9830/"; java.lang.NullPointerException >>> at com.netscape.management.client.comm.HttpChannel.run(Unknown Source) >>> at java.lang.Thread.run(libgcj.so.7rh) >>> >>> >>> >>> ---------------------------------------- >>> >>> >>>> From: kirankmadala at hotmail.com >>>> To: fedora-directory-users at redhat.com >>>> Subject: RE: Windows Active Directory sync Help! >>>> Date: Wed, 9 Jan 2008 17:03:18 -0400 >>>> >>>> >>>> I keep getting these errors when trying to initiate sync >>>> >>>> [09/Jan/2008:16:00:12 -0500] - SSL alert: ldapssl_enable_clientauth(Server-Key, ds-server-cert) -1 (Netscape Portable Runtime error -5987 - Invalid function argument.) >>>> [09/Jan/2008:16:00:13 -0500] NSMMReplicationPlugin - agmt="cn=AD Sync" (netsweep-41a75e:636): Replication bind with SSL client authentication failed: LDAP error -1 (Unknown error) >>>> >>>> The LDAP search is not installed on my machine so i could not do a search >>>> ---------------------------------------- >>>> >>>> >>>>> Date: Wed, 9 Jan 2008 11:43:49 -0700 >>>>> From: rmeggins at redhat.com >>>>> To: fedora-directory-users at redhat.com >>>>> Subject: Re: Windows Active Directory sync Help! >>>>> >>>>> kiran madala wrote: >>>>> >>>>> >>>>>> Sorry here is the error log for DS server >>>>>> >>>>>> [09/Jan/2008:13:33:50 -0500] NSMMReplicationPlugin - agmt="cn=AD sync" (netsweep-41a75e:636): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error -5987 (Invalid function argument.) >>>>>> >>>>>> It cannot connect to AD. I imported the CA certificate into the Installation folder of the console in the windows xp machine. >>>>>> >>>>>> >>>>>> >>>>> Did you configure the agreement to use SSL? Error 91 means some sort of >>>>> connection problem, or invalid argument to the LDAP API e.g. you are >>>>> attempting to use LDAP on the secure port instead of LDAPS. >>>>> >>>>> You can verify that TLS/SSL is working by using ldapsearch from the >>>>> command line. On the directory server machine: >>>>> /usr/lib/mozldap/ldapsearch -h ADhostname -p 638 -Z -P >>>>> /etc/dirsrv/slapd-instancename -s base -b "" "objectclass=*" >>>>> >>>>> Or use /usr/lib64/mozldap/ldapsearch on a 64bit system. >>>>> >>>>> >>>>>> ---------------------------------------- >>>>>> >>>>>> >>>>>> >>>>>>> Date: Wed, 9 Jan 2008 11:09:54 -0700 >>>>>>> From: rmeggins at redhat.com >>>>>>> To: fedora-directory-users at redhat.com >>>>>>> Subject: Re: Windows Active Directory sync Help! >>>>>>> >>>>>>> kiran madala wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> I am using Fedora 1.1 on Fedora 6 x86 machine. When i fill in the entries and click next a message pops up saying "Unable to connet to Active Directory server, continue?". Also in the domain controller host field can I specify the IP address of the machine?. >>>>>>>> >>>>>>>> The error log for DS server is below. The IP is the windows xp machine on whcih I am runnign the remote DS console. >>>>>>>> >>>>>>>> [Wed Jan 09 09:15:08 2008] [notice] [client 192.168.8.241] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.8.241 >>>>>>>> <snip< >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> Actually, this is the error log for the admin server. The error log for >>>>>>> the directory server is in /var/log/dirsrv/slapd-INSTANCE where instance >>>>>>> is your instance name. >>>>>>> >>>>>>> The console might be failing to connect to AD because the console has a >>>>>>> separate key/cert db under ~/.fedora-idm-console (in 1.1). You may need >>>>>>> to add the CA cert in this directory too: >>>>>>> >>>>>>> certutil -A -d ~/.fedora-idm-console -n "CA certificate" -t "CT,," -a -i /path/to/cacert.asc >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> ---------------------------------------- >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Date: Wed, 9 Jan 2008 10:52:05 -0700 >>>>>>>>> From: rmeggins at redhat.com >>>>>>>>> To: fedora-directory-users at redhat.com >>>>>>>>> Subject: Re: Windows Active Directory sync Help! >>>>>>>>> >>>>>>>>> kiran madala wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> As far I understand by reading docs again that the user specified in the Syn agreement and Bind DN should be same and exist on Active directory with Domain Admin privileges. But I have other issues now. >>>>>>>>>> >>>>>>>>>> The DS server is unable to connect to my AD. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> What error messages are you getting? Check the error log. >>>>>>>>> >>>>>>>>> You can also try using ldapsearch. Are you using Fedora DS 1.1 or >>>>>>>>> 1.0.4? What OS? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> I enabled SSL by copying the same root certificate into AD and also generating a server certificate and opened up ports in firewall. Am I missing something like allowing client Authentication on the AD machine? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> You don't need to use cert based client auth. You can use regular >>>>>>>>> username/password auth over TLS/SSL. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> My currents certificates are as follows. >>>>>>>>>> >>>>>>>>>> DS has its own server certificate >>>>>>>>>> AD has its own server certificate >>>>>>>>>> ALL 3 servers AS,DS and AD have the same CA root certificate >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ---------------------------------------- >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> From: kirankmadala at hotmail.com >>>>>>>>>>> To: fedora-directory-users at redhat.com >>>>>>>>>>> Date: Wed, 9 Jan 2008 10:35:00 -0400 >>>>>>>>>>> Subject: Windows Active Directory sync Help! >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> I am trying to sync the DS with AD. Since I am new to AD and DS I have few questions. >>>>>>>>>>> >>>>>>>>>>> I want to synchronize only users and groups so Is it necessary to enable SSL on Active Directory and connect to Active directory through SSL? >>>>>>>>>>> >>>>>>>>>>> In the replica settings the supplier DN user need to be on both AD and DS with should be a Domain admin of the AD? >>>>>>>>>>> >>>>>>>>>>> When trying to synchronize with AD the bind DN (In screen shot) user should be in both AD and DS? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I have attached the screen shot of my final DS agreement window. I believe currently it is defined to synchronize users what changes I need to make it synchronize groups aswell. >>>>>>>>>>> >>>>>>>>>>> Thanks in advance >>>>>>>>>>> _________________________________________________________________ >>>>>>>>>>> Exercise your brain! Try Flexicon! >>>>>>>>>>> http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> _________________________________________________________________ >>>>>>>>>> Use fowl language with Chicktionary. Click here to start playing! >>>>>>>>>> http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Fedora-directory-users mailing list >>>>>>>>>> Fedora-directory-users at redhat.com >>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> _________________________________________________________________ >>>>>>>> Read what Santa`s been up to! For all the latest, visit asksantaclaus.spaces.live.com! >>>>>>>> http://asksantaclaus.spaces.live.com/ >>>>>>>> >>>>>>>> -- >>>>>>>> Fedora-directory-users mailing list >>>>>>>> Fedora-directory-users at redhat.com >>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> _________________________________________________________________ >>>>>> Introducing the City @ Live! Take a tour! >>>>>> http://getyourliveid.ca/?icid=LIVEIDENCA006 >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>>> >>>>>> >>>> _________________________________________________________________ >>>> Express yourself instantly with MSN Messenger! Download today it's FREE! >>>> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>> _________________________________________________________________ >>> Exercise your brain! Try Flexicon! >>> http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> > > _________________________________________________________________ > Discover new ways to stay in touch with Windows Live! Visit the City @ Live today! > http://getyourliveid.ca/?icid=LIVEIDENCA006 > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080110/1538f080/attachment.bin
