Vipul Ramani wrote: > > > Rich , > > i tell you how i did > > https://localhosts/certsrv/ ---> download cert in DER form and > imported in FDS console ... > > > [root at linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 > > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > CA CTu,u,u What is this CA? certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA" > Server-Cert u,u,u > linux2 > CTu,u,u <-- this Cert is signed by ADC CA certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2" Make sure the subjectDN starts with cn=fqdn where fqdn is the FQDN of linux2 > *labdc01 > CT,, <---- MS CA Cert * > > sorry i missed last line ... last email . > > But no Luck ... A good way to test TLS/SSL is to use ldapsearch: /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P /etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*" If that works, then you have the CA installed correctly, and the AD server cert is correct. > > > > > On Mon, Oct 20, 2008 at 11:36 AM, Vipul Ramani <vipulramani at gmail.com > <mailto:vipulramani at gmail.com>> wrote: > > Vipul Ramani wrote: > > > Hi Rich , > > > I installed from Fedora console - i copied MS CA on Window box then i did install using Fedora directory Console. > > > > certutil -L -d /etc/dirsrv/slapd-instancename > [root at linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 > > Certificate Nickname Trust Attributes > > > SSL,S/MIME,JAR/XPI > > CA CTu,u,u > Server-Cert u,u,u > > > linux2 CTu,u,u <-- this Cert is signed by ADC CA > [root at linux2 ~]# > > > And Sample profile which is replicated from ADC > dn: uid=vramani, ou=People, dc=tf-lab,dc=test2,dc=com > > ntUniqueId: f6bcff406f334d46824236fc82f2b762 > ntUserLastLogoff: 0 > givenName: vipul > sn: ramani > ntUserParms:: bSAgICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgICA > gUAQaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C > > > 5EggBQ3R4U2hhZG9345Cw44Cw44Cw44CwKgIBQ3R4TWluRW5jcnlwdGlvbkxldmVs44Sw > objectClass: top objectClass: person objectClass: > organizationalperson objectClass: inetOrgPerson objectClass: > ntUser uid: vramani ntUserDeleteAccount: true > cn: vipul ramani > ntUserLastLogon: 128687513442500000 > ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807 > ntUserCodePage: 0 > > > > > > > > > > -- > Regards > > Vipul Ramani > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20081020/7214847e/attachment.bin
