OK So in the passsync log I have this error message : Error initializing SSL: err=-8192 Ensure that your SSL is setup correctly Failed to load entries from file Ldap bind error in Connect 49: Invalid credentials Can not connect to ldap server in SyncPasswords Ldap bind error in Connect 81: Can't contact LDAP server Ldap bind error in Connect 91: Can't connect to the LDAP server In the FDS log (replication status) I've got this : "LDAP error: Can't contact LDAP server. Error > > Code 81. In AD, I set up SSL using IIS because I had some troubles usiing certreq I enter this url http://<servername>/certsrv in my browser and I ask for a user certificate. And I import it in the Trusted Root CA. After the passync installation in Windows 2003 Server : I enter this commands : certutil.exe -d . -N I export my certs from FDS by doing this : pk12util -d . -o dscert.p12 -n Server-Cert In 2003 Server I put the FDS cert in the passync installation folder and I export : pk12util.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" ?i dscert.p12 And I give the trusted peer status : certutil.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" ?M -n Server-Cert -t "P,P,P" I also do the same for the cascert cert but I give this attributes trust attributes "CT,CT,CT" because it was mention in the FDS wiki. That's all I do to set up SSL Did you see what I did wrong ? Thanks -------------------------------------------------------------------------------------------------------------------------> Date: Tue, 2 Sep 2008 09:24:19 -0600> From: rmeggins at redhat.com> To: fedora-directory-users at redhat.com> Subject: Re: LDAP Error with sync agreement using ssl> > steve nguyen wrote:> > Hi everybody,> > > > I have created two sync agreement in FDS. I've got an error message > > with the one using ssl : "LDAP error: Can't contact LDAP server. Error > > Code 81.> You'll have to provide more information, like the CA that issued your AD > server cert, and other messages in the DS error log.> > The second sync agreement without ssl works.> > > > I think this error should come from a certificate that I've create.> > To create my certificate on Fedora I've used the second script from > > the fds wiki.> > > > I want to know another thing : I selected a single master in the > > replica role column. If I choose multiple master, will the sync happen > > from both side : ad and fds ?> The setting for single vs. multiple master is not applicable with > Windows Sync - it shouldn't matter as long as the DS side is a master. > Windows sync is always 2 way.> > > > ps : escuse me for my bad english. _________________________________________________________________ T?l?phonez gratuitement ? tous vos proches avec Windows Live Messenger? !? T?l?chargez-le maintenant ! http://www.windowslive.fr/messenger/1.asp -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080908/551e97ea/attachment.html
