Sync AD with 389-DS Unable to parse response

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/19/2011 08:49 AM, remy d1 wrote:
> Hi,
>
> I have some problems to synchronize 389-DS with AD
>
>
> I have followed this HowTo : 
> http://www.linuxmail.info/389-directory-active-directory-ssl-synch/
I didn't read this, but I would suggest starting with this instead:
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync
>
> I have successfully imported cert files in both AD and 389-DS and can 
> communicate in SSL mode (ldaps). I can login from my 389-DS to my AD 
> server with 389-console or Apache Directory Studio, but synchronize 
> does not work.
>
> Here are the error logs from 389-DS :
> [19/Jan/2011:14:37:07 +0100] NSMMReplicationPlugin - agmt="cn=Synchro 
> ldap" (WINSERVER:636): Unable to parse the response to the 
> startReplication extended operation. Replication is aborting.
> [19/Jan/2011:14:37:07 +0100] NSMMReplicationPlugin - agmt="cn=Synchro 
> ldap" (WINSERVER:636): Incremental update failed and requires 
> administrator action
Definitely some sort of configuration problem.  389 is attempting to use 
the 389 MMR protocol instead of the winsync protocol.
>
>
> If I try an ldapsearch :
> /usr/lib64/mozldap/ldapsearch -ZZ -b "dc=mydomain,dc=com" -h WINSERVER 
> -p 636 -R -D "CN=synchro ldap,CN=Users,DC=mydomain,DC=com" -w - 
> "objectclass=*"
> Enter bind password:
> ldap_start_tls_s failed: (Can't contact LDAP server)
> ldap_simple_bind: Can't contact LDAP server
>     TLS/SSL error -5961 (TCP connection reset by peer.)
1) either use -Z and -p 636, or -ZZ and -p 389 - you cannot use both -ZZ 
and -p 636 (i.e. you cannot use startTLS on the LDAPS port since it is 
already encrypted)
2) You have to specify -P /etc/dirsrv/slapd-YOURINSTANCE/cert8.db on the 
ldapsearch cmd line
>
>
> I have open the ports 88, 389 and 636. Should I open all this ports ? :
> http://technet.microsoft.com/fr-fr/library/bb967329.aspx
>
>
> Any idea ?
>
> -Regards
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20110119/448f5341/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux