On 06/21/2011 11:23 AM, solarflow99 wrote:The 8.2 docs are betterI'm using self signed certs, did I miss something?
Probably. There are many steps involved in getting winsync to use TLS/SSL to talk to AD, and getting AD PassSync to use TLS/SSL to talk to DS. Which
From the Docs listed online: http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_SyncAre you talking about self signed certs for 389 or for AD?
and I went over everything else I could possibly find too. It seems in the case of self signed certificates,
I guess that would be both. This is all internal so no servers need real third party signed certificates, just trying to get it to work.
Yes, that is correct. So what's the problem?the windows CA has to exported as a .cer file, and imported in 389 with: certutil -d . -A -n "AD Cert" -t "CTu,u,u" -i ad-cert.cer
It wasn't mentioned anywhere, so once I guessed what had to be done, now i'm getting a different error:
# /usr/lib64/mozldap/ldapsearch -v -Z -P /etc/dirsrv/slapd-ldapserver/cert8.db -h 10.10.10.210 -p 636 -D "cn=administrator" -w mypassword -b "cn=users,dc=389testdomain,dc=local" "objectclass=*"
ldapsearch: started Tue Jun 21 08:41:15 2011
ldap_init( 10.10.10.210, 636 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-ldapserver/cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-ldapserver/cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_simple_bind: Invalid credentials
ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
