On Tue, Jun 21, 2011 at 2:51 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
Ya, thats what I mean. It would be nice if there was an example of getting this to work with self signed certs. I could add that to the wiki if that would useful for anyone else.
# /usr/lib64/mozldap/ldapsearch -v -Z -P /etc/dirsrv/slapd-ldapserver/cert8.db -h 10.10.10.210 -p 636 -D "cn=administrator" -w mypassword -b "cn=users,dc=389testdomain,dc=local" "objectclass=*"
ldapsearch: started Tue Jun 21 08:41:15 2011
ldap_init( 10.10.10.210, 636 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-ldapserver/cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-ldapserver/cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_simple_bind: Invalid credentials
ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
Got it! thanks,
On 06/21/2011 11:52 AM, solarflow99 wrote:Ok, I'm confused. The RHDS 8.2 Admin Guide talks about setting up AD for TLS/SSL by installing the MS CA in Enterprise Root CA mode, creating a cert request, and using MS CA to issue the AD server cert. It doesn't say anything about creating self signed certs for AD.On Tue, Jun 21, 2011 at 1:39 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
On 06/21/2011 11:23 AM, solarflow99 wrote:The 8.2 docs are betterI'm using self signed certs, did I miss something?
Probably. There are many steps involved in getting winsync to use TLS/SSL to talk to AD, and getting AD PassSync to use TLS/SSL to talk to DS. Which
From the Docs listed online: http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_SyncAre you talking about self signed certs for 389 or for AD?
and I went over everything else I could possibly find too. It seems in the case of self signed certificates,
I guess that would be both. This is all internal so no servers need real third party signed certificates, just trying to get it to work.
Ya, thats what I mean. It would be nice if there was an example of getting this to work with self signed certs. I could add that to the wiki if that would useful for anyone else.
# /usr/lib64/mozldap/ldapsearch -v -Z -P /etc/dirsrv/slapd-ldapserver/cert8.db -h 10.10.10.210 -p 636 -D "cn=administrator" -w mypassword -b "cn=users,dc=389testdomain,dc=local" "objectclass=*"
ldapsearch: started Tue Jun 21 08:41:15 2011
ldap_init( 10.10.10.210, 636 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-ldapserver/cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-ldapserver/cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_simple_bind: Invalid credentials
ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
-D "cn=administrator"
You have to use the full DN - something like -D "cn=administrator,cn=users,dc=389testdomain,dc=local"
Got it! thanks,
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
