Noriko,
In my 389 DS:
root@hmg2:~# certutil -L -d /opt/dirsrv/etc/dirsrv/slapd-RNP/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
homolog-HMG1-CA CT,,
Here is my CA details:
Data:
Version: 3 (0x2)
Serial Number:
0d:26:55:22:e7:1a:1b:84:4a:b0:69:8b:22:be:1d:f2
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=homolog-HMG1-CA,DC=homolog,DC=rnp"
Validity:
Not Before: Wed Jul 11 18:51:43 2012
Not After : Mon Jul 11 19:01:42 2022
Subject: "CN=homolog-HMG1-CA,DC=homolog,DC=rnp"
server-cert u,u,u
Here is my server cert details:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:bc:48:46:00:00:00:00:00:08
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=homolog-HMG1-CA,DC=homolog,DC=rnp"
Validity:
Not Before: Tue Jun 25 13:49:34 2013
Not After : Thu Jun 25 13:49:34 2015
Subject: "CN=hmg2.homolog.rnp,OU=GTI,O=Rede Nacional de Ensino e Pesq
uisa,L=Rio de Janeiro,C=BR"
I already imported my certificates into 389 ds and windows 2008. I use win2008 as CA. Just to remeber that the same enviroment was
working fine with my previous 389DS version.
Do you need something more specific?
Alberto Viana
On Fri, Jul 5, 2013 at 2:11 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
What does this command-line return on the Linux side?Alberto Viana wrote:
Hello,
DS base: 1.3.0.4DS admin: 1.3.1.31
I´m trying to setup a new version of 389 DS multi master replication with active directory(win 2008) and I´m getting the following erros:
[04/Jul/2013:16:57:32 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): binddn = CN=Conta de sincronizacao do AD com LDAP 389,CN=Users,DC=homolog,DC=rnp, passwd = {DES}Zdi9SkO9E8Jpy/LJq528zg==
[04/Jul/2013:16:57:32 -0300] slapi_ldap_bind - Error: could not send bind request for id [CN=Conta de sincronizacao do AD com LDAP 389,CN=Users,DC=homolog,DC=rnp] mech [SIMPLE]: error -1 (Can't contact LDAP server) -5987 (Invalid function argument.) 115 (Operation now in progress "hmg1.homolog.rnp")[04/Jul/2013:16:57:32 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ((unknown error code))
If I run a manual ldapsearch everything is ok and I can see all my objects in AD:
ldapsearch -b "dc=homolog,dc=rnp" -x -H ldaps://hmg1.homolog.rnp -D "CN=Conta de sincronizacao do AD com LDAP 389,CN=Users,DC=homolog,DC=rnp" -W objectclass=*
My AD user (CN=Conta de sincronizacao do AD com LDAP 389,CN=Users,DC=homolog,DC=rnp) has full access to the AD tree, and it was working normally with my previous 389 version (1.2.10.12) . The only thing that changed at windows machine was the winsync version.
The only difference to my production enviroment is that I was using MOZILA SDK to compile 389 and now I´m using the OPENLDAP.
Any clue?
# certutil -L -d /etc/dirsrv/slapd-<YOURID>Does it contain an AD CA cert? Is it healthy, e.g., not expired?
Thanks,
--noriko
Thanks
Alberto Viana
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
