Thank you David.
Anyone able to address the other questions about ssl? I was able to use
the system version of ldapsearch to connect securely to my domain
controller from the FDS box. I can also connect the same way to FDS. I
have read that the -81 error means that there is a problem with my
server cert, or the ca cert that was used to create it. I have 2 server
certs signed by different CAs (nothing self-signed), and I have tried
them both. The CA certs are installed, and seem to be fine. I even
exported on to use on the local openldap in order to test connections to
the domain controller without a problem.
Is FDS dependent on specific versions of libssl3.so or ?... The thing
that confuses me the most is that it all seems to be working fine in
every other case. I am still not sure there isn't a problem with my
Win2003 domain controller...
Ack!
Date: Tue, 31 Jan 2006 15:17:18 -0500
From: Daniel Shackelford <dshackel@xxxxxxxxx>
Subject: Hosed sync with AD
To: FedoraUsers <fedora-directory-users@xxxxxxxxxx>
Message-ID: <43DFC5CE.1050909@xxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hello...
Earlier this month we had an issue with one of our domain controllers
(Win2003) and took it down. It was the one the directory server was
pointing to for synchronization. Ever since then, no sync has occurred
and I am back to getting the
-81 (Peer's Certificate issuer is not recognized.)
I have checked the DC, and all looks well. We were merely moving the
logs to another volume, so it should not have an effect on ldap
connections. I did some fiddling and at one point I removed the native
java since I had installed the IBM version. Jessie depended on it, so
that was removed as well. I have since gotten new certs and CA certs,
and installed them, but still no luck on the connection. Certutil no
longer worked, so I installed mozilla-nss, and now it does not work
for other reasons:
NSS_Initialize failed: An I/O error occurred during security authorization.
All certificate management via the console seems to work fine...
So, my questions are:
Is there a way to get my ssl libraries so they line up with what FDS wants?
Was jessie even involved in this issue?
I already have all our data in this directory, so is there a way for me
to get this thing syncing again without a wipe and reinstall?
If I delete the sync agreement, and create a new one, what happens on
the first sync? Will it just pick up where it left off, or will it
choke on all the objects that were a part of the previous sync
agreement? Will I have problems with my data since it has been over 10
days since the last sync?
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
