kiran madala wrote:
As far I understand by reading docs again that the user specified in the Syn agreement and Bind DN should be same and exist on Active directory with Domain Admin privileges. But I have other issues now. The DS server is unable to connect to my AD.
What error messages are you getting? Check the error log.You can also try using ldapsearch. Are you using Fedora DS 1.1 or 1.0.4? What OS?
You don't need to use cert based client auth. You can use regular username/password auth over TLS/SSL.I enabled SSL by copying the same root certificate into AD and also generating a server certificate and opened up ports in firewall. Am I missing something like allowing client Authentication on the AD machine?
My currents certificates are as follows. DS has its own server certificate AD has its own server certificate ALL 3 servers AS,DS and AD have the same CA root certificate ----------------------------------------From: kirankmadala@xxxxxxxxxxx To: fedora-directory-users@xxxxxxxxxx Date: Wed, 9 Jan 2008 10:35:00 -0400 Subject: Windows Active Directory sync Help! Hello, I am trying to sync the DS with AD. Since I am new to AD and DS I have few questions. I want to synchronize only users and groups so Is it necessary to enable SSL on Active Directory and connect to Active directory through SSL? In the replica settings the supplier DN user need to be on both AD and DS with should be a Domain admin of the AD? When trying to synchronize with AD the bind DN (In screen shot) user should be in both AD and DS? I have attached the screen shot of my final DS agreement window. I believe currently it is defined to synchronize users what changes I need to make it synchronize groups aswell. Thanks in advance _________________________________________________________________ Exercise your brain! Try Flexicon! http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig_________________________________________________________________ Use fowl language with Chicktionary. Click here to start playing! http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
