Re: password sync documentation

lingu <hicheerup@xxxxxxxxx> · Fri, 18 Jul 2008 00:01:22 +0530

HI,

 Instead of creating symbolic links u can create all certificates in one directory and copy into the directory instance directory.For example copy all certficates inito /etc/dirsrv/slapd-xxx/.If any file is already existing it will ask u for overwrite  while copying tell yes to all.

Recently i implemented the user and pass sync from windows 2003 AD box.If you have any query mail me back.

Regards
lingu

On Thu, Jul 17, 2008 at 4:49 PM, omight <omight@xxxxxxxxx> wrote:

Hi,

I'm trying to follow the documentation to setup synchronisation to

windows active directory.

>From the documentation:

http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync-Configuring_Windows_Sync.html

[quote]

2. Create a new cert8.db and key.db using certutil.exe on the Password

Sync machine.

certutil.exe -d . -N

ln -s slapd-serverID-cert8.db cert8.db

ln -s slapd-serverID-key3.db key3.db

[/quote]

If I execute that in a new directory:

# certutil.exe -d . -N

# ln -s slapd-rhds-cert8.db cert8.db

ln: creating symbolic link `cert8.db' to `slapd-rhds-cert8.db': File exists

I don't follow why the ln -s should be executed? Why not start with part 3:

On the Directory Server, export the server certificate using pk12util.

pk12util -d . -o servercert.pfx -n Server-Cert

Because SSL is already configured on this linux machine, so I guess I

can use the server-cert from that cert8.db?

Can someone clarify/confirm this? Thanks!

--

Fedora-directory-users mailing list

Fedora-directory-users@xxxxxxxxxx

https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users