|
OK So in the passsync log I have this error message : Error initializing SSL: err=-8192 Ensure that your SSL is setup correctly Failed to load entries from file Ldap bind error in Connect 49: Invalid credentials Can not connect to ldap server in SyncPasswords Ldap bind error in Connect 81: Can't contact LDAP server Ldap bind error in Connect 91: Can't connect to the LDAP server In the FDS log (replication status) I've got this : "LDAP error: Can't contact LDAP server. Error > > Code 81. In AD, I set up SSL using IIS because I had some troubles usiing certreq I enter this url http://<servername>/certsrv in my browser and I ask for a user certificate. And I import it in the Trusted Root CA. After the passync installation in Windows 2003 Server : I enter this commands : certutil.exe -d . -N I export my certs from FDS by doing this : pk12util -d . -o dscert.p12 -n Server-Cert In 2003 Server I put the FDS cert in the passync installation folder and I export : pk12util.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" –i dscert.p12 And I give the trusted peer status : certutil.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" –M -n Server-Cert -t "P,P,P" I also do the same for the cascert cert but I give this attributes trust attributes "CT,CT,CT" because it was mention in the FDS wiki. That's all I do to set up SSL Did you see what I did wrong ? Thanks ------------------------------------------------------------------------------------------------------------------------- > Date: Tue, 2 Sep 2008 09:24:19 -0600 > From: rmeggins@xxxxxxxxxx > To: fedora-directory-users@xxxxxxxxxx > Subject: Re: [Fedora-directory-users] LDAP Error with sync agreement using ssl > > steve nguyen wrote: > > Hi everybody, > > > > I have created two sync agreement in FDS. I've got an error message > > with the one using ssl : "LDAP error: Can't contact LDAP server. Error > > Code 81. > You'll have to provide more information, like the CA that issued your AD > server cert, and other messages in the DS error log. > > The second sync agreement without ssl works. > > > > I think this error should come from a certificate that I've create. > > To create my certificate on Fedora I've used the second script from > > the fds wiki. > > > > I want to know another thing : I selected a single master in the > > replica role column. If I choose multiple master, will the sync happen > > from both side : ad and fds ? > The setting for single vs. multiple master is not applicable with > Windows Sync - it shouldn't matter as long as the DS side is a master. > Windows sync is always 2 way. > > > > ps : escuse me for my bad english. Votre correspondant a choisi Hotmail et profite d’un stockage quasiment illimité. Créez un compte Hotmail gratuitement ! |
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
