Re: Re: SYNC without password ...

[Rich Megginson <rmeggins@xxxxxxxxxx>]

Vipul Ramani wrote:
> Rich ,
>
> i tell you how i did 
>
> https://localhosts/certsrv/  ---> download cert in DER form and 
> imported in FDS console ...
>
>
> [root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2
>
> Certificate Nickname                                         Trust 
> Attributes
>                                                              
> SSL,S/MIME,JAR/XPI
>
> CA                                                           CTu,u,u
What is this CA? certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA"
> Server-Cert                                                  u,u,u
> linux2                                                       
> CTu,u,u          <-- this Cert is signed by ADC CA
certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2"
Make sure the subjectDN starts with cn=fqdn where fqdn is the FQDN of linux2
> *labdc01                                                      
> CT,,              <---- MS CA Cert *
>
> sorry i missed last line ...  last email .
>
> But no  Luck ...
A good way to test TLS/SSL is to use ldapsearch:
/usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P 
/etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*"

If that works, then you have the CA installed correctly, and the AD 
server cert is correct.
> On Mon, Oct 20, 2008 at 11:36 AM, Vipul Ramani <vipulramani@xxxxxxxxx 
> <mailto:vipulramani@xxxxxxxxx>> wrote:
>
>     Vipul Ramani wrote:
>         
>
>         Hi Rich ,
>
>
>         I installed from Fedora console - i copied MS CA on Window box then i did install using Fedora directory Console.
>
>               
>
>     certutil -L -d /etc/dirsrv/slapd-instancename
>     [root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2
>
>     Certificate Nickname                                         Trust Attributes
>
>
>                                                                  SSL,S/MIME,JAR/XPI
>
>     CA                                                           CTu,u,u
>     Server-Cert                                                  u,u,u
>
>
>     linux2                                                       CTu,u,u  <-- this Cert is signed by ADC CA 
>     [root@linux2 ~]#
>
>
>     And Sample profile which is replicated from ADC 
>     dn: uid=vramani, ou=People, dc=tf-lab,dc=test2,dc=com
>
>     ntUniqueId: f6bcff406f334d46824236fc82f2b762
>     ntUserLastLogoff: 0
>     givenName: vipul
>     sn: ramani
>     ntUserParms:: bSAgICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgICA
>      gUAQaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C
>
>
>      5EggBQ3R4U2hhZG9345Cw44Cw44Cw44CwKgIBQ3R4TWluRW5jcnlwdGlvbkxldmVs44Sw
>     objectClass: top objectClass: person objectClass:
>     organizationalperson objectClass: inetOrgPerson objectClass:
>     ntUser uid: vramani ntUserDeleteAccount: true
>     cn: vipul ramani
>     ntUserLastLogon: 128687513442500000
>     ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807
>     ntUserCodePage: 0
>
>
>         
>
>         
>
>
>
>
> --
> Regards
>
> Vipul Ramani
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

<<attachment: smime.p7s>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users