i think we are head to solutions ...
do i need to re-install certificate in passync again ??? after we install new CSR with FQDN ... ???
root@linux2 slapd-linux2]# /usr/lib/mozldap/ldapsearch -v -h labdc01.tf-lab.test2.com -p 636 -Z -P /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db -3 -s base -b "" "objectclass=*"
ldapsearch: started Mon Oct 20 06:18:20 2008
ldap_init( labdc01.tf-lab.test2.com, 636 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
filter pattern: objectclass=*
returning: ALL
filter is: (objectclass=*)
version: 1
dn:
currentTime: 20081020202134.0Z
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=tf-lab,DC=tribal
fusion,DC=com
dsServiceName: CN=NTDS Settings,CN=LABDC01,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com
namingContexts: DC=tf-lab,DC=test2,DC=com
namingContexts: CN=Configuration,DC=tf-lab,DC=test2,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=com
namingContexts: DC=DomainDnsZones,DC=tf-lab,DC=test2,DC=com
namingContexts: DC=ForestDnsZones,DC=tf-lab,DC=test2,DC=com
defaultNamingContext: DC=tf-lab,DC=test2,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=c
om
configurationNamingContext: CN=Configuration,DC=tf-lab,DC=test2,DC=com
rootDomainNamingContext: DC=tf-lab,DC=test2,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 1.2.840.113556.1.4.528
supportedControl: 1.2.840.113556.1.4.417
supportedControl: 1.2.840.113556.1.4.619
supportedControl: 1.2.840.113556.1.4.841
supportedControl: 1.2.840.113556.1.4.529
supportedControl: 1.2.840.113556.1.4.805
supportedControl: 1.2.840.113556.1.4.521
supportedControl: 1.2.840.113556.1.4.1948
supportedLDAPVersion: 3
supportedLDAPVersion: 2
supportedLDAPPolicies: MaxPoolThreads
supportedLDAPPolicies: MaxDatagramRecv
supportedLDAPPolicies: MaxReceiveBuffer
supportedLDAPPolicies: InitRecvTimeout
supportedLDAPPolicies: MaxConnections
supportedLDAPPolicies: MaxConnIdleTime
supportedLDAPPolicies: MaxPageSize
supportedLDAPPolicies: MaxQueryDuration
supportedLDAPPolicies: MaxTempTableSize
supportedLDAPPolicies: MaxResultSetSize
supportedLDAPPolicies: MaxNotificationPerConn
supportedLDAPPolicies: MaxValRange
highestCommittedUSN: 90680
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5
dnsHostName: labdc01.tf-lab.test2.com
ldapServiceName: tf-lab.test2.com:labdc01$@TF-LAB.TEST2.COM
serverName: CN=LABDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
supportedCapabilities: 1.2.840.113556.1.4.1670
supportedCapabilities: 1.2.840.113556.1.4.1791
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
root@linux2 slapd-linux2]# grep err /var/log/dirsrv/slapd-linux2/errors
[root@linux2 slapd-linux2]#
--
Regards
Vipul Ramani
do i need to re-install certificate in passync again ??? after we install new CSR with FQDN ... ???
root@linux2 slapd-linux2]# /usr/lib/mozldap/ldapsearch -v -h labdc01.tf-lab.test2.com -p 636 -Z -P /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db -3 -s base -b "" "objectclass=*"
ldapsearch: started Mon Oct 20 06:18:20 2008
ldap_init( labdc01.tf-lab.test2.com, 636 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
filter pattern: objectclass=*
returning: ALL
filter is: (objectclass=*)
version: 1
dn:
currentTime: 20081020202134.0Z
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=tf-lab,DC=tribal
fusion,DC=com
dsServiceName: CN=NTDS Settings,CN=LABDC01,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com
namingContexts: DC=tf-lab,DC=test2,DC=com
namingContexts: CN=Configuration,DC=tf-lab,DC=test2,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=com
namingContexts: DC=DomainDnsZones,DC=tf-lab,DC=test2,DC=com
namingContexts: DC=ForestDnsZones,DC=tf-lab,DC=test2,DC=com
defaultNamingContext: DC=tf-lab,DC=test2,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=c
om
configurationNamingContext: CN=Configuration,DC=tf-lab,DC=test2,DC=com
rootDomainNamingContext: DC=tf-lab,DC=test2,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 1.2.840.113556.1.4.528
supportedControl: 1.2.840.113556.1.4.417
supportedControl: 1.2.840.113556.1.4.619
supportedControl: 1.2.840.113556.1.4.841
supportedControl: 1.2.840.113556.1.4.529
supportedControl: 1.2.840.113556.1.4.805
supportedControl: 1.2.840.113556.1.4.521
supportedControl: 1.2.840.113556.1.4.1948
supportedLDAPVersion: 3
supportedLDAPVersion: 2
supportedLDAPPolicies: MaxPoolThreads
supportedLDAPPolicies: MaxDatagramRecv
supportedLDAPPolicies: MaxReceiveBuffer
supportedLDAPPolicies: InitRecvTimeout
supportedLDAPPolicies: MaxConnections
supportedLDAPPolicies: MaxConnIdleTime
supportedLDAPPolicies: MaxPageSize
supportedLDAPPolicies: MaxQueryDuration
supportedLDAPPolicies: MaxTempTableSize
supportedLDAPPolicies: MaxResultSetSize
supportedLDAPPolicies: MaxNotificationPerConn
supportedLDAPPolicies: MaxValRange
highestCommittedUSN: 90680
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5
dnsHostName: labdc01.tf-lab.test2.com
ldapServiceName: tf-lab.test2.com:labdc01$@TF-LAB.TEST2.COM
serverName: CN=LABDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
supportedCapabilities: 1.2.840.113556.1.4.1670
supportedCapabilities: 1.2.840.113556.1.4.1791
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
root@linux2 slapd-linux2]# grep err /var/log/dirsrv/slapd-linux2/errors
[root@linux2 slapd-linux2]#
On Mon, Oct 20, 2008 at 12:07 PM, Vipul Ramani <vipulramani@xxxxxxxxx> wrote:
CA is self-signed generated certificate . by Linux2 it self.
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA"Certificate:
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Data:
Version: 3 (0x2)
Serial Number: 1000 (0x3e8)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=CAcert"
Validity:
Not Before: Fri Oct 17 15:11:18 2008
Not After : Wed Oct 17 15:11:18 2018
Subject: "CN=CAcert"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
c8:40:4b:86:0b:70:3d:5d:6a:f6:f4:a5:86:e9:1c:98:
d0:dd:19:31:e3:b8:18:3b:0a:c8:9f:83:33:98:cd:98:
54:83:9d:73:97:69:04:26:b8:75:4a:95:7e:ed:92:62:
51:2c:70:8a:a6:f2:a6:8b:b5:c6:53:d3:f8:cc:01:c9:
e8:78:55:1f:69:e3:c4:5c:5e:e8:a6:bf:dc:53:ac:a6:
ce:75:14:98:2f:a7:c0:da:ae:be:5d:91:e6:f2:96:84:
02:a0:ec:df:e4:de:91:25:2d:65:d8:bd:79:3d:07:ea:
8c:9f:9e:5b:ee:04:a3:18:2e:98:c6:ab:15:a1:d5:d9
Exponent: 65537 (0x10001)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
55:bd:f2:f7:37:e5:60:e0:87:20:a7:d7:69:b2:eb:79:
e6:98:7e:72:f1:b1:dc:11:08:94:fd:c3:56:a8:14:37:
2b:1b:cd:bc:05:3d:54:45:73:7f:b2:dc:f8:f1:f4:44:
61:25:54:c6:e2:c2:68:1f:d7:cc:d3:37:16:37:98:b8:
37:c3:7e:49:48:12:58:17:26:fe:87:bc:d4:ef:ee:6b:
5d:35:1f:1f:72:a5:5e:6b:b7:94:e6:c3:63:7c:2a:24:
4c:43:39:cd:74:7b:56:08:15:f9:85:3f:ed:c9:ba:01:
88:d0:90:84:1d:e6:0e:84:7f:83:8e:bf:9e:9a:b2:a3
Fingerprint (MD5):
2C:77:B6:61:BA:3D:F0:E2:8E:EB:BA:4D:74:A4:E4:0C
Fingerprint (SHA1):
06:FE:B9:62:26:E7:56:1E:2B:84:C0:5E:AC:DC:F7:1A:AE:A8:58:0E
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
User
Trusted Client CA
Email Flags:
User
Object Signing Flags:
User
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2"Certificate:
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Data:
Version: 3 (0x2)
Serial Number:
14:fc:4e:02:00:00:00:00:00:16
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=labdc01,DC=tf-lab,DC=test2,DC=com"
Validity:
Not Before: Fri Oct 17 23:35:13 2008
Not After : Sun Oct 17 23:35:13 2010
Subject: "CN=linux2,OU=Ops,O=Exponential,L=Emeryville,ST=California,C
=US"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
da:db:9b:d8:c2:aa:42:4e:85:69:b2:0a:19:46:87:2d:
67:e6:4b:9b:4d:97:96:6a:e3:bf:90:c2:ab:a7:0d:17:
--removed-some-part---
24:72:dc:18:5c:7e:1a:16:b3:bd:38:1b:0a:0f:a6:48:
ae:4e:ef:5a:eb:cd:12:6f:5e:16:8f:6c:ce:ff:fa:71
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Subject Key ID
Data:
75:e0:f9:0d:9f:77:24:61:38:87:17:87:43:ee:25:5d:
c0:b2:4f:d3
Name: Certificate Authority Key Identifier
Key ID:
83:c2:a6:03:eb:b2:a8:ea:40:d0:63:42:01:68:8f:a8:
11:9e:ec:f9
Name: CRL Distribution Points
URI: "ldap:///CN=labdc01,CN=labdc01,CN=CDP,CN=Public%20Key%20Serv
ices,CN=Services,CN=Configuration,DC=tf-lab,DC=test2,D
C=com?certificateRevocationList?base?objectClass=cRLDistribut
ionPoint"
URI: "http://labdc01.tf-lab.test2.com/CertEnroll/labdc01.c
rl"
Name: Authority Information Access
Method: PKIX CA issuers access method
Location:
URI: "ldap:///CN=labdc01,CN=AIA,CN=Public%20Key%20Services,CN
=Services,CN=Configuration,DC=tf-lab,DC=test2,DC=c
om?cACertificate?base?objectClass=certificationAuthority"
Method: PKIX CA issuers access method
Location:
URI: "http://labdc01.tf-lab.test2.com/CertEnroll/labdc
01.tf-lab.test2.com_labdc01.crt"
Name: Microsoft Enrollment Cert Type Extension
Data: "WebServer"
Name: Certificate Basic Constraints
Critical: True
Data: Is not a CA.
Name: Certificate Key Usage
Usages: Digital Signature
Key Encipherment
Name: Extended Key Usage
TLS Web Server Authentication Certificate
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
0b:f7:2f:25:e5:99:aa:27:59:5d:76:96:5a:64:0b:a7:
91:7d:48:49:fd:a8:46:db:cc:39:7b:97:34:94:3c:0c:
7c:fe:4d:f7:99:5e:da:a6:7d:53:5c:36:ba:ed:a7:05:
60:04:2a:76:6e:02:75:a0:1c:59:bd:ad:82:db:fc:61:
--removed some--part--
6d:11:23:4c:77:60:18:ec:fd:47:63:72:d3:00:ee:04:
c2:01:3a:d8:dc:f1:4b:55:c5:7a:39:09:83:9b:09:bd:
65:64:4c:6f:8d:19:86:94:95:76:1b:07:08:ad:03:70
Fingerprint (MD5):
BD:3D:31:6C:27:A8:82:1A:11:81:5B:F6:56:D7:FA:E3
Fingerprint (SHA1):
89:45:EE:8E:7D:B7:01:EB:72:80:F2:86:91:B8:02:D4:60:3A:19:FA
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
User
Trusted Client CA
Email Flags:
User
Object Signing Flags:
User
| /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P /etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*"
When i do this i am getting cordump ... :((
--
Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
