Vipul Ramani wrote:
No, at least, not yet. The ldapsearch output below looks correct. In your sync agreement, did you use labdc01.tf-lab.test2.com or just labdc01? You have to use the FQDN.i think we are head to solutions ...do i need to re-install certificate in passync again ??? after we install new CSR with FQDN ... ???
Is /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db a symlink to /etc/dirsrv/slapd-linux2/cert8.db? What is the relationship between slapd-linux2cert8.db and cert8.db?
root@linux2 slapd-linux2]# /usr/lib/mozldap/ldapsearch -v -h labdc01.tf-lab.test2.com <http://labdc01.tf-lab.test2.com> -p 636 -Z -P /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db -3 -s base -b "" "objectclass=*"ldapsearch: started Mon Oct 20 06:18:20 2008ldap_init( labdc01.tf-lab.test2.com <http://labdc01.tf-lab.test2.com>, 636 )ldaptool_getcertpath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db ldaptool_getkeypath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db ldaptool_getmodpath -- (null) ldaptool_getdonglefilename -- (null) filter pattern: objectclass=* returning: ALL filter is: (objectclass=*) version: 1 dn: currentTime: 20081020202134.0ZsubschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=tf-lab,DC=tribalfusion,DC=comdsServiceName: CN=NTDS Settings,CN=LABDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com namingContexts: DC=tf-lab,DC=test2,DC=com namingContexts: CN=Configuration,DC=tf-lab,DC=test2,DC=com namingContexts: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=com namingContexts: DC=DomainDnsZones,DC=tf-lab,DC=test2,DC=com namingContexts: DC=ForestDnsZones,DC=tf-lab,DC=test2,DC=com defaultNamingContext: DC=tf-lab,DC=test2,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=c om configurationNamingContext: CN=Configuration,DC=tf-lab,DC=test2,DC=com rootDomainNamingContext: DC=tf-lab,DC=test2,DC=com supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.840.113556.1.4.801 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 1.2.840.113556.1.4.528 supportedControl: 1.2.840.113556.1.4.417 supportedControl: 1.2.840.113556.1.4.619 supportedControl: 1.2.840.113556.1.4.841 supportedControl: 1.2.840.113556.1.4.529 supportedControl: 1.2.840.113556.1.4.805 supportedControl: 1.2.840.113556.1.4.521 supportedControl: 1.2.840.113556.1.4.1948 supportedLDAPVersion: 3 supportedLDAPVersion: 2 supportedLDAPPolicies: MaxPoolThreads supportedLDAPPolicies: MaxDatagramRecv supportedLDAPPolicies: MaxReceiveBuffer supportedLDAPPolicies: InitRecvTimeout supportedLDAPPolicies: MaxConnections supportedLDAPPolicies: MaxConnIdleTime supportedLDAPPolicies: MaxPageSize supportedLDAPPolicies: MaxQueryDuration supportedLDAPPolicies: MaxTempTableSize supportedLDAPPolicies: MaxResultSetSize supportedLDAPPolicies: MaxNotificationPerConn supportedLDAPPolicies: MaxValRange highestCommittedUSN: 90680 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: DIGEST-MD5 dnsHostName: labdc01.tf-lab.test2.com <http://labdc01.tf-lab.test2.com>ldapServiceName: tf-lab.test2.com:labdc01$@TF-LAB.TEST2.COM <http://TF-LAB.TEST2.COM> serverName: CN=LABDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=comsupportedCapabilities: 1.2.840.113556.1.4.800 supportedCapabilities: 1.2.840.113556.1.4.1670 supportedCapabilities: 1.2.840.113556.1.4.1791 isSynchronized: TRUE isGlobalCatalogReady: TRUE domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2 root@linux2 slapd-linux2]# grep err /var/log/dirsrv/slapd-linux2/errors [root@linux2 slapd-linux2]#On Mon, Oct 20, 2008 at 12:07 PM, Vipul Ramani <vipulramani@xxxxxxxxx <mailto:vipulramani@xxxxxxxxx>> wrote:CA is self-signed generated certificate . by Linux2 it self. [root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA" Certificate Nickname Trust AttributesSSL,S/MIME,JAR/XPICertificate: Data: Version: 3 (0x2) Serial Number: 1000 (0x3e8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CAcert" Validity: Not Before: Fri Oct 17 15:11:18 2008 Not After : Wed Oct 17 15:11:18 2018 Subject: "CN=CAcert" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:40:4b:86:0b:70:3d:5d:6a:f6:f4:a5:86:e9:1c:98: d0:dd:19:31:e3:b8:18:3b:0a:c8:9f:83:33:98:cd:98: 54:83:9d:73:97:69:04:26:b8:75:4a:95:7e:ed:92:62: 51:2c:70:8a:a6:f2:a6:8b:b5:c6:53:d3:f8:cc:01:c9: e8:78:55:1f:69:e3:c4:5c:5e:e8:a6:bf:dc:53:ac:a6: ce:75:14:98:2f:a7:c0:da:ae:be:5d:91:e6:f2:96:84: 02:a0:ec:df:e4:de:91:25:2d:65:d8:bd:79:3d:07:ea: 8c:9f:9e:5b:ee:04:a3:18:2e:98:c6:ab:15:a1:d5:d9 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:bd:f2:f7:37:e5:60:e0:87:20:a7:d7:69:b2:eb:79: e6:98:7e:72:f1:b1:dc:11:08:94:fd:c3:56:a8:14:37: 2b:1b:cd:bc:05:3d:54:45:73:7f:b2:dc:f8:f1:f4:44: 61:25:54:c6:e2:c2:68:1f:d7:cc:d3:37:16:37:98:b8: 37:c3:7e:49:48:12:58:17:26:fe:87:bc:d4:ef:ee:6b: 5d:35:1f:1f:72:a5:5e:6b:b7:94:e6:c3:63:7c:2a:24: 4c:43:39:cd:74:7b:56:08:15:f9:85:3f:ed:c9:ba:01: 88:d0:90:84:1d:e6:0e:84:7f:83:8e:bf:9e:9a:b2:a3 Fingerprint (MD5): 2C:77:B6:61:BA:3D:F0:E2:8E:EB:BA:4D:74:A4:E4:0C Fingerprint (SHA1): 06:FE:B9:62:26:E7:56:1E:2B:84:C0:5E:AC:DC:F7:1A:AE:A8:58:0E Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Trusted Client CA Email Flags: User Object Signing Flags: User [root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2" Certificate Nickname Trust AttributesSSL,S/MIME,JAR/XPICertificate: Data: Version: 3 (0x2) Serial Number: 14:fc:4e:02:00:00:00:00:00:16 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=labdc01,DC=tf-lab,DC=test2,DC=com" Validity: Not Before: Fri Oct 17 23:35:13 2008 Not After : Sun Oct 17 23:35:13 2010 Subject: "CN=linux2,OU=Ops,O=Exponential,L=Emeryville,ST=California,C =US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:db:9b:d8:c2:aa:42:4e:85:69:b2:0a:19:46:87:2d: 67:e6:4b:9b:4d:97:96:6a:e3:bf:90:c2:ab:a7:0d:17: --removed-some-part--- 24:72:dc:18:5c:7e:1a:16:b3:bd:38:1b:0a:0f:a6:48: ae:4e:ef:5a:eb:cd:12:6f:5e:16:8f:6c:ce:ff:fa:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Key ID Data: 75:e0:f9:0d:9f:77:24:61:38:87:17:87:43:ee:25:5d: c0:b2:4f:d3 Name: Certificate Authority Key Identifier Key ID: 83:c2:a6:03:eb:b2:a8:ea:40:d0:63:42:01:68:8f:a8: 11:9e:ec:f9 Name: CRL Distribution Points URI: "ldap:///CN=labdc01,CN=labdc01,CN=CDP,CN=Public%20Key%20Serv ices,CN=Services,CN=Configuration,DC=tf-lab,DC=test2,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint" URI: "http://labdc01.tf-lab.test2.com/CertEnroll/labdc01.c rl" Name: Authority Information Access Method: PKIX CA issuers access method Location: URI: "ldap:///CN=labdc01,CN=AIA,CN=Public%20Key%20Services,CN =Services,CN=Configuration,DC=tf-lab,DC=test2,DC=com?cACertificate?base?objectClass=certificationAuthority"Method: PKIX CA issuers access method Location: URI: "*http://labdc01.tf-lab.test2.com*/CertEnroll/labdc 01.tf-lab.test2.com_labdc01.crt" Name: Microsoft Enrollment Cert Type Extension Data: "WebServer" Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Name: Certificate Key Usage Usages: Digital Signature Key Encipherment Name: Extended Key Usage TLS Web Server Authentication Certificate Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:f7:2f:25:e5:99:aa:27:59:5d:76:96:5a:64:0b:a7: 91:7d:48:49:fd:a8:46:db:cc:39:7b:97:34:94:3c:0c: 7c:fe:4d:f7:99:5e:da:a6:7d:53:5c:36:ba:ed:a7:05: 60:04:2a:76:6e:02:75:a0:1c:59:bd:ad:82:db:fc:61: --removed some--part-- 6d:11:23:4c:77:60:18:ec:fd:47:63:72:d3:00:ee:04: c2:01:3a:d8:dc:f1:4b:55:c5:7a:39:09:83:9b:09:bd: 65:64:4c:6f:8d:19:86:94:95:76:1b:07:08:ad:03:70 Fingerprint (MD5): BD:3D:31:6C:27:A8:82:1A:11:81:5B:F6:56:D7:FA:E3 Fingerprint (SHA1): 89:45:EE:8E:7D:B7:01:EB:72:80:F2:86:91:B8:02:D4:60:3A:19:FA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Trusted Client CA Email Flags: User Object Signing Flags: User*| /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P /etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*" * *When i do this i am getting cordump ... :(( *-- Regards Vipul Ramani ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
