Vipul Ramani wrote:
HI RichThe ldapsearch output below looks correct. In your sync agreement, did you use labdc01.tf-lab.test2.com <http://labdc01.tf-lab.test2.com> or just labdc01? You have to use the FQDN. Isin winsync Aggreement i used FQDN .../etc/dirsrv/slapd-linux2/slapd-linux2cert8.db a symlink to /etc/dirsrv/slapd-linux2/cert8.db? What is the relationship between slapd-linux2cert8.db and cert8.db?Yes you are right it is sym link. /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db a symlink to /etc/dirsrv/slapd-linux2/cert8.db ....
The original error is this: https://www.redhat.com/archives/fedora-directory-users/2008-October/msg00056.htmlNSMMReplicationPlugin - agmt ="cn=vedant " ( labdc01:636) : simple bind failed , LDAP sdk error 91 ( Can't connect to the LDAP server ) , Netscape Portable Runtime error - 8179 ( Peer's Certificate issuer is not recoginzed )
That usually means that Fedora DS cannot verify the AD SSL server cert. This is usually because Fedora DS doesn't have or trust the CA cert of the CA that issued the AD SSL cert. The Peer in this case is the AD SSL server, the issuer is the CA that issued the AD SSL server cert. I'm not sure what the problem could be.
Regards Vipul Ramani ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
