Re: [Fedora-directory-users] Re: SYNC without password ...

Mon, 20 Oct 2008 12:00:28 -0700 

Vipul Ramani wrote:



Rich ,


i tell you how i did 

https://localhosts/certsrv/  ---> download cert in DER form and 
imported in FDS console ...



[EMAIL PROTECTED] ~]# certutil -L -d /etc/dirsrv/slapd-linux2


Certificate Nickname                                         Trust 
Attributes
                                                             
SSL,S/MIME,JAR/XPI


CA                                                           CTu,u,u

What is this CA? certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA"

Server-Cert                                                  u,u,u

linux2                                                       
CTu,u,u          <-- this Cert is signed by ADC CA

certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2"
Make sure the subjectDN starts with cn=fqdn where fqdn is the FQDN of linux2

*labdc01                                                      
CT,,              <---- MS CA Cert *


sorry i missed last line ...  last email .

But no  Luck ...

A good way to test TLS/SSL is to use ldapsearch:

/usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P 
/etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*"



If that works, then you have the CA installed correctly, and the AD 
server cert is correct.






On Mon, Oct 20, 2008 at 11:36 AM, Vipul Ramani <[EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> wrote:


    Vipul Ramani wrote:

        


        Hi Rich ,


        I installed from Fedora console - i copied MS CA on Window box then i 
did install using Fedora directory Console.


              


    certutil -L -d /etc/dirsrv/slapd-instancename
    [EMAIL PROTECTED] ~]# certutil -L -d /etc/dirsrv/slapd-linux2

    Certificate Nickname                                         Trust 
Attributes


                                                                 
SSL,S/MIME,JAR/XPI

    CA                                                           CTu,u,u
    Server-Cert                                                  u,u,u



    linux2                                                       CTu,u,u  <-- this Cert is signed by ADC CA 
    [EMAIL PROTECTED] ~]#




    And Sample profile which is replicated from ADC 
    dn: uid=vramani, ou=People, dc=tf-lab,dc=test2,dc=com


    ntUniqueId: f6bcff406f334d46824236fc82f2b762
    ntUserLastLogoff: 0
    givenName: vipul
    sn: ramani
    ntUserParms:: 
bSAgICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgICA
     
gUAQaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C


     5EggBQ3R4U2hhZG9345Cw44Cw44Cw44CwKgIBQ3R4TWluRW5jcnlwdGlvbkxldmVs44Sw
    objectClass: top objectClass: person objectClass:
    organizationalperson objectClass: inetOrgPerson objectClass:
    ntUser uid: vramani ntUserDeleteAccount: true
    cn: vipul ramani
    ntUserLastLogon: 128687513442500000
    ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807
    ntUserCodePage: 0



        

        





--
Regards

Vipul Ramani

------------------------------------------------------------------------

--
Fedora-directory-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-directory-users

  





Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


--
Fedora-directory-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-directory-users




























					Reply via email to