Re: [Freeipa-users] AD Sync Error

Rich Megginson Tue, 09 Mar 2010 08:40:44 -0800

Shan Kumaraswamy wrote:

Yes I can get the output when I ran this step:

Command:/usr/lib64/mozldap/ldapsearch -ZZ -P/etc/dirsrv/slapd-BMITEST-COM/cert8.db -h sbtaddc001.bmitest.com<http://sbtaddc001.bmitest.com> -D"CN=administrator,CN=users,DC=bmitest,DC=com" -s base -b """objectclass=*"

Output:

version: 1

dn:
currentTime: 20100309160730.0Z

subschemaSubentry:CN=Aggregate,CN=Schema,CN=Configuration,DC=BMITEST,DC=COMdsServiceName: CN=NTDSSettings,CN=SBTADDC001,CN=Servers,CN=Bahrain-Site,CN=Si

 tes,CN=Configuration,DC=BMITEST,DC=COM
namingContexts: DC=BMITEST,DC=COM
namingContexts: CN=Configuration,DC=BMITEST,DC=COM
namingContexts: CN=Schema,CN=Configuration,DC=BMITEST,DC=COM
namingContexts: DC=DomainDnsZones,DC=BMITEST,DC=COM
namingContexts: DC=ForestDnsZones,DC=BMITEST,DC=COM
defaultNamingContext: DC=BMITEST,DC=COM
schemaNamingContext: CN=Schema,CN=Configuration,DC=BMITEST,DC=COM
configurationNamingContext: CN=Configuration,DC=BMITEST,DC=COM
rootDomainNamingContext: DC=BMITEST,DC=COM
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 1.2.840.113556.1.4.528
supportedControl: 1.2.840.113556.1.4.417
supportedControl: 1.2.840.113556.1.4.619
supportedControl: 1.2.840.113556.1.4.841
supportedControl: 1.2.840.113556.1.4.529
supportedControl: 1.2.840.113556.1.4.805
supportedControl: 1.2.840.113556.1.4.521
supportedControl: 1.2.840.113556.1.4.970
supportedControl: 1.2.840.113556.1.4.1338
supportedControl: 1.2.840.113556.1.4.474
supportedControl: 1.2.840.113556.1.4.1339
supportedControl: 1.2.840.113556.1.4.1340
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 2.16.840.1.113730.3.4.9
supportedControl: 2.16.840.1.113730.3.4.10
supportedControl: 1.2.840.113556.1.4.1504
supportedControl: 1.2.840.113556.1.4.1852
supportedControl: 1.2.840.113556.1.4.802
supportedControl: 1.2.840.113556.1.4.1907
supportedControl: 1.2.840.113556.1.4.1948
supportedControl: 1.2.840.113556.1.4.1974
supportedControl: 1.2.840.113556.1.4.1341
supportedControl: 1.2.840.113556.1.4.2026
supportedLDAPVersion: 3
supportedLDAPVersion: 2
supportedLDAPPolicies: MaxPoolThreads
supportedLDAPPolicies: MaxDatagramRecv
supportedLDAPPolicies: MaxReceiveBuffer
supportedLDAPPolicies: InitRecvTimeout
supportedLDAPPolicies: MaxConnections
supportedLDAPPolicies: MaxConnIdleTime
supportedLDAPPolicies: MaxPageSize
supportedLDAPPolicies: MaxQueryDuration
supportedLDAPPolicies: MaxTempTableSize
supportedLDAPPolicies: MaxResultSetSize
supportedLDAPPolicies: MaxNotificationPerConn
supportedLDAPPolicies: MaxValRange
highestCommittedUSN: 905371
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5
dnsHostName: SBTADDC001.BMITEST.COM <http://SBTADDC001.BMITEST.COM>

Please let me know the syntex of IPA Ad sync

Ok.  Now try it with the ldaps port (-p 636)

/usr/lib64/mozldap/ldapsearch -Z -P/etc/dirsrv/slapd-BMITEST-COM/cert8.db -h sbtaddc001.bmitest.com<http://sbtaddc001.bmitest.com> -p 636 -D"CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s base -b"" "objectclass=*"

On Tue, Mar 9, 2010 at 7:03 PM, Rich Megginson <rmegg...@redhat.com<mailto:rmegg...@redhat.com>> wrote:


    Shan Kumaraswamy wrote:

        Rich again some errors:
         [r...@sbttipa001 ~]# /usr/lib64/mozldap/ldapsearch -h
        sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
        <http://sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>> -D
        "CN=administrator,CN=users,DC=bmitest,DC=com" -w "Str1ve2XL"
        -s base -b "" "objectclass=*"

        ldap_simple_bind: Strong authentication required
        ldap_simple_bind: additional info: 00002028: LdapErr:
        DSID-0C0901FC, comment: The server requires binds to turn on
        integrity checking if SSL\TLS are not already active on the
        connection, data 0, v1771

    If this is your real password, as simo said, please change it
    immediately.

    So at least you are talking to the AD server now.  It is telling
    you that it will not accept a bind using a clear text password
    over an insecure connection - that is, try using SSL as we did
    previously:

    /usr/lib64/mozldap/ldapsearch -ZZ -P
    /etc/dirsrv/slapd-BMITEST-COM/cert8.db -h sbtaddc001.bmitest.com
    <http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com
    <http://sbtaddc001.bmitest.com/>> -D
    "CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s
    base -b "" "objectclass=*"

On Tue, Mar 9, 2010 at 6:38 PM, Rich Megginson

        <rmegg...@redhat.com <mailto:rmegg...@redhat.com>
        <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>> wrote:

           Shan Kumaraswamy wrote:

               Rich,
               Your mean the AD Administrator password or IPA admin
        password?

           AD

           I'm trying to find out why IPA cannot make a connection to
        AD.  So
           the hostname should be the AD hostname, and the -D (binddn)
        should
           be the DN of the user that IPA uses to bind to AD, and the
           password should be the password for that user.


               On Tue, Mar 9, 2010 at 6:32 PM, Rich Megginson
               <rmegg...@redhat.com <mailto:rmegg...@redhat.com>
        <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>> wrote:

                  Shan Kumaraswamy wrote:

                      When I try to run this command I am getting this
        error:
                       [r...@sbttipa001 ~]#
        /usr/lib64/mozldap/ldapsearch -h
                      sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>> -D

                      "CN=administrator,CN=users,DC=bmitest,DC=com" -w
               "secretpw" -s
                      base -b "" "objectclass=*"

                      ldap_simple_bind: Invalid credentials
                      ldap_simple_bind: additional info: 80090308:
        LdapErr:
                      DSID-0C0903AA, comment: AcceptSecurityContext error,
               data 52e,
                      v1771

                  You are not providing the correct password.



                       On Tue, Mar 9, 2010 at 6:16 PM, Rich Megginson
                      <rmegg...@redhat.com
        <mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>>> wrote:

                         Please keep replies on list

                         Shan Kumaraswamy wrote:

                             Rich,
                              Does a reverse DNS lookup on the IP address
               return that
                             hostname? -Yes
                              Is Active Directory configured to
        use/listen to
               SSL? -Yes,
                             Active Directory Cert Auth installed and
               exported the and
                             verifityed.

                              Does the cert db
               /etc/dirsrv/slapd-BMITEST-COM/cert8.db
                             contain the CA cert of the windows CA? -yes
               "Imported
                      CA cert"

                             certutil -L -d /etc/dirsrv/slapd-BMITEST-COM-
               Its listing
                             installed cert
                             I am trying to creating syn agreement
        from IPA
               server using
                             following syntex:
                              ipa-replica-manage add --winsync --binddn

CN=Administrator,CN=Users,CN=Accounts,DC=bmitest,DC=com

                             --bindpw secretpw --cacert
                             /etc/dirsrv/slapd-BMITEST-COM/dsca.cer
                      sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>

                             <http://sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>> -v

                              Please corret me where I am doing worng?

                         ldap_simple_bind: Can't contact LDAP server
                              SSL error -5961 (TCP connection reset by
        peer.)

                         This usually indicates some low level error.
         Let's
               try this:
                         /usr/lib64/mozldap/ldapsearch -h
               sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
        <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
                         <http://sbtaddc001.bmitest.com/> -D

                         "CN=administrator,CN=users,DC=bmitest,DC=com" -w
               "secretpw" -s
                         base -b "" "objectclass=*"

                         Does that work?

                                                  On Mon, Mar 8, 2010
        at 6:30 PM, Rich Megginson
                             <rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>>>
                             <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>>>> wrote:

                                Shan Kumaraswamy wrote:

                                    Hi Rich,

                                    Sorry for the delay replay, after I
               executed your
                             command I am
                                    getting the following error from
        my directory
                      server.
                             Please
                                    help me to resolve this error.

                                    [r...@sbttipa001 ~]#
                      /usr/lib64/mozldap/ldapsearch -h
                                    sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>
                                    <http://sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>
                                    <http://sbtaddc001.bmitest.com/>>
        -p 636
               -Z -P

/etc/dirsrv/slapd-BMITEST-COM/cert8.db -DCN=administrator,CN=users,DC=bmitest,DC=com -w

                             "secretpw" -s
                                    base -b "" "objectclass=*"

                                    ldap_simple_bind: Can't contact
        LDAP server
                                           SSL error -5961 (TCP connection
               reset by
                      peer.)

                                Is sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>
                                <http://sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>>

                                the real, registered DNS address for
        the Active
                      Directory
                             server?
                                 On both the linux machine and the windows
               machine?
                                Does a reverse DNS lookup on the IP
        address
               return that
                             hostname?
                                Is Active Directory configured to
        use/listen
               to SSL?
                                Does the cert db
                      /etc/dirsrv/slapd-BMITEST-COM/cert8.db contain
                                the CA cert of the windows CA?
                                certutil -L -d
        /etc/dirsrv/slapd-BMITEST-COM

                                                          On Wed, Feb 24,
               2010 at 6:20 PM, Rich Megginson
                                    <rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>>
                             <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>>>
                                    <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>
                             <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>
                             <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
                      <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>>>>> wrote:

                                       Shan Kumaraswamy wrote:

                                           Dear All,
                                           I am facing the AD Sync
        issue with
                      FreeIPA to Active
                                           Directory, and as per the
               redhat-ds doc I
                      have
                             done all the
                                           settings from AD front. please
               help me to
                             resolve this
                                    issue.
                                           And find the below error
        message:
                                            [r...@sbttipa001 ~]#
               ipa-replica-manage add
                             --winsync
                                           --binddn
                      CN=ipaadmin,CN=users,DC=bmitest,DC=com
                             --bindpw
                                           secretpw --ca cert
                             /etc/dirsrv/slapd-BMITEST-COM/adsync.cer
                                           sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
                                    <http://sbtaddc001.bmitest.com/>

<http://sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>

               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>
                                    <http://sbtaddc001.bmitest.com/>

<http://sbtaddc001.bmitest.com/>> -v

                      --passsync
                             bmi.123

                                           Directory Manager password:
                                           INFO:root:Shutting down dirsrv:

BMITEST-COM...[ OK ]

                                           INFO:root:
                                           INFO:root:
                                           INFO:root:
                                           INFO:root:Starting dirsrv:

BMITEST-COM...[ OK ]

                                           INFO:root:
                                           INFO:root:Added CA certificate

/etc/dirsrv/slapd-BMITEST-COM/adsync.cer to

                             certificate
                                           database for
               sbttipa001.bmitest.com <http://sbttipa001.bmitest.com/>
        <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com/>
                             <http://sbttipa001.bmitest.com/>
                                    <http://sbttipa001.bmitest.com/>

<http://sbttipa001.bmitest.com/><http://sbttipa001.bmitest.com <http://sbttipa001.bmitest.com/>

               <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com/>
                             <http://sbttipa001.bmitest.com/>
                                    <http://sbttipa001.bmitest.com/>
                                    <http://sbttipa001.bmitest.com/>>

                                           INFO:root:Restarted
        directory server
                                    sbttipa001.bmitest.com
        <http://sbttipa001.bmitest.com/>
               <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com/>
               <http://sbttipa001.bmitest.com/>
                             <http://sbttipa001.bmitest.com/>

<http://sbttipa001.bmitest.com/><http://sbttipa001.bmitest.com <http://sbttipa001.bmitest.com/>

               <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com/>
                             <http://sbttipa001.bmitest.com/>
                                    <http://sbttipa001.bmitest.com/>
                                    <http://sbttipa001.bmitest.com/>>

                                           INFO:root:Could not validate
               connection to
                             remote server
                                           sbtaddc001.bmitest.com:636
        <http://sbtaddc001.bmitest.com:636/>
               <http://sbtaddc001.bmitest.com:636/>
                      <http://sbtaddc001.bmitest.com:636/>
                             <http://sbtaddc001.bmitest.com:636/>
                                    <http://sbtaddc001.bmitest.com:636/>

<http://sbtaddc001.bmitest.com:636/>

<http://sbtaddc001.bmitest.com:636

        <http://sbtaddc001.bmitest.com:636/>
               <http://sbtaddc001.bmitest.com:636/>
                      <http://sbtaddc001.bmitest.com:636/>
                             <http://sbtaddc001.bmitest.com:636/>
                                    <http://sbtaddc001.bmitest.com:636/>

<http://sbtaddc001.bmitest.com:636/>> -

                      continuing

                                           INFO:root:The error was:
        {'info':
                             'error:14090086:SSL

routines:SSL3_GET_SERVER_CERTIFICATE:certificate

                             verify
                                           failed', 'desc ': "Can't
        contact LDAP
                      server"}
                                           The user for the Windows
        PassSync
               service is

uid=passsync,cn=sysaccounts,cn=etc,dc=bmitest,dc=com

                                           Windows PassSync entry
        exists, not
               resetting
                             password
                                           INFO:root:Added new sync
        agreement,
                      waiting for
                             it to
                                    become
                                           ready . . .
                                           INFO:root:Replication Update in
               progress:
                      FALSE:
                                    status: 49  -
                                           LDAP error: Invalid
        credentials:
               start:
                      0: end: 0
                                           INFO:root:Agreement is
        ready, starting
                             replication . . .
                                           Starting replication,
        please wait
               until
                      this has
                             completed.
                                           [sbttipa001.bmitest.com
        <http://sbttipa001.bmitest.com/>
               <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com/>
                             <http://sbttipa001.bmitest.com/>
                                    <http://sbttipa001.bmitest.com/>
                             <http://sbttipa001.bmitest.com/>

<http://sbttipa001.bmitest.com <http://sbttipa001.bmitest.com/>

               <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com/>
                             <http://sbttipa001.bmitest.com/>
                                    <http://sbttipa001.bmitest.com/>

<http://sbttipa001.bmitest.com/>>]

               reports:
                             Update failed!
                                           Status: [49  - LDAP error:
        Invalid
                      credentials]
                                           INFO:root:Added agreement for
               other host
                                           sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
                                    <http://sbtaddc001.bmitest.com/>

<http://sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>

               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com/>
                             <http://sbtaddc001.bmitest.com/>
                                    <http://sbtaddc001.bmitest.com/>
                                    <http://sbtaddc001.bmitest.com/>>


                                       Error 49 usually means the
        password is not
                      correct.  You
                                    can use
                                       mozldap ldapsearch to test the
        connection
                      like this:

                                       /usr/lib/mozldap/ldapsearch -h
        dchost
               -p 636
                      -Z -P

/etc/dirsrv/slapd-BMITEST-COM/cert8.db -DCN=ipaadmin,CN=users,DC=bmitest,DC=com -w

                      "secretpw" -s
                                    base -b ""
                                       "objectclass=*"

                                                    --         Thanks
        & Regards
                                           Shan Kumaraswamy

------------------------------------------------------------------------

_______________________________________________

                                           Freeipa-users mailing list
                                           Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>
                      <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>>
                             <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>
                      <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>>>
                                    <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>
                      <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>>
                             <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>
                      <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>>>>
                                    <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>
                      <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>>
                             <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>
                      <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>>>
                                    <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>
                      <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>>
                             <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>
                      <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>>>>>

https://www.redhat.com/mailman/listinfo/freeipa-users






                                    --         Thanks & Regards
                                    Shan Kumaraswamy





                             --         Thanks & Regards
                             Shan Kumaraswamy





                      --         Thanks & Regards
                      Shan Kumaraswamy





               --         Thanks & Regards
               Shan Kumaraswamy

--Thanks & Regards

        Shan Kumaraswamy





--
Thanks & Regards
Shan Kumaraswamy


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] AD Sync Error

Reply via email to