Shan Kumaraswamy wrote:
I am again facing some issue with IPA+AD Sync and I tested all the levels:
Windows PassSync entry exists, not resetting password
INFO:root:Added new sync agreement, waiting for it to become ready . . .
INFO:root:Replication Update in progress: FALSE: status: 81 - LDAP
error: Can't contact LDAP server: start: 0: end: 0
INFO:root:Agreement is ready, starting replication . . .
Starting replication, please wait until this has completed.
[saprhds001.bmibank.com <http://saprhds001.bmibank.com>] reports:
Update failed! Status: [81 - LDAP error: Can't contact LDAP server]
I have imported right CA to IPA box and the out put is:
Certificate Nickname Trust
CA certificate CTu,u,Cu
Imported CA CT,,C
And also I done the openssl s_client option too, but no luck.
What exactly did you do? with openssl s_client?
Did you try
/usr/lib64/mozldap/ldapsearch -h fqdn.of.ad.hostname -Z -P
/etc/dirsrv/slapd-YOURINSTANCE/cert8.db -s base -b "" "objectclass=*"
LDAPTLS_CACERT=/path/to/adcacert.asc ldapsearch -d 1 -x -h
fqdn.of.ad.hostname -p 389 -Z -s base -b ""
Without cert when I try ldap search its gives out put. but with cert
(AD CA) through error.
Please help me fix this issue.
Thanks & Regards
Freeipa-users mailing list