Shan Kumaraswamy wrote:
Rich,
I am again facing some issue with IPA+AD Sync and I tested all the levels:
Windows PassSync entry exists, not resetting password
INFO:root:Added new sync agreement, waiting for it to become ready . . .
INFO:root:Replication Update in progress: FALSE: status: 81 - LDAP error: Can't contact LDAP server: start: 0: end: 0
INFO:root:Agreement is ready, starting replication . . .
Starting replication, please wait until this has completed.
[saprhds001.bmibank.com <http://saprhds001.bmibank.com>] reports: Update failed! Status: [81 - LDAP error: Can't contact LDAP server]
I have imported right CA to IPA box and the out put is:
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI
CA certificate                                               CTu,u,Cu
Imported CA                                                  CT,,C
Server-Cert                                                  u,u,u
And also I done the openssl s_client option too, but no luck.
What exactly did you do? with openssl s_client?

Did you try
/usr/lib64/mozldap/ldapsearch -h fqdn.of.ad.hostname -Z -P /etc/dirsrv/slapd-YOURINSTANCE/cert8.db -s base -b "" "objectclass=*"

LDAPTLS_CACERT=/path/to/adcacert.asc ldapsearch -d 1 -x -h fqdn.of.ad.hostname -p 389 -Z -s base -b ""
Without cert when I try ldap search its gives out put. but with cert (AD CA) through error. Please help me fix this issue.

--
Thanks & Regards
Shan Kumaraswamy


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to