Hi all,
It seems something broke somewhere along the lines when I was trying to
set up Windows Sync. Please take a look at the following outputs. I can
connect both directions manually via SSL, but the actual ipa-replica-manage
script seems to be pulling certs from somewhere else. The current sync
between ipaserver-01 & ipaserver-02 is working fine. If anyone has any
suggestions, I would be open to them. Thanks!
example.local = active directory domain
example.com = ipa realm
-----
[r...@ipaserver-01 ~]# certutil -L -d /etc/dirsrv/slapd-EXAMPLE-COM/
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
DigiCertCA CT,,C
AD CA cert CT,,C
ipaserver-01 u,u,u
#-----
# everything looks right
#-----
[r...@ipaserver-01 ~]#
[r...@ipaserver-01 ~]# /usr/lib64/mozldap/ldapsearch -h
adserver-01.example.local -p 636 -Z -P
/etc/dirsrv/slapd-EXAMPLE-COM/cert8.db -D "passs...@example.local" -w
'notrealpassword' -s base -b "" "objectclass=*"
version: 1
dn:
currentTime: 20110111153848.0Z
...
...
supportedControl: 1.2.840.113556.1.4.1948
supportedControl: 1.2.840.113556.1.4.1974
supportedControl: 1.2.840.113556.1.4.1341
supportedControl: 1.2.840.113556.1.4.2026
supportedLDAPVersion: 3
supportedLDAPVersion: 2
supportedLDAPPolicies: MaxPoolThreads
...
...
dnsHostName: adserver-01.example.local
ldapServiceName: example.local:adserver-...@example.local
...
...
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 3
forestFunctionality: 3
domainControllerFunctionality: 3
[r...@ipaserver-01 ~]#
#-----
# good valid results for the query [reduced for clarity]
#-----
[r...@ipaserver-01 ~]# ipa-replica-manage list
Directory Manager password:
unexpected error: {'info': 'error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', 'desc':
"Can't contact LDAP server"}
[r...@ipaserver-01 ~]#
#-----
# welp, it looks like something is broken somewhere..
#-----
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
