On 11/11/2011 01:11 PM, Jimmy wrote:
I am trying to get FreeIPA synchronizing with AD. The instructions I have found on the web go through setting up SSL for passsync, but they all reference installing the CA cert from the Directory Server without specifying how to go about getting the DS CA cert. I found a couple links on how to export the CA cert but they didn't work as described.


(step 'f' in this link)
https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#
Step f isn't necessary. And it is usually not necessary to manually setup AD for SSL. If you install the Microsoft Cert System in Enterprise Root CA mode, it will usually create and install the AD SSL cert automatically.

This link http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service explains a bit more about how to set up PassSync to use SSL to talk to IPA (i.e. how and where to install the IPA CA cert for use by PassSync). Note that AD itself doesn't talk to IPA - it's only the PassSync "AD plugin" that talks to IPA, and only for the purpose of sending the clear text password changes from AD to IPA.


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to