On 11/11/2011 01:11 PM, Jimmy wrote:
I am trying to get FreeIPA synchronizing with AD. The instructions I
have found on the web go through setting up SSL for passsync, but they
all reference installing the CA cert from the Directory Server without
specifying how to go about getting the DS CA cert. I found a couple
links on how to export the CA cert but they didn't work as described.
(step 'f' in this link)
https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#
Step f isn't necessary. And it is usually not necessary to manually
setup AD for SSL. If you install the Microsoft Cert System in
Enterprise Root CA mode, it will usually create and install the AD SSL
cert automatically.
This link
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service
explains a bit more about how to set up PassSync to use SSL to talk to
IPA (i.e. how and where to install the IPA CA cert for use by
PassSync). Note that AD itself doesn't talk to IPA - it's only the
PassSync "AD plugin" that talks to IPA, and only for the purpose of
sending the clear text password changes from AD to IPA.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users