On 12/08/2011 02:31 PM, Jimmy wrote:
I had a few weeks away from this configuration and finally getting back to it. I'm uncertain of the correct path forward. I don't seem to be able to find the documentation on how to install the cert into the Passsync NSS database. I have been following this document:

http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/chap-Installation_and_Deployment_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory.html

We are attempting to replicate users from an AD instance to FreeIPA,
Thanks- Jimmy
There's this:
Refer to the Fedora Directory Server Administration Guide <http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync.html> for more information on the Windows Sync utility. Not only should it not be called "Fedora Directory Server" but the link is out of date - should point to the latest doc here
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync

For information specifically about setting up passsync on Windows, see http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service

On Fri, Nov 11, 2011 at 4:55 PM, Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>> wrote:

    Rich Megginson wrote:

        On 11/11/2011 02:23 PM, Jimmy wrote:

            I do have the AD SSL cert installed, but from how I read
            it, I need to
            install the cert from the FreeIPA DS into Windows AD
            certificate store.

        Perhaps for something else, but for windows sync/passsync, you
        do not
        need to install the cert from the FreeIPA DS into Windows AD
        certificate
        store.


    Right, you just need to install it in the Passsync NSS databsae.

    rob



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to