I'm pretty sure this is an ssl problem, but the steps for troubleshooting in the 389 server docs don't seem to work well here. I think they use a different version of ldapsearch that seems to allow me to specify the location of my cert db. the ldapsearch I'm using doesn't work that way.
The question then, is how to test ssl for passsync with freeipa. I try to run this on my freeipa server: openssl s_client -connect <ad domaincontroller>:636 and I get: verify error:num=20:unable to get local issuer certificate but I don't even knwo if that's a valid, relevant test for passync. do I need that to run error free in both directions? do I need to add an argument to make sure it's using the same DBs as the passsync pocess? ---------- Forwarded message ---------- From: Nate Marks <[email protected]> Date: Sat, Dec 22, 2012 at 2:19 PM Subject: passsync ssl help? To: [email protected] I've got a default freeipa installation. account sync is working great. passsync makes me sad. here are the passsync settings: hostname: <FQDN of the freeipa server> port: 636 username: uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx> password: <password> cert token : tried it with and without the /etc/dirsrv/slapd-instance/pwdfile.txt contents serach base=cn=users,cn=accounts,dc=inframax,dc=ncare I cheked the passsync acocunt/pass work with ldp (not ssl) and it worked fine. it looks like I correctly imported the cert from my freeipa server into the db in program files\389 directory server I just keep getting : ldap bind error in connect 81: can't contact ldap server can not connect to ldap server in syncpassowrds I'd really appreciate some help. I've also disabled UAC.
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
