I'm pretty sure this is an ssl problem, but the steps for troubleshooting
in the 389 server docs don't seem to work well here.  I think they use a
different version of ldapsearch that seems to allow me to specify the
location of my cert db.  the ldapsearch  I'm using doesn't work that way.

The question then, is how to test ssl for passsync  with freeipa. I try to
run this on my freeipa server:
openssl s_client -connect <ad domaincontroller>:636
and I get: verify error:num=20:unable to get local issuer certificate
 but I don't even knwo if that's a valid, relevant test for passync.

do I need that to run  error free in both directions?  do I need to add an
argument to make sure it's using the same DBs as the  passsync pocess?

---------- Forwarded message ----------
From: Nate Marks <npma...@gmail.com>
Date: Sat, Dec 22, 2012 at 2:19 PM
Subject: passsync ssl help?
To: freeipa-users@redhat.com

I've got a default freeipa installation.  account sync is working great.
passsync makes me sad.
here are the passsync settings:

hostname: <FQDN of the freeipa server>
port: 636
username: uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx>
password: <password>
cert token :  tried it with and without the
/etc/dirsrv/slapd-instance/pwdfile.txt contents
serach base=cn=users,cn=accounts,dc=inframax,dc=ncare

I cheked the passsync acocunt/pass work with ldp  (not ssl) and it worked

it looks like  I correctly imported the cert  from my freeipa server   into
the db in program files\389 directory server

I just keep getting :
ldap bind error in connect
81: can't contact ldap server
can not connect to ldap server in syncpassowrds

I'd really appreciate some help.
I've also disabled UAC.
Freeipa-users mailing list

Reply via email to