On 12/23/2012 08:56 AM, Nate Marks wrote:
> I'm pretty sure this is an ssl problem, but the steps for
> troubleshooting in the 389 server docs don't seem to work well here. 
> I think they use a different version of ldapsearch that seems to allow
> me to specify the location of my cert db.  the ldapsearch  I'm using
> doesn't work that way.
>
> The question then, is how to test ssl for passsync  with freeipa. I
> try to run this on my freeipa server:
> openssl s_client -connect <ad domaincontroller>:636
> and I get: verify error:num=20:unable to get local issuer certificate
>  but I don't even knwo if that's a valid, relevant test for passync.
>
> do I need that to run  error free in both directions?  do I need to
> add an argument to make sure it's using the same DBs as the  passsync
> pocess?

I am sorry but most likely you would not hear from us till new year. All
knowledgeable people in this area are on vacation next week.

Thanks
Dmitri
>
>
> ---------- Forwarded message ----------
> From: *Nate Marks* <npma...@gmail.com <mailto:npma...@gmail.com>>
> Date: Sat, Dec 22, 2012 at 2:19 PM
> Subject: passsync ssl help?
> To: freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>
>
>
> I've got a default freeipa installation.  account sync is working
> great.  passsync makes me sad.
> here are the passsync settings:
>
> hostname: <FQDN of the freeipa server>
> port: 636
> username: uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx>
> password: <password>
> cert token :  tried it with and without the
> /etc/dirsrv/slapd-instance/pwdfile.txt contents
> serach base=cn=users,cn=accounts,dc=inframax,dc=ncare
>
>
> I cheked the passsync acocunt/pass work with ldp  (not ssl) and it
> worked fine.
>
>
> it looks like  I correctly imported the cert  from my freeipa server  
> into the db in program files\389 directory server
>
> I just keep getting :
> ldap bind error in connect
> 81: can't contact ldap server
> can not connect to ldap server in syncpassowrds
>
> I'd really appreciate some help. 
> I've also disabled UAC.
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to