On 12/23/2012 08:56 AM, Nate Marks wrote: > I'm pretty sure this is an ssl problem, but the steps for > troubleshooting in the 389 server docs don't seem to work well here. > I think they use a different version of ldapsearch that seems to allow > me to specify the location of my cert db. the ldapsearch I'm using > doesn't work that way. > > The question then, is how to test ssl for passsync with freeipa. I > try to run this on my freeipa server: > openssl s_client -connect <ad domaincontroller>:636 > and I get: verify error:num=20:unable to get local issuer certificate > but I don't even knwo if that's a valid, relevant test for passync. > > do I need that to run error free in both directions? do I need to > add an argument to make sure it's using the same DBs as the passsync > pocess?
I am sorry but most likely you would not hear from us till new year. All knowledgeable people in this area are on vacation next week. Thanks Dmitri > > > ---------- Forwarded message ---------- > From: *Nate Marks* <npma...@gmail.com <mailto:npma...@gmail.com>> > Date: Sat, Dec 22, 2012 at 2:19 PM > Subject: passsync ssl help? > To: email@example.com <mailto:firstname.lastname@example.org> > > > I've got a default freeipa installation. account sync is working > great. passsync makes me sad. > here are the passsync settings: > > hostname: <FQDN of the freeipa server> > port: 636 > username: uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx> > password: <password> > cert token : tried it with and without the > /etc/dirsrv/slapd-instance/pwdfile.txt contents > serach base=cn=users,cn=accounts,dc=inframax,dc=ncare > > > I cheked the passsync acocunt/pass work with ldp (not ssl) and it > worked fine. > > > it looks like I correctly imported the cert from my freeipa server > into the db in program files\389 directory server > > I just keep getting : > ldap bind error in connect > 81: can't contact ldap server > can not connect to ldap server in syncpassowrds > > I'd really appreciate some help. > I've also disabled UAC. > > > > _______________________________________________ > Freeipa-users mailing list > Freeipaemail@example.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users