Of course. No need to apologize at all. I'm grateful for all the support
I've already received.  Please enjoy the holidays and respond at your
leisure
On Dec 23, 2012 2:03 PM, "Dmitri Pal" <d...@redhat.com> wrote:

>  On 12/23/2012 08:56 AM, Nate Marks wrote:
>
> I'm pretty sure this is an ssl problem, but the steps for troubleshooting
> in the 389 server docs don't seem to work well here.  I think they use a
> different version of ldapsearch that seems to allow me to specify the
> location of my cert db.  the ldapsearch  I'm using doesn't work that way.
>
> The question then, is how to test ssl for passsync  with freeipa. I try to
> run this on my freeipa server:
> openssl s_client -connect <ad domaincontroller>:636
> and I get: verify error:num=20:unable to get local issuer certificate
>  but I don't even knwo if that's a valid, relevant test for passync.
>
> do I need that to run  error free in both directions?  do I need to add an
> argument to make sure it's using the same DBs as the  passsync pocess?
>
>
> I am sorry but most likely you would not hear from us till new year. All
> knowledgeable people in this area are on vacation next week.
>
> Thanks
> Dmitri
>
>
>
> ---------- Forwarded message ----------
> From: Nate Marks <npma...@gmail.com>
> Date: Sat, Dec 22, 2012 at 2:19 PM
> Subject: passsync ssl help?
> To: freeipa-users@redhat.com
>
>
> I've got a default freeipa installation.  account sync is working great.
> passsync makes me sad.
> here are the passsync settings:
>
> hostname: <FQDN of the freeipa server>
> port: 636
> username: uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx>
> password: <password>
> cert token :  tried it with and without the
> /etc/dirsrv/slapd-instance/pwdfile.txt contents
> serach base=cn=users,cn=accounts,dc=inframax,dc=ncare
>
>
> I cheked the passsync acocunt/pass work with ldp  (not ssl) and it worked
> fine.
>
>
> it looks like  I correctly imported the cert  from my freeipa server
> into the db in program files\389 directory server
>
> I just keep getting :
> ldap bind error in connect
> 81: can't contact ldap server
> can not connect to ldap server in syncpassowrds
>
> I'd really appreciate some help.
> I've also disabled UAC.
>
>
>
> _______________________________________________
> Freeipa-users mailing 
> listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to