Hi, we are trying to import user accounts from OpenLDAP+TLS service to IPA.
Current ipa packages are: [root@ipa01 alias]# rpm -qa | grep ipa ipa-server-3.0.0-25.el6.x86_64 python-iniparse-0.3.1-2.1.el6.noarch ipa-pki-ca-theme-9.0.3-7.el6.noarch libipa_hbac-1.9.2-82.4.el6_4.x86_64 libipa_hbac-python-1.9.2-82.4.el6_4.x86_64 ipa-admintools-3.0.0-25.el6.x86_64 ipa-server-selinux-3.0.0-25.el6.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-python-3.0.0-25.el6.x86_64 ipa-client-3.0.0-25.el6.x86_64 And we have started the process by configuring the IPA server and enabling migration as follows: ipa-server-install kinit admin ipa config-mod --enable-migration=TRUE But after this, we have problems when importing the LDAP information from ldap1-test.pic.es (which is the OpenLDAP+TLS server): [root@ipa01 alias]# ipa migrate-ds --bind-dn='cn=authenticate,ou=System,dc=pic,dc=es' --base-dn='dc=pic,dc=es' --user-container='ou=People,dc=pic,dc=es' --group-container='ou=Group,dc=pic,dc=es' ldap://ldap1-test.pic.es:389 Password: ipa: ERROR: Confidentiality required: confidentiality required [root@ipa01 alias]# ipa migrate-ds --bind-dn='cn=authenticate,ou=System,dc=pic,dc=es' --base-dn='dc=pic,dc=es' --user-container='ou=People,dc=pic,dc=es' --group-container='ou=Group,dc=pic,dc=es' ldaps://ldap1-test.pic.es Password: ipa: ERROR: cannot connect to u'ldaps://ldap1-test.pic.es': LDAP Server Down Both, 389 and 636 ports, are running and working and available for diferent clients. I also tried by importing the TLS certificate to the httpd service and restarting the services: certutil -A -d /etc/httpd/alias -n 'TERENASSLCA' -t CT,C,C -a < /etc/ssl/certs/TERENASSLCA.crt service httpd restart /etc/ssl/certs/TERENASSLCA.crt is the certificate used in all server machines accessing to the LDAP service, so the one configured in the OpenLDAP+TLS server. Any idea what's wrong? How can I import OpenLDAP+TLS accounts to IPA? Thanks a lot and best regards, -- Marc Caubet Serrabou PIC (Port d'Informació CientÃfica) Campus UAB, Edificio D E-08193 Bellaterra, Barcelona Tel: +34 93 581 33 22 Fax: +34 93 581 41 10 http://www.pic.es Avis - Aviso - Legal Notice: http://www.ifae.es/legal.html
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
