thank you Rich for all your help as I am inclined to think its a cert issue as 
well

so I ran the new command, and there are some lines that stick out to me in 
reference to the cert:

[r...@idm-master-els.ops.boingo.com ~]$ 
LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -d 1 -xLLLZZ -h 
adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w 
"g0_b0ing0" -s base -b "cn=Users,dc=bwinc,dc=local" "objectclass=*" dn
ldap_create
ldap_url_parse_ext(ldap://adc13-els.bwinc.local)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP adc13-els.bwinc.local:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 172.22.170.13:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 3
ldap_result ld 0x25c4210 msgid 1
wait4msg ld 0x25c4210 msgid 1 (infinite timeout)
wait4msg continue ld 0x25c4210 msgid 1 all 1
** ld 0x25c4210 Connections:
* host: adc13-els.bwinc.local  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Thu Mar 13 20:44:41 2014


** ld 0x25c4210 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x25c4210 request count 1 (abandoned 0)
** ld 0x25c4210 Response Queue:
   Empty
  ld 0x25c4210 response count 0
ldap_chkResponseList ld 0x25c4210 msgid 1 all 1
ldap_chkResponseList returns ld 0x25c4210 NULL
ldap_int_select
read1msg: ld 0x25c4210 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 40 contents:
read1msg: ld 0x25c4210 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x25c4210 0 new referrals
read1msg:  mark request completed, ld 0x25c4210 msgid 1
request done: ld 0x25c4210 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ber_scanf fmt (a) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
TLS: certdb config: configDir='/etc/dirsrv/slapd-OPS-BOINGO-COM' 
tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly
TLS: using moznss security dir /etc/dirsrv/slapd-OPS-BOINGO-COM prefix .
TLS: error: the certificate file /etc/openldap/cacerts/ is not a file.
TLS: /etc/openldap/cacerts/ is not a valid CA certificate file - error 
-5953:Cannot perform a normal file operation on a directory.
TLS: certificate [CN=ADC13-ELS.BWINC.local] is not valid - error -8179:Peer's 
Certificate issuer is not recognized..
TLS certificate verification: subject: CN=ADC13-ELS.BWINC.local, issuer: 
CN=BoingoWirelessCA,DC=BWINC,DC=local, cipher: AES-128, security level: high, 
secret key bits: 128, total key bits: 128, cache hits: 0, cache misses: 0, 
cache not reusable: 0
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 61 bytes to sd 3
ldap_result ld 0x25c4210 msgid 2
wait4msg ld 0x25c4210 msgid 2 (infinite timeout)
wait4msg continue ld 0x25c4210 msgid 2 all 1
** ld 0x25c4210 Connections:
* host: adc13-els.bwinc.local  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Thu Mar 13 20:44:41 2014


** ld 0x25c4210 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x25c4210 request count 1 (abandoned 0)
** ld 0x25c4210 Response Queue:
   Empty
  ld 0x25c4210 response count 0
ldap_chkResponseList ld 0x25c4210 msgid 2 all 1
ldap_chkResponseList returns ld 0x25c4210 NULL
ldap_int_select
read1msg: ld 0x25c4210 msgid 2 all 1
ber_get_next
ber_get_next: tag 0x30 len 16 contents:
read1msg: ld 0x25c4210 msgid 2 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x25c4210 0 new referrals
read1msg:  mark request completed, ld 0x25c4210 msgid 2
request done: ld 0x25c4210 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_search_ext
put_filter: "objectclass=*"
put_filter: default
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 69 bytes to sd 3
ldap_result ld 0x25c4210 msgid -1
wait4msg ld 0x25c4210 msgid -1 (infinite timeout)
wait4msg continue ld 0x25c4210 msgid -1 all 0
** ld 0x25c4210 Connections:
* host: adc13-els.bwinc.local  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Thu Mar 13 20:44:41 2014


** ld 0x25c4210 Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x25c4210 request count 1 (abandoned 0)
** ld 0x25c4210 Response Queue:
   Empty
  ld 0x25c4210 response count 0
ldap_chkResponseList ld 0x25c4210 msgid -1 all 0
ldap_chkResponseList returns ld 0x25c4210 NULL
ldap_int_select
read1msg: ld 0x25c4210 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 43 contents:
read1msg: ld 0x25c4210 msgid 3 message type search-entry
ldap_get_dn_ber
ber_scanf fmt ({ml{) ber:
dn: cn=Users,dc=bwinc,dc=local
ber_scanf fmt ({xx) ber:
ldap_get_attribute_ber
ldap_msgfree
ldap_result ld 0x25c4210 msgid -1
wait4msg ld 0x25c4210 msgid -1 (infinite timeout)
wait4msg continue ld 0x25c4210 msgid -1 all 0
** ld 0x25c4210 Connections:
* host: adc13-els.bwinc.local  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Thu Mar 13 20:44:41 2014


** ld 0x25c4210 Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x25c4210 request count 1 (abandoned 0)
** ld 0x25c4210 Response Queue:
   Empty
  ld 0x25c4210 response count 0
ldap_chkResponseList ld 0x25c4210 msgid -1 all 0
ldap_chkResponseList returns ld 0x25c4210 NULL
read1msg: ld 0x25c4210 msgid -1 all 0
ber_get_next
ber_get_next: tag 0x30 len 16 contents:
read1msg: ld 0x25c4210 msgid 3 message type search-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x25c4210 0 new referrals
read1msg:  mark request completed, ld 0x25c4210 msgid 3
request done: ld 0x25c4210 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)

ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
ldap_free_connection: actually freed

________________________________
From: Rich Megginson [rmegg...@redhat.com]
Sent: Thursday, March 13, 2014 1:29 PM
To: Todd Maugh; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

On 03/13/2014 01:58 PM, Todd Maugh wrote:
I believe they are.

so here is the out put of the log. it was showing those errors, I deleted the 
wynsync agreement and then restarted ipa and then readded the winsync and the 
errors returned. could this be a cert issue?

[13/Mar/2014:19:48:20 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:19:48:44 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:19:49:32 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:19:51:08 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)

here I removed the winsync agreement :ipa-replica-manage del 
adc13-els.bwinc.local
then restartd ipa

ipactl restart

[13/Mar/2014:19:51:50 +0000] NSMMReplicationPlugin - agmt_delete: begin
[13/Mar/2014:19:51:59 +0000] - slapd shutting down - signaling operation threads
[13/Mar/2014:19:51:59 +0000] - slapd shutting down - waiting for 29 threads to 
terminate
[13/Mar/2014:19:51:59 +0000] - slapd shutting down - closing down internal 
subsystems and plugins
[13/Mar/2014:19:51:59 +0000] - Waiting for 4 database threads to stop
[13/Mar/2014:19:51:59 +0000] - All database threads now stopped
[13/Mar/2014:19:51:59 +0000] - slapd stopped.
[13/Mar/2014:19:52:14 +0000] - 389-Directory/1.2.11.15 B2013.337.1530 starting 
up
[13/Mar/2014:19:52:14 +0000] schema-compat-plugin - warning: no entries set up 
under cn=computers, cn=compat,dc=ops,dc=boingo,dc=com
[13/Mar/2014:19:52:14 +0000] schema-compat-plugin - warning: no entries set up 
under cn=ng, cn=compat,dc=ops,dc=boingo,dc=com
[13/Mar/2014:19:52:14 +0000] schema-compat-plugin - warning: no entries set up 
under ou=sudoers,dc=ops,dc=boingo,dc=com
[13/Mar/2014:19:52:14 +0000] - Skipping CoS Definition cn=Password 
Policy,cn=accounts,dc=ops,dc=boingo,dc=com--no CoS Templates found, which 
should be added before the CoS Definition.
[13/Mar/2014:19:52:14 +0000] set_krb5_creds - Could not get initial credentials 
for principal 
[ldap/idm-master-els.ops.boingo....@ops.boingo.com<mailto:ldap/idm-master-els.ops.boingo....@ops.boingo.com>]
 in keytab [FILE:/etc/dirsrv/ds.keytab<UrlBlockedError.aspx>]: -1765328324 
(Generic error (see e-text))
[13/Mar/2014:19:52:14 +0000] - Skipping CoS Definition cn=Password 
Policy,cn=accounts,dc=ops,dc=boingo,dc=com--no CoS Templates found, which 
should be added before the CoS Definition.
[13/Mar/2014:19:52:14 +0000] slapd_ldap_sasl_interactive_bind - Error: could 
not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local 
error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  
Minor code may provide more information (Credentials cache file 
'/tmp/krb5cc_495' not found)) errno 0 (Success)
[13/Mar/2014:19:52:14 +0000] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
[13/Mar/2014:19:52:14 +0000] NSMMReplicationPlugin - 
agmt="cn=meToidm-rep01-els.ops.boingo.com" (idm-rep01-els:389): Replication 
bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic 
failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more 
information (Credentials cache file '/tmp/krb5cc_495' not found))
[13/Mar/2014:19:52:14 +0000] - slapd started.  Listening on All Interfaces port 
389 for LDAP requests
[13/Mar/2014:19:52:14 +0000] - Listening on All Interfaces port 636 for LDAPS 
requests
[13/Mar/2014:19:52:14 +0000] - Listening on 
/var/run/slapd-OPS-BOINGO-COM.socket for LDAPI requests
[13/Mar/2014:19:52:18 +0000] NSMMReplicationPlugin - 
agmt="cn=meToidm-rep01-els.ops.boingo.com" (idm-rep01-els:389): Replication 
bind with GSSAPI auth resumed

here i added the winsync agreement again

[13/Mar/2014:19:53:16 +0000] - slapd shutting down - signaling operation threads
[13/Mar/2014:19:53:16 +0000] - slapd shutting down - waiting for 30 threads to 
terminate
[13/Mar/2014:19:53:16 +0000] - slapd shutting down - closing down internal 
subsystems and plugins
[13/Mar/2014:19:53:16 +0000] - Waiting for 4 database threads to stop
[13/Mar/2014:19:53:16 +0000] - All database threads now stopped
[13/Mar/2014:19:53:16 +0000] - slapd stopped.
[13/Mar/2014:19:53:20 +0000] - 389-Directory/1.2.11.15 B2013.337.1530 starting 
up
[13/Mar/2014:19:53:20 +0000] schema-compat-plugin - warning: no entries set up 
under cn=computers, cn=compat,dc=ops,dc=boingo,dc=com
[13/Mar/2014:19:53:20 +0000] schema-compat-plugin - warning: no entries set up 
under cn=ng, cn=compat,dc=ops,dc=boingo,dc=com
[13/Mar/2014:19:53:20 +0000] schema-compat-plugin - warning: no entries set up 
under ou=sudoers,dc=ops,dc=boingo,dc=com
[13/Mar/2014:19:53:20 +0000] - Skipping CoS Definition cn=Password 
Policy,cn=accounts,dc=ops,dc=boingo,dc=com--no CoS Templates found, which 
should be added before the CoS Definition.
[13/Mar/2014:19:53:20 +0000] - Skipping CoS Definition cn=Password 
Policy,cn=accounts,dc=ops,dc=boingo,dc=com--no CoS Templates found, which 
should be added before the CoS Definition.
[13/Mar/2014:19:53:20 +0000] - slapd started.  Listening on All Interfaces port 
389 for LDAP requests
[13/Mar/2014:19:53:20 +0000] - Listening on All Interfaces port 636 for LDAPS 
requests
[13/Mar/2014:19:53:20 +0000] - Listening on 
/var/run/slapd-OPS-BOINGO-COM.socket for LDAPI requests
[13/Mar/2014:19:53:22 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:19:53:22 +0000] NSMMReplicationPlugin - 
agmt="cn=meToadc13-els.bwinc.local" (adc13-els:389): Replication bind with 
SIMPLE auth failed: LDAP error -11 (Connect error) (TLS error -8179:Peer's 
Certificate issuer is not recognized.)

This is seems like a cert issue.  "Peer's" the AD server "Certificate issuer" 
the CA that issued the AD server cert "is not recognized" IdM has no knowledge 
of the CA cert.

But you verified that ldapsearch was working?  LDAPTLS_CACERTDIR tells 
ldapsearch to use /etc/dirsrv/slapd-OPS-BOINGO-COM, which is the same as 
winsync is using.

Try doing the ldapsearch again, like this:

[r...@idm-master-els.ops.boingo.com<mailto:r...@idm-master-els.ops.boingo.com> 
cacerts]$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -d 1 
-xLLLZZ -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w 
"XXXXXX"  -s base -b "cn=Users,dc=bwinc,dc=local" "objectclass=*" dn

The -d 1 will make it spew debugging information.  Perhaps ldapsearch is 
picking up some option from /etc/openldap/ldap.conf or ~/.ldaprc which tells it 
to ignore certificate verification.

[13/Mar/2014:19:53:22 +0000] - Entry 
"cn=meToadc13-els.bwinc.local,cn=replica,cn=dc\3Dops\2Cdc\3Dboingo\2Cdc\3Dcom,cn=mapping
 tree,cn=config" -- attribute "nsDS5ReplicatedAttributeListTotal" not allowed
[13/Mar/2014:19:53:22 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:19:53:22 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:19:53:24 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:19:53:24 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:19:53:25 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)


________________________________
From: Rich Megginson [rmegg...@redhat.com<mailto:rmegg...@redhat.com>]
Sent: Thursday, March 13, 2014 12:05 PM
To: Todd Maugh; freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

On 03/13/2014 12:50 PM, Todd Maugh wrote:
Ok the error I see repeated in the log is

[13/Mar/2014:18:41:21 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:43:11 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:43:14 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:43:20 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:43:32 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:43:56 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:44:30 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -1 (Can't contact LDAP server) errno 0 (Success)
[13/Mar/2014:18:44:33 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:44:44 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:46:20 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:47:29 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:47:32 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:47:38 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:47:50 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:48:11 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:48:14 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:48:20 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:48:32 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[13/Mar/2014:18:48:56 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[r...@idm-master-els.ops.boingo.com<mailto:r...@idm-master-els.ops.boingo.com> 
cacerts]$

Are all of these associated with the winsync agreement?


________________________________
From: Rich Megginson [rmegg...@redhat.com<mailto:rmegg...@redhat.com>]
Sent: Thursday, March 13, 2014 11:43 AM
To: Todd Maugh; freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

On 03/13/2014 12:29 PM, Todd Maugh wrote:
ok so I ran that and Get this output

Ok.  Next, take a look at /var/log/dirsrv/slapd-OPS-BOINGO-COM/errors



[r...@idm-master-els.ops.boingo.com<mailto:r...@idm-master-els.ops.boingo.com> 
cacerts]$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ 
-h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w 
"XXXXXX"  -s base -b "cn=Users,dc=bwinc,dc=local"
dn: cn=Users,dc=bwinc,dc=local
objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
distinguishedName: CN=Users,DC=BWINC,DC=local
instanceType: 4
whenCreated: 20060824234034.0Z
whenChanged: 20140306190741.0Z
uSNCreated: 17702
uSNChanged: 17702
showInAdvancedViewOnly: FALSE
name: Users
objectGUID:: kCZ7CbnIZk+0GpmCr3PCfw==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=BWINC,DC=local
isCriticalSystemObject: TRUE
dSCorePropagationData: 20140306234416.0Z
dSCorePropagationData: 20140306234348.0Z
dSCorePropagationData: 20140306225101.0Z
dSCorePropagationData: 20140306225055.0Z
dSCorePropagationData: 16010101000000.0Z

________________________________
From: Rich Megginson [rmegg...@redhat.com<mailto:rmegg...@redhat.com>]
Sent: Wednesday, March 12, 2014 3:47 PM
To: Todd Maugh; freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

On 03/12/2014 04:39 PM, Todd Maugh wrote:
thanks Rich,

when I run that  I get the following:


[r...@idm-master-els.ops.boingo.com<mailto:r...@idm-master-els.ops.boingo.com> 
ipa]$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ -h 
adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" s 
base -b "cn=Users,dc=bwinc,dc=local"
ldap_bind: Invalid credentials (49)

Invalid credentials almost always means your password "XXXXXX" is not correct 
for user "cn=idmadmin,cn=Users,dc=bwinc,dc=local"

    additional info: 80090308: LdapErr: DSID-0C0903C5, comment: 
AcceptSecurityContext error, data 52e, v2580



________________________________
From: Rich Megginson [rmegg...@redhat.com<mailto:rmegg...@redhat.com>]
Sent: Wednesday, March 12, 2014 3:30 PM
To: Todd Maugh; freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

On 03/12/2014 04:18 PM, Todd Maugh wrote:
Hello.

I'm using latest IPA build on red hat 6.5

I retrieved my CA cert from the AD Domain controller

I try to set up my winsyncagreement and I am getting this



[r...@idm-master-els.ops.boingo.com<mailto:r...@idm-master-els.ops.boingo.com> 
ipa]$ ipa-replica-manage connect --winsync --binddn "cn=idmadmin, cn=Users, 
dc=bwinc, dc=local" --bindpw "XXXXXX" --passsync "XXXXXX" 
--cacert=/etc/openldap/cacerts/ADC13-ELS.CA.cer adc13-els.bwinc.local
Directory Manager password:

Added CA certificate /etc/openldap/cacerts/ADC13-ELS.CA.cer to certificate 
database for idm-master-els.ops.boingo.com
ipa: INFO: Failed to connect to AD server adc13-els.bwinc.local
ipa: INFO: The error was: {'info': '80090308: LdapErr: DSID-0C0903C5, comment: 
AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'}
Failed to setup winsync replication


not sure where to look for the logs for this to see what the invalivd 
credentials are or wether this might still be a cert issue or a log in issue or 
what not?

You can test with ldapsearch like this:

$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLLZZ -h 
adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" 
-s base -b "cn=Users,dc=bwinc,dc=local"



Thanks in advance for the help

-Todd





_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users





_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to