On 02/10/2015 11:21 AM, Prady Dash wrote:

Hi,

I am using the below version :

ipa-server-3.0.0-42.el6.x86_64

What I want is to integrate AD with FreeIPA so in case of AD failure FreeIPA should able to handle the requests( might be temporary such as cache or something like that ).


This is not the use case that would be easy to make work.
So are you planning to configure SSSD on clients to use AD and IPA domains in parallel?

Regards,

/Prady

*From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal
*Sent:* 10 February 2015 16:07
*To:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] LDAP Connection error while Integrating AD with FreeIPA

On 02/10/2015 10:59 AM, Prady Dash wrote:

    Hi,

    I am trying to integrate AD with FreeIPA.  I was following the
    below document.

    https://www.freeipa.org/images/2/2b/Installation_and_Deployment_Guide.pdf

    While configuring am facing the below error.

    /[root@appserver2 ~]# ipa-replica-manage connect --winsync
    --binddn cn=Administrator,cn=users,dc=abc,dc=local --bindpw
    XXXXXXX --passsync XXXXXX  --passsync XXXXXXX --cacert
    /etc/openldap/certs/abc.cer ad.abc.local -v/

    /Directory Manager password:/

    //

    /Added CA certificate /etc/openldap/certs/ abc.cer to certificate
    database for appserver2.qinec.com/

    /ipa: INFO: AD Suffix is: DC=abc,DC=local/

    /The user for the Windows PassSync service is
    uid=passsync,cn=sysaccounts,cn=etc,dc=xyz,dc=com/

    /Windows PassSync entry exists, not resetting password/

    /ipa: INFO: Added new sync agreement, waiting for it to become
    ready . . ./

    /ipa: INFO: Replication Update in progress: FALSE: status: -11  -
    LDAP error: Connect error: start: 0: end: 0/

    /ipa: INFO: Agreement is ready, starting replication . . ./

    /Starting replication, please wait until this has completed./

    /[appserver2.abc.com] reports: Update failed! Status: [-11  - LDAP
    error: Connect error]/

    /Failed to start replication/

    //

    Please suggest.

    Regards,

    /Prady



This is a very old documentation.
Please use the latest documentation on the Red Hat portal.
What IPA version and platform are you using?
Do you really want to sync users? Have you considered a trust? Are you aware of that option which is preferred now?


--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to