>> [root@ipadc1 cacerts]# ipa-replica-manage connect --winsync --binddn
>> "cn=ad sync,cn=Users,dc=test,dc=mycompany,dc=net" --bindpw
>> supersecretpassword --passsync supersecretpassword --cacert
>> /etc/openldap/cacerts/addc2-test.cer addc2.test.mycompany.net -v
>> Directory Manager password:
>>
>> Added CA certificate /etc/openldap/cacerts/addc2-test.cer to certificate
>> database for ipadc1.ipadomain.net
>> ipa: INFO: AD Suffix is: DC=test,DC=mycompany,DC=net
>> The user for the Windows PassSync service is
>> uid=passsync,cn=sysaccounts,cn=etc,dc=ipadomain,dc=net
>> Windows PassSync system account exists, not resetting password
>> ipa: INFO: Added new sync agreement, waiting for it to become ready . .
>> .
>> ipa: INFO: Replication Update in progress: FALSE: status: -11  - LDAP
>> error: Connect error: start: 0: end: 0
>> ipa: INFO: Agreement is ready, starting replication . . .
>> Starting replication, please wait until this has completed.
>>
>> [ipadc1.ipadomain.net] reports: Update failed! Status: [-11  - LDAP
>> error:
>> Connect error]
>
> Have you tried using ldapsearch to verify the connection?
>
> # LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLL -ZZ -h
> addc2.test.mycompany.net -D "cn=ad
> sync,cn=Users,dc=test,dc=mycompany,dc=net" -w
> "supersecretpassword" -s base -b "cn=Users,dc=test,dc=mycompany,dc=net"
> "objectclass=*"
>
> and/or
>
> # LDAPTLS_CACERT=/etc/openldap/cacerts/addc2-test.cer  ldapsearch -xLLL
> -ZZ -h addc2.test.mycompany.net -D "cn=ad
> sync,cn=Users,dc=test,dc=mycompany,dc=net" -w
> "supersecretpassword" -s base -b "cn=Users,dc=test,dc=mycompany,dc=net"
> "objectclass=*"
>

Both commands give the same successful result.  I don't think it's a
problem with the credentials because I was able to generate different
error messages during the attempted sync setup if I intentionally gave a
bad password or username.  Here is what happens when I run the above
commands :

[root@ipadc1 cacerts]# LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM
ldapsearch -xLLL -ZZ -h addc2.test.mycompany.net -D "cn=ad
sync,cn=Users,dc=test,dc=mycompany,dc=net" -w "supersecretpassword" -s
base -b "cn=Users,dc=test,dc=mycompany,dc=net" "objectclass=*"
dn: cn=Users,dc=test,dc=mycompany,dc=net
objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
distinguishedName: CN=Users,DC=test,DC=mycompany,DC=net
instanceType: 4
whenCreated: 20150515024307.0Z
whenChanged: 20150515024307.0Z
uSNCreated: 5696
uSNChanged: 5696
showInAdvancedViewOnly: FALSE
name: Users
objectGUID:: V9KaoufynkWbJpSo2PjxiA==
systemFlags: -1946157056
objectCategory:
CN=Container,CN=Schema,CN=Configuration,DC=test,DC=mycompany,DC=net
isCriticalSystemObject: TRUE
dSCorePropagationData: 20150515025646.0Z
dSCorePropagationData: 16010101000001.0Z

[root@ipadc1 cacerts]# LDAPTLS_CACERT=/etc/openldap/cacerts/addc2-test.cer
ldapsearch -xLLL -ZZ -h addc2.test.mycompany.net -D "cn=ad
sync,cn=Users,dc=test,dc=mycompany,dc=net" -w "supersecretpassword" -s
base -b "cn=Users,dc=test,dc=mycompany,dc=net" "objectclass=*"
dn: cn=Users,dc=test,dc=mycompany,dc=net
objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
distinguishedName: CN=Users,DC=test,DC=mycompany,DC=net
instanceType: 4
whenCreated: 20150515024307.0Z
whenChanged: 20150515024307.0Z
uSNCreated: 5696
uSNChanged: 5696
showInAdvancedViewOnly: FALSE
name: Users
objectGUID:: V9KaoufynkWbJpSo2PjxiA==
systemFlags: -1946157056
objectCategory:
CN=Container,CN=Schema,CN=Configuration,DC=test,DC=mycompany,DC=net
isCriticalSystemObject: TRUE
dSCorePropagationData: 20150515025646.0Z
dSCorePropagationData: 16010101000001.0Z



-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to