Thank you for your response Martin !

This restriction is due to the architecture of the in place network.

This is sadly not something that I can change.

Regards,


Nathan

On 09/23/2016 02:26 PM, Martin Babinsky wrote:
On 09/23/2016 01:09 PM, malo wrote:
Hello,


I am currently trying to setup the winsyncagreement  between my AD and
my FreeIPA servers. The network topology allows me to only connect the
FreeIPA server to the 636 port of AD, using TLS.

It seems that FreeIPA wants to connect to the port 389 using StartTLS
when I run the ipa-replica-manage command to create the winsync agreement.

I know that I can modify the parameters of the winsync agreement once it
is established, by modifying the cn=replica,cn=XXXXcom,cn=mapping
tree,cn=config elements.


But is there a way to specify the port as well as the protocol to use on
the first configuration of the winsync agreement ?


Thank you for your help,

Best regards,


Nathan M.

I am afraid that this is hardcoded in ipa-replica-manage and there is no way to force the command to use LDAPS connection.

Is there any particular reason why incoming connections on AD DC's port 389 are blocked in your network?


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to