Hello,
This is the approach I have followed till now:
I edited /etc/openldap/ldap.conf as follow:
TLS_REQCERT allow
after restarting of dirsrv and using Active directoy's CA file in --cacert
switch it procceded making Sync agreement but failed to do update with this
error:
NSMMReplicationPlugin -
Dear Rob,
Thanks for your response:
> Yes but which cert did you provider, the root CA contoso.com or the
subordinate CA local.dc?
Actually I was using active directory's certificate with --cacert switch in
ipa-replica-manage
Thanks to info you gave me about NSS I changed the approach.
first:
Please keep responses on the list
mitra dehghan wrote:
> Thank you for your response.
> -First of all in section 15.5.1 of Red hat Enterprise Linux 6 Identity
> Management guide it says to copy both ad and IPA certificates in
> /etc/openldap/certs and i did the same. of course it worked when i
mitra dehghan wrote:
> hello,
> I want to implement and IPA server and Sync it with my 2012 ms ad. While
> things go well using an internal CA in each server, I came across kind
> of problem when I want integrate solution with my PKI which is already
> serving the AD server.
> I can install IPA
hello,
I want to implement and IPA server and Sync it with my 2012 ms ad. While
things go well using an internal CA in each server, I came across kind of
problem when I want integrate solution with my PKI which is already serving
the AD server.
I can install IPA with --external-ca switch. but when