Found the reason for the ldap search not working- when I created the AD
certificate role, I accidentally entered a new sub-domain so in stead of
the FQDN in the cert being csp-ad.pdh.csp it came out csp-ad.cspad.pdh.csp.
I updated DNS and now the ldap search seems to work-
ldif output--
On 01/25/2012 12:07 PM, Jimmy wrote:
Found the reason for the ldap search not working- when I created the
AD certificate role, I accidentally entered a new sub-domain so in
stead of the FQDN in the cert being csp-ad.pdh.csp it came out
csp-ad.cspad.pdh.csp. I updated DNS and now the ldap
Here's what I found in the DS admin guide. Is this all that's needed to
create the sync agreement? Thanks.
add sync agreement:
ldapmodify -x -D cn=Directory Manager -W
Enter LDAP Password: ***
dn: cn=ExampleSyncAgreement,cn=sync
replica,cn=dc=example\,dc=com,cn=mapping tree,cn=config
On 01/23/2012 10:19 AM, Jimmy wrote:
Here's what I found in the DS admin guide. Is this all that's needed
to create the sync agreement?
Not with ipa - you should use the ipa-replica-manage command instead
Thanks.
add sync agreement:
ldapmodify -x -D cn=Directory Manager -W
Enter LDAP
That's what I was thinking, and what I did, but it still doesn't replicate
new users. This is the command I used:
ipa-replica-manage connect --passsync --binddn
cn=winsync,cn=Users,dc=cspad,dc=pdh,dc=csp --bindpw= --cacert
/home/winsync/AD-server-cert.cer 192.168.201.150 -v
On Mon, Jan
I did create the winsync user and it is an admin.
I will fix the ip address(change to hostname,) I only did it that was
because this is currently a test system so I can figure out how to get it
all working.
On Mon, Jan 23, 2012 at 1:06 PM, Rich Megginson rmegg...@redhat.com wrote:
**
On
You are correct. I had installed as an Enterprise root, but the doc I was
reading(original link) seemed to say that I had to do the certreq manually,
my bad. I think I'm getting closer I can establish an openssl connection
from DS to AD but I get these errors:
openssl s_client -connect
Getting close here... Now I see this message in the sync log file:
attempting to sync password for testuser
searching for (ntuserdomainid=testuser)
ldap error in queryusername
32: no such object
deferring password change for testuser
On Fri, Jan 20, 2012 at 12:23 PM, Rich Megginson
On 01/20/2012 12:46 PM, Jimmy wrote:
Getting close here... Now I see this message in the sync log file:
attempting to sync password for testuser
searching for (ntuserdomainid=testuser)
ldap error in queryusername
32: no such object
deferring password change for testuser
This usually means the
That was it! I have passwords syncing, *BUT*(at the risk of sounding
stupid)-- is it not possible to also sync(add) the users from AD to DS? I
created a new user in AD and it doesn't propogate to DS, just says:
attempting to sync password for testuser3
searching for (ntuserdomainid=testuser3)
On 01/20/2012 01:08 PM, Jimmy wrote:
That was it! I have passwords syncing, *BUT*(at the risk of sounding
stupid)-- is it not possible to also sync(add) the users from AD to DS?
Yes, it is. Just configure IPA Windows Sync
I created a new user in AD and it doesn't propogate to DS, just says:
ok. I started from scratch this week on this and I think I've got the right
doc and understand better where this is going. My problem now is that when
configuring SSL on the AD server (step c in this url:
On 01/19/2012 02:59 PM, Jimmy wrote:
ok. I started from scratch this week on this and I think I've got the
right doc and understand better where this is going. My problem now is
that when configuring SSL on the AD server (step c in this url:
Just popping up to let y'all know I haven't dropped this, just got tied up
working on OpenCA and PacketFence. I'll answer Rich's question by Monday
and hopefully get this thing going.
On Wed, Jan 11, 2012 at 3:32 PM, Rich Megginson rmegg...@redhat.com wrote:
**
On 01/11/2012 11:22 AM, Jimmy
We need to be able to replicate user/pass between Windows 2008 AD and
FreeIPA. I have followed many different documents and posted here about it
and from what I've read and procedures I've followed we are unable to
accomplish this. It doesn't need to be a full trust.
Thanks
On Tue, Jan 10, 2012
On 01/11/2012 11:22 AM, Jimmy wrote:
We need to be able to replicate user/pass between Windows 2008 AD and
FreeIPA.
That's what IPA Windows Sync is supposed to do.
I have followed many different documents and posted here about it and
from what I've read and procedures I've followed we are
Just wondering if there was anyone listening on the list that might be
available for little work integrating FreeIPA with Active Directory
(preferrably in the south east US.) I hope this isn't against the list
rules, I just thought one of you guys could help or point me in the right
direction.
17 matches
Mail list logo