[Freeipa-users] AD Sync Error

Rich Megginson rmeggins at redhat.com
Wed Feb 24 15:20:56 UTC 2010 

Shan Kumaraswamy wrote:
> Dear All,
> I am facing the AD Sync issue with FreeIPA to Active Directory, and as 
> per the redhat-ds doc I have done all the settings from AD front. 
> please help me to resolve this issue. And find the below error message:
>  
> [root at sbttipa001 ~]# ipa-replica-manage add --winsync --binddn 
> CN=ipaadmin,CN=users,DC=bmitest,DC=com --bindpw secretpw --ca cert 
> /etc/dirsrv/slapd-BMITEST-COM/adsync.cer sbtaddc001.bmitest.com 
> <http://sbtaddc001.bmitest.com> -v --passsync bmi.123
> Directory Manager password:
> INFO:root:Shutting down dirsrv:
>     BMITEST-COM...                                         [  OK  ]
> INFO:root:
> INFO:root:
> INFO:root:
> INFO:root:Starting dirsrv:
>     BMITEST-COM...                                         [  OK  ]
> INFO:root:
> INFO:root:Added CA certificate 
> /etc/dirsrv/slapd-BMITEST-COM/adsync.cer to certificate database for 
> sbttipa001.bmitest.com <http://sbttipa001.bmitest.com>
> INFO:root:Restarted directory server sbttipa001.bmitest.com 
> <http://sbttipa001.bmitest.com>
> INFO:root:Could not validate connection to remote server 
> sbtaddc001.bmitest.com:636 <http://sbtaddc001.bmitest.com:636> - 
> continuing
> INFO:root:The error was: {'info': 'error:14090086:SSL 
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', 'desc 
> ': "Can't contact LDAP server"}
> The user for the Windows PassSync service is 
> uid=passsync,cn=sysaccounts,cn=etc,dc=bmitest,dc=com
> Windows PassSync entry exists, not resetting password
> INFO:root:Added new sync agreement, waiting for it to become ready . . .
> INFO:root:Replication Update in progress: FALSE: status: 49  - LDAP 
> error: Invalid credentials: start: 0: end: 0
> INFO:root:Agreement is ready, starting replication . . .
> Starting replication, please wait until this has completed.
> [sbttipa001.bmitest.com <http://sbttipa001.bmitest.com>] reports: 
> Update failed! Status: [49  - LDAP error: Invalid credentials]
> INFO:root:Added agreement for other host sbtaddc001.bmitest.com 
> <http://sbtaddc001.bmitest.com>
Error 49 usually means the password is not correct.  You can use mozldap 
ldapsearch to test the connection like this:

/usr/lib/mozldap/ldapsearch -h dchost -p 636 -Z -P 
/etc/dirsrv/slapd-BMITEST-COM/cert8.db -D 
CN=ipaadmin,CN=users,DC=bmitest,DC=com -w "secretpw" -s base -b "" 
"objectclass=*"
>  
>
> -- 
> Thanks & Regards
> Shan Kumaraswamy
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list