[Freeipa-users] IPA AD Sync error
Rich Megginson
rmeggins at redhat.com
Mon Sep 20 15:31:56 UTC 2010
Shan Kumaraswamy wrote:
> Rich,
> I am again facing some issue with IPA+AD Sync and I tested all the levels:
>
>
> Windows PassSync entry exists, not resetting password
> INFO:root:Added new sync agreement, waiting for it to become ready . . .
> INFO:root:Replication Update in progress: FALSE: status: 81 - LDAP
> error: Can't contact LDAP server: start: 0: end: 0
> INFO:root:Agreement is ready, starting replication . . .
> Starting replication, please wait until this has completed.
> [saprhds001.bmibank.com <http://saprhds001.bmibank.com>] reports:
> Update failed! Status: [81 - LDAP error: Can't contact LDAP server]
> I have imported right CA to IPA box and the out put is:
>
> Certificate Nickname Trust
> Attributes
>
> SSL,S/MIME,JAR/XPI
> CA certificate CTu,u,Cu
> Imported CA CT,,C
> Server-Cert u,u,u
>
> And also I done the openssl s_client option too, but no luck.
What exactly did you do? with openssl s_client?
Did you try
/usr/lib64/mozldap/ldapsearch -h fqdn.of.ad.hostname -Z -P
/etc/dirsrv/slapd-YOURINSTANCE/cert8.db -s base -b "" "objectclass=*"
LDAPTLS_CACERT=/path/to/adcacert.asc ldapsearch -d 1 -x -h
fqdn.of.ad.hostname -p 389 -Z -s base -b ""
> Without cert when I try ldap search its gives out put. but with cert
> (AD CA) through error.
>
> Please help me fix this issue.
>
>
>
> --
> Thanks & Regards
> Shan Kumaraswamy
>
More information about the Freeipa-users
mailing list