[Freeipa-users] Fwd: passsync ssl help?
Dmitri Pal
dpal at redhat.com
Sun Dec 23 19:02:10 UTC 2012
On 12/23/2012 08:56 AM, Nate Marks wrote:
> I'm pretty sure this is an ssl problem, but the steps for
> troubleshooting in the 389 server docs don't seem to work well here.
> I think they use a different version of ldapsearch that seems to allow
> me to specify the location of my cert db. the ldapsearch I'm using
> doesn't work that way.
>
> The question then, is how to test ssl for passsync with freeipa. I
> try to run this on my freeipa server:
> openssl s_client -connect <ad domaincontroller>:636
> and I get: verify error:num=20:unable to get local issuer certificate
> but I don't even knwo if that's a valid, relevant test for passync.
>
> do I need that to run error free in both directions? do I need to
> add an argument to make sure it's using the same DBs as the passsync
> pocess?
I am sorry but most likely you would not hear from us till new year. All
knowledgeable people in this area are on vacation next week.
Thanks
Dmitri
>
>
> ---------- Forwarded message ----------
> From: *Nate Marks* <npmarks at gmail.com <mailto:npmarks at gmail.com>>
> Date: Sat, Dec 22, 2012 at 2:19 PM
> Subject: passsync ssl help?
> To: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>
>
> I've got a default freeipa installation. account sync is working
> great. passsync makes me sad.
> here are the passsync settings:
>
> hostname: <FQDN of the freeipa server>
> port: 636
> username: uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx>
> password: <password>
> cert token : tried it with and without the
> /etc/dirsrv/slapd-instance/pwdfile.txt contents
> serach base=cn=users,cn=accounts,dc=inframax,dc=ncare
>
>
> I cheked the passsync acocunt/pass work with ldp (not ssl) and it
> worked fine.
>
>
> it looks like I correctly imported the cert from my freeipa server
> into the db in program files\389 directory server
>
> I just keep getting :
> ldap bind error in connect
> 81: can't contact ldap server
> can not connect to ldap server in syncpassowrds
>
> I'd really appreciate some help.
> I've also disabled UAC.
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121223/0572a658/attachment.htm>
More information about the Freeipa-users
mailing list