[Freeipa-users] Fwd: passsync ssl help?

Dmitri Pal dpal at redhat.com
Sun Dec 23 19:02:10 UTC 2012 

On 12/23/2012 08:56 AM, Nate Marks wrote:
> I'm pretty sure this is an ssl problem, but the steps for
> troubleshooting in the 389 server docs don't seem to work well here. 
> I think they use a different version of ldapsearch that seems to allow
> me to specify the location of my cert db.  the ldapsearch  I'm using
> doesn't work that way.
>
> The question then, is how to test ssl for passsync  with freeipa. I
> try to run this on my freeipa server:
> openssl s_client -connect <ad domaincontroller>:636
> and I get: verify error:num=20:unable to get local issuer certificate
>  but I don't even knwo if that's a valid, relevant test for passync.
>
> do I need that to run  error free in both directions?  do I need to
> add an argument to make sure it's using the same DBs as the  passsync
> pocess?

I am sorry but most likely you would not hear from us till new year. All
knowledgeable people in this area are on vacation next week.

Thanks
Dmitri
>
>
> ---------- Forwarded message ----------
> From: *Nate Marks* <npmarks at gmail.com <mailto:npmarks at gmail.com>>
> Date: Sat, Dec 22, 2012 at 2:19 PM
> Subject: passsync ssl help?
> To: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>
>
> I've got a default freeipa installation.  account sync is working
> great.  passsync makes me sad.
> here are the passsync settings:
>
> hostname: <FQDN of the freeipa server>
> port: 636
> username: uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx>
> password: <password>
> cert token :  tried it with and without the
> /etc/dirsrv/slapd-instance/pwdfile.txt contents
> serach base=cn=users,cn=accounts,dc=inframax,dc=ncare
>
>
> I cheked the passsync acocunt/pass work with ldp  (not ssl) and it
> worked fine.
>
>
> it looks like  I correctly imported the cert  from my freeipa server  
> into the db in program files\389 directory server
>
> I just keep getting :
> ldap bind error in connect
> 81: can't contact ldap server
> can not connect to ldap server in syncpassowrds
>
> I'd really appreciate some help. 
> I've also disabled UAC.
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121223/0572a658/attachment.htm>

More information about the Freeipa-users mailing list