On Tue, Jun 21, 2011 at 1:39 PM, Rich Megginson <rmegg...@redhat.com> wrote:
> ** > On 06/21/2011 11:23 AM, solarflow99 wrote: > > I'm using self signed certs, did I miss something? > > Probably. There are many steps involved in getting winsync to use >> TLS/SSL to talk to AD, and getting AD PassSync to use TLS/SSL to talk to >> DS. Which >> > > From the Docs listed online: > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html > > The 8.2 docs are better > > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync > > and I went over everything else I could possibly find too. It seems in the > case of self signed certificates, > > Are you talking about self signed certs for 389 or for AD? > I guess that would be both. This is all internal so no servers need real third party signed certificates, just trying to get it to work. > the windows CA has to exported as a .cer file, and imported in 389 with: > certutil -d . -A -n "AD Cert" -t "CTu,u,u" -i ad-cert.cer > > Yes, that is correct. So what's the problem? > It wasn't mentioned anywhere, so once I guessed what had to be done, now i'm getting a different error: # /usr/lib64/mozldap/ldapsearch -v -Z -P /etc/dirsrv/slapd-ldapserver/cert8.db -h 10.10.10.210 -p 636 -D "cn=administrator" -w mypassword -b "cn=users,dc=389testdomain,dc=local" "objectclass=*" ldapsearch: started Tue Jun 21 08:41:15 2011 ldap_init( 10.10.10.210, 636 ) ldaptool_getcertpath -- /etc/dirsrv/slapd-ldapserver/cert8.db ldaptool_getkeypath -- /etc/dirsrv/slapd-ldapserver/cert8.db ldaptool_getmodpath -- (null) ldaptool_getdonglefilename -- (null) ldap_simple_bind: Invalid credentials ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
