On Tue, Jun 21, 2011 at 2:51 PM, Rich Megginson <rmegg...@redhat.com> wrote:
> ** > On 06/21/2011 11:52 AM, solarflow99 wrote: > > On Tue, Jun 21, 2011 at 1:39 PM, Rich Megginson <rmegg...@redhat.com>wrote: > >> On 06/21/2011 11:23 AM, solarflow99 wrote: >> >> I'm using self signed certs, did I miss something? >> >> Probably. There are many steps involved in getting winsync to use >>> TLS/SSL to talk to AD, and getting AD PassSync to use TLS/SSL to talk to >>> DS. Which >>> >> >> From the Docs listed online: >> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html >> >> The 8.2 docs are better >> >> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync >> >> and I went over everything else I could possibly find too. It seems in >> the case of self signed certificates, >> >> Are you talking about self signed certs for 389 or for AD? >> > > I guess that would be both. This is all internal so no servers need real > third party signed certificates, just trying to get it to work. > > Ok, I'm confused. The RHDS 8.2 Admin Guide talks about setting up AD for > TLS/SSL by installing the MS CA in Enterprise Root CA mode, creating a cert > request, and using MS CA to issue the AD server cert. It doesn't say > anything about creating self signed certs for AD. > Ya, thats what I mean. It would be nice if there was an example of getting this to work with self signed certs. I could add that to the wiki if that would useful for anyone else. # /usr/lib64/mozldap/ldapsearch -v -Z -P /etc/dirsrv/slapd-ldapserver/cert8.db -h 10.10.10.210 -p 636 -D "cn=administrator" -w mypassword -b "cn=users,dc=389testdomain,dc=local" "objectclass=*" ldapsearch: started Tue Jun 21 08:41:15 2011 ldap_init( 10.10.10.210, 636 ) ldaptool_getcertpath -- /etc/dirsrv/slapd-ldapserver/cert8.db ldaptool_getkeypath -- /etc/dirsrv/slapd-ldapserver/cert8.db ldaptool_getmodpath -- (null) ldaptool_getdonglefilename -- (null) ldap_simple_bind: Invalid credentials ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 > -D "cn=administrator" > You have to use the full DN - something like -D > "cn=administrator,cn=users,dc=389testdomain,dc=local" > Got it! thanks,
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
