Thanks for the new Link ! @Rich Megginson "It's not the 389DS server certificate, but the CA certificate for the CA that issued the 389DS server certificate, that you need for PassSync"
@Grzegorz Dwornicki "But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS" Sorry I don't understand "CA certificate for the CA that issued the 389DS server certificate", I have to export this one below to the AD? (it's empty on this capture, but with CA certificate on my directory server): @Grzegorz Dwornicki --> do you have a procedure to do that ? I don't find in redhat documentation. (when you said AD CA, do you consider that AD CA = Authority installed on my AD ?) Many thanks, for your answers. And your patience about my translation problems. Best regards, Alex 2013/3/27 Grzegorz Dwornicki <gd1...@gmail.com> > I had missunderstood you im this case. No you don't need to create second > CA. But you must generate cert for DS on AD CA. Then you need to import > this cert with AD CA cert on DS > > Greg. > 27 mar 2013 15:41, "alexandre" <axel0fe...@gmail.com> napisał(a): > > I'm really impressed by the reactivity of this list !!! >> >> Sorry my understanding is not perfect because i'm french, so I don't have >> any CA in my DS, I have one CA (installed on my domain controller). >> >> Do I need to install a CA in my DS ? (when I write CA for me it means a >> Authority). >> >> >> Alex >> >> >> 2013/3/27 Grzegorz Dwornicki <gd1...@gmail.com> >> >>> If you have diferent CA in AD vs DS then you need to do this import. >>> >>> AD by default don't use LDAPS or STARTSSL soo you need to install ms >>> cert CA stuff. >>> >>> Greg. >>> 27 mar 2013 15:07, "alexandre" <axel0fe...@gmail.com> napisał(a): >>> >>>> Hello, >>>> >>>> I try to follow this procedure : >>>> >>>> >>>> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html >>>> >>>> Everything works fine, except I don't understand right this line: >>>> >>>> "Import the CA certificate from Directory Server into Active Directory. >>>> Click *Trusted Root CA*, then *Import*, and browse for the Directory >>>> Server CA certificate." >>>> >>>> For me CA certificate, it's a certificate from the Authority, so in my >>>> Active Directory the certificate from the authority is already know in the >>>> Trusted >>>> Root CA. >>>> >>>> So, do I need to import 389DS server certificate in my active directory >>>> ? >>>> >>>> And finally, there is no indication to do that, someone can help me to >>>> pass through ? >>>> >>>> Thanks in advance. >>>> >>>> Best regards, >>>> Alex >>>> >>>> -- >>>> 389 users mailing list >>>> 389-us...@lists.fedoraproject.org >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> >>> >>> -- >>> 389 users mailing list >>> 389-us...@lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >> >> >> -- >> 389 users mailing list >> 389-us...@lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > -- > 389 users mailing list > 389-us...@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
