<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 12/23/2012 08:56 AM, Nate Marks wrote:
<blockquote
cite="mid:CAHM9UcEAu8+Ok-JmwrpMqLTyA2B9waUiN5sBq8k=mY+_AF+WSQ@mail.gmail.com"
type="cite">I'm pretty sure this is an ssl problem, but the steps
for troubleshooting in the 389 server docs don't seem to work well
here. I think they use a different version of ldapsearch that
seems to allow me to specify the location of my cert db. the
ldapsearch I'm using doesn't work that way.<br>
<br>
The question then, is how to test ssl for passsync with freeipa.
I try to run this on my freeipa server:<br>
openssl s_client -connect <ad domaincontroller>:636<br>
and I get: verify error:num=20:unable to get local issuer
certificate<br>
but I don't even knwo if that's a valid, relevant test for
passync.<br>
<br>
do I need that to run error free in both directions? do I need
to add an argument to make sure it's using the same DBs as the
passsync pocess?<br>
</blockquote>
<br>
I am sorry but most likely you would not hear from us till new year.
All knowledgeable people in this area are on vacation next week.<br>
<br>
Thanks<br>
Dmitri <br>
<blockquote
cite="mid:CAHM9UcEAu8+Ok-JmwrpMqLTyA2B9waUiN5sBq8k=mY+_AF+WSQ@mail.gmail.com"
type="cite">
<br>
<br>
<div class="gmail_quote">---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">Nate Marks</b> <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:npmarks@gmail.com">npmarks@gmail.com</a>></span><br>
Date: Sat, Dec 22, 2012 at 2:19 PM<br>
Subject: passsync ssl help?<br>
To: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<br>
<br>
I've got a default freeipa installation. account sync is
working great. passsync makes me sad.<br>
here are the passsync settings:<br>
<br>
hostname: <FQDN of the freeipa server><br>
port: 636<br>
username:
uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx><br>
password: <password><br>
cert token : tried it with and without the
/etc/dirsrv/slapd-instance/pwdfile.txt contents<br>
serach base=cn=users,cn=accounts,dc=inframax,dc=ncare<br>
<br>
<br>
I cheked the passsync acocunt/pass work with ldp (not ssl) and
it worked fine.<br>
<br>
<br>
it looks like I correctly imported the cert from my freeipa
server into the db in program files\389 directory server<br>
<br>
I just keep getting :<br>
ldap bind error in connect<br>
81: can't contact ldap server<br>
can not connect to ldap server in syncpassowrds<br>
<br>
I'd really appreciate some help. <br>
I've also disabled UAC.<br>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>