<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 02/04/2014 01:13 PM, Todd Maugh
wrote:<br>
</div>
<blockquote
cite="mid:6FB698E172A95F49BE009B36D56F53E226C784@EXCHMB1-ELS.BWINC.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">now I am getting this after rerunning
the install and trying to reinstall my cert<br>
<br>
LDAP bind error in connect<br>
81: Can't Contact LDAP Server<br>
</div>
</blockquote>
<br>
That means<br>
1) ipa ldap server is down<br>
2) some sort of network problem<br>
3) incorrect host/port specified in passsync config<br>
4) host specified in passsync config is not the FQDN, or the FQDN
doesn't resolve both forward and reverse from the windows box<br>
5) host specified in the passsync config does not match the ipa ldap
server certificate subject dn<br>
6) incorrect CA cert installed in passsync cert db<br>
<br>
<blockquote
cite="mid:6FB698E172A95F49BE009B36D56F53E226C784@EXCHMB1-ELS.BWINC.local"
type="cite">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">
<br>
<div style="font-family: Times New Roman; color: #000000;
font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF621850"><font
color="#000000" face="Tahoma" size="2"><b>From:</b>
<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>] on behalf of Todd Maugh
[<a class="moz-txt-link-abbreviated" href="mailto:tmaugh@boingo.com">tmaugh@boingo.com</a>]<br>
<b>Sent:</b> Tuesday, February 04, 2014 11:56 AM<br>
<b>To:</b> Rich Megginson; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com">dpal@redhat.com</a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] Creating password sync<br>
</font><br>
</div>
<div>
<div style="direction:ltr; font-family:Tahoma;
color:#000000; font-size:10pt">Im seeing these errors in
the passsync.log<br>
<br>
<span dir="ltr">
<div>32: No such object</div>
<div>02/03/14 16:23:40: Ldap error in QueryUsername</div>
<div>32: No such object</div>
<div>02/03/14 16:57:48: Abandoning password change for
scottb, backoff expired</div>
<div>02/03/14 16:57:48: Ldap bind error in Connect</div>
<div>32: No such object</div>
<div>02/03/14 16:57:48: Ldap error in QueryUsername</div>
<div>32: No such object</div>
<div>02/03/14 18:06:04: Abandoning password change for
scottb, backoff expired</div>
<div>02/03/14 18:06:04: Ldap bind error in Connect</div>
<div>32: No such object</div>
<div>02/04/14 10:24:59: PassSync service initialized</div>
<div>02/04/14 10:24:59: PassSync service running</div>
<div>02/04/14 10:25:00: Ldap bind error in Connect</div>
<div>32: No such object</div>
<div>02/04/14 10:58:37: Ldap bind error in Connect</div>
<div>32: No such object</div>
<div>02/04/14 10:58:37: PassSync service stopped</div>
<div>02/04/14 10:58:38: PassSync service initialized</div>
<div>02/04/14 10:58:38: PassSync service running</div>
<div>02/04/14 10:58:39: Ldap bind error in Connect</div>
<div>32: No such object</div>
<div><br>
<br>
</div>
</span><br>
<div style="font-family:Times New Roman; color:#000000;
font-size:16px">
<hr tabindex="-1">
<div id="divRpF24542" style="direction:ltr"><font
color="#000000" face="Tahoma" size="2"><b>From:</b>
Rich Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Tuesday, February 04, 2014 9:19 AM<br>
<b>To:</b> Todd Maugh; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com">dpal@redhat.com</a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: Creating password sync<br>
</font><br>
</div>
<div>
<div class="moz-cite-prefix">On 02/04/2014 10:17 AM,
Todd Maugh wrote:<br>
</div>
<blockquote type="cite">
<style id="owaParaStyle" type="text/css">
<!--
p
{margin-top:0;
margin-bottom:0}
p
{margin-top:0;
margin-bottom:0}
body
{direction:ltr;
font-family:Tahoma;
color:#000000;
font-size:10pt}
p
{margin-top:0;
margin-bottom:0}
-->
BODY {direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;}P {margin-top:0;margin-bottom:0;}</style>
<div style="direction:ltr; font-family:Tahoma;
color:#000000; font-size:10pt">also I have
verified the password synchronization service is
started and running on the windows 2008 R2 server<br>
<br>
<br>
but I cant tell if or what it is doing because iM
not getting passwords to my IDM<br>
</div>
</blockquote>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging"
target="_blank">http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging</a><br>
<br>
You can also look at the 389 access log to see if you
have connections from the windows box.<br>
<br>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma;
color:#000000; font-size:10pt">
<div style="font-family:Times New Roman;
color:#000000; font-size:16px">
<hr tabindex="-1">
<div id="divRpF273180" style="direction:ltr"><font
color="#000000" face="Tahoma" size="2"><b>From:</b>
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users-bounces@redhat.com"
target="_blank">
freeipa-users-bounces@redhat.com</a> [<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users-bounces@redhat.com"
target="_blank">freeipa-users-bounces@redhat.com</a>]
on behalf of Todd Maugh [<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:tmaugh@boingo.com"
target="_blank">tmaugh@boingo.com</a>]<br>
<b>Sent:</b> Tuesday, February 04, 2014 9:04
AM<br>
<b>To:</b> Rich Megginson; <a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:dpal@redhat.com"
target="_blank">
dpal@redhat.com</a><br>
<b>Cc:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com"
target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> [Freeipa-users] Creating
password sync<br>
</font><br>
</div>
<div>
<div style="direction:ltr; font-family:Tahoma;
color:#000000; font-size:10pt">Ok, So I have
my replication agreement set up.<br>
<br>
and I see accounts coming in to my IDM
server from AD<br>
<br>
I have followed this guide from redhat <br>
<br>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html"
target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html</a><br>
<br>
to set up my password sync. <br>
<br>
I get no errors<br>
<br>
but my passwords are not syncing!<br>
<br>
Help! the documentation tells o fno way to
verify or trouble shoot<br>
<br>
<br>
Thank You<br>
<br>
-Todd Maugh<br>
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:tmaugh@boingo.com"
target="_blank">tmaugh@boingo.com</a><br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>