<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-GB" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I am using the below version :<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">ipa-server-3.0.0-42.el6.x86_64<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">What I want is to integrate AD with FreeIPA so in case of AD failure FreeIPA should able to handle the requests( might be temporary such as cache or something like that ).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">/Prady<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="color:windowtext;mso-fareast-language:EN-GB">From:</span></b><span lang="EN-US" style="color:windowtext;mso-fareast-language:EN-GB"> freeipa-users-bounces@redhat.com [mailto:freeipa-users-bounces@redhat.com]
<b>On Behalf Of </b>Dmitri Pal<br>
<b>Sent:</b> 10 February 2015 16:07<br>
<b>To:</b> freeipa-users@redhat.com<br>
<b>Subject:</b> Re: [Freeipa-users] LDAP Connection error while Integrating AD with FreeIPA<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 02/10/2015 10:59 AM, Prady Dash wrote:<span style="font-size:12.0pt;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I am trying to integrate AD with FreeIPA. I was following the below document.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><a href="https://www.freeipa.org/images/2/2b/Installation_and_Deployment_Guide.pdf">https://www.freeipa.org/images/2/2b/Installation_and_Deployment_Guide.pdf</a><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">While configuring am facing the below error.<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">[root@appserver2 ~]# ipa-replica-manage connect --winsync --binddn cn=Administrator,cn=users,dc=abc,dc=local --bindpw XXXXXXX --passsync XXXXXX --passsync XXXXXXX --cacert /etc/openldap/certs/abc.cer
ad.abc.local -v</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">Directory Manager password:</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000"> </span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">Added CA certificate /etc/openldap/certs/ abc.cer to certificate database for appserver2.qinec.com</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">ipa: INFO: AD Suffix is: DC=abc,DC=local</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">The user for the Windows PassSync service is uid=passsync,cn=sysaccounts,cn=etc,dc=xyz,dc=com</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">Windows PassSync entry exists, not resetting password</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">ipa: INFO: Added new sync agreement, waiting for it to become ready . . .</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">ipa: INFO: Replication Update in progress: FALSE: status: -11 - LDAP error: Connect error: start: 0: end: 0</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">ipa: INFO: Agreement is ready, starting replication . . .</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">Starting replication, please wait until this has completed.</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">[appserver2.abc.com] reports: Update failed! Status: [-11 - LDAP error: Connect error]</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000">Failed to start replication</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#C00000"> </span></i><o:p></o:p></p>
<p class="MsoNormal">Please suggest.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal">/Prady<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-GB"><br>
<br>
<o:p></o:p></span></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-GB">This is a very old documentation.<br>
Please use the latest documentation on the Red Hat portal.<br>
What IPA version and platform are you using?<br>
Do you really want to sync users? Have you considered a trust? Are you aware of that option which is preferred now?<br>
<br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>Thank you,<o:p></o:p></pre>
<pre>Dmitri Pal<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Sr. Engineering Manager IdM portfolio<o:p></o:p></pre>
<pre>Red Hat, Inc.<o:p></o:p></pre>
</div>
</body>
</html>