[Fedora-directory-users] PassSync problems (Peer's Certificate issuer is not recognized)
Jeff Gamsby
JFGamsby at lbl.gov
Tue Jun 6 18:34:42 UTC 2006
I have followed RHDS Admin guide and Howto:WindowsSync several times, but I keep getting this error:
ldapsearch -Z -P . -h ad-host -p 636 -D "cn=administrator,cn=users,dc=xxx,dc=xxx,dc=xxx" -w - -s base -b "" "objectclass=*" -v
Enter bind password:
ldapsearch: started Tue Jun 6 11:28:46 2006
ldap_init( ad-host, 636 )
ldaptool_getcertpath -- .
ldaptool_getkeypath -- .
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
ldap_simple_bind: Can't contact LDAP server
SSL error -8179 (Peer's Certificate issuer is not recognized.)
I can search FDS over SSL. I have exported the Server-Cert from FDS and imported it into AD (PassSync).
I have changed the trust attributes per the Howto, eventhough the attributes only change to "CT,C,C (CA certificate)" and "Pu,Pu,Pu Server-Cert"
More information about the Fedora-directory-users
mailing list