[Fedora-directory-users] SSH help

Dennis Crissman dcrissman at perimeterusa.com
Fri Apr 13 17:22:52 UTC 2007 

I am really struggling to get Fedora Directory Server working using 
ADSync. I am confused on a lot of fronts, it would be fair to say I am a 
newbie when it comes to SSH, CAs, and synchronizing anything against 
Active Directory. So I am at a disadvantage to start with.

I have been using 
http://directory.fedoraproject.org/wiki/Howto:WindowsSync for my 
instruction base as well as 
http://directory.fedoraproject.org/wiki/Howto:SSL for setting up FDS to 
use SSL.

Here are my steps so far:
 1) Install and setup FDS and create my directory server. So far so good.
 2) Execute setupssl.sh from the Howto:SSL link above.
     * As far as I can tell this script automates everything in "Basic 
Steps", so correct me if I am wrong, but I shouldn't have to actually do 
any of them after running the script?
 3) Restart both my admin and directory servers.

After I have restarted my servers, it would seem to me that FDS would be 
exclusively accessible over port 636. So I use an LDAP Browser to 
verify, and it turns out that 389 is still available and the other 
isn't. Why is this?

At this point I decide to move onto another step 
(http://directory.fedoraproject.org/wiki/Howto:WindowsSync#Enabling_SSL_for_PassSync) 
in the instructions and setup ADSync on the Active Directory box. 
Install goes fine, though I am obviously unable to get it to connect to 
the FDS yet.

I am able to create the cert8.db, but then hit a road block again when I 
try to execute "pk12util -d . -P slapd-<instance> -o servercert.p12 -n 
Server-Cert", and yes I swap <instance> for my host name. I get this 
exception: "pk12util: find user certs from nickname failed: security 
library: bad database.". Any idea?

I know this is a lot, but I would appreciate any help I can get.

Thank you,
Dennis





--
 The sender of this email subscribes to Perimeter eSecurity's email
 anti-virus service. This email has been scanned for malicious code and is
 believed to be virus free. For more information on email security please
 visit: http://www.perimeterusa.com/email-defense-content.html
 This communication is confidential, intended only for the named recipient(s)
 above and may contain trade secrets or other information that is exempt from
 disclosure under applicable law. Any use, dissemination, distribution or
 copying of this communication by anyone other than the named recipient(s) is
 strictly prohibited. If you have received this communication in error, please
 delete the email and immediately notify our Command Center at 203-541-3444.

 Thanks

More information about the Fedora-directory-users mailing list