[Fedora-directory-users] Windows Active Directory sync Help!

kiran madala kirankmadala at hotmail.com
Wed Jan 9 21:23:14 UTC 2008 

Also the console give me thsi error when Icick on manage certificates on the DS server and never opens up. It works fine on AS server

Exception during event dispatch:
java.lang.NullPointerException
   at com.netscape.management.client.security.CertificateDialog.(Unknown Source)
   at com.netscape.management.client.security.CertificateDialog.(Unknown Source)
   at com.netscape.admin.dirserv.task.KeyCert.run(Unknown Source)
   at com.netscape.management.client.TaskModel.actionObjectRun(Unknown Source)
   at com.netscape.management.client.TaskPage$TaskList$ButtonMouseListener.mouseClicked(Unknown Source)
   at java.awt.AWTEventMulticaster.mouseClicked(libgcj.so.7rh)
   at java.awt.Component.processMouseEvent(libgcj.so.7rh)
   at java.awt.Component.processEvent(libgcj.so.7rh)
   at java.awt.Container.processEvent(libgcj.so.7rh)
   at java.awt.Component.dispatchEventImpl(libgcj.so.7rh)
   at java.awt.Container.dispatchEventImpl(libgcj.so.7rh)
   at java.awt.Component.dispatchEvent(libgcj.so.7rh)
   at java.awt.LightweightDispatcher.handleMouseEvent(libgcj.so.7rh)
   at java.awt.LightweightDispatcher.dispatchEvent(libgcj.so.7rh)
   at java.awt.Container.dispatchEventImpl(libgcj.so.7rh)
   at java.awt.Window.dispatchEventImpl(libgcj.so.7rh)
   at java.awt.Component.dispatchEvent(libgcj.so.7rh)
   at java.awt.EventQueue.dispatchEvent(libgcj.so.7rh)
   at java.awt.EventDispatchThread.run(libgcj.so.7rh)
Exception in thread "http://248.8.168.192.in-addr.arpa.dev:9830/" java.lang.NullPointerException
   at com.netscape.management.client.comm.HttpChannel.run(Unknown Source)
   at java.lang.Thread.run(libgcj.so.7rh)
Exception in thread "http://248.8.168.192.in-addr.arpa.dev:9830/" java.lang.NullPointerException
   at com.netscape.management.client.comm.HttpChannel.run(Unknown Source)
   at java.lang.Thread.run(libgcj.so.7rh)



----------------------------------------
> From: kirankmadala at hotmail.com
> To: fedora-directory-users at redhat.com
> Subject: RE: [Fedora-directory-users] Windows Active Directory sync Help!
> Date: Wed, 9 Jan 2008 17:03:18 -0400
> 
> 
> I keep getting these errors when trying to initiate sync 
> 
> [09/Jan/2008:16:00:12 -0500] - SSL alert: ldapssl_enable_clientauth(Server-Key, ds-server-cert) -1 (Netscape Portable Runtime error -5987 - Invalid function argument.)
> [09/Jan/2008:16:00:13 -0500] NSMMReplicationPlugin - agmt="cn=AD Sync" (netsweep-41a75e:636): Replication bind with SSL client authentication failed: LDAP error -1 (Unknown error)
> 
> The LDAP search is not installed on my machine so i could not do a search
> ----------------------------------------
>> Date: Wed, 9 Jan 2008 11:43:49 -0700
>> From: rmeggins at redhat.com
>> To: fedora-directory-users at redhat.com
>> Subject: Re: [Fedora-directory-users] Windows Active Directory sync Help!
>> 
>> kiran madala wrote:
>>> Sorry here is the error log for DS server
>>>
>>> [09/Jan/2008:13:33:50 -0500] NSMMReplicationPlugin - agmt="cn=AD sync" (netsweep-41a75e:636): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error -5987 (Invalid function argument.)
>>>
>>> It cannot connect to AD. I imported the CA certificate into the Installation folder of the console in the windows xp machine. 
>>>   
>> Did you configure the agreement to use SSL?  Error 91 means some sort of 
>> connection problem, or invalid argument to the LDAP API e.g. you are 
>> attempting to use LDAP on the secure port instead of LDAPS.
>> 
>> You can verify that TLS/SSL is working by using ldapsearch from the 
>> command line.  On the directory server machine:
>> /usr/lib/mozldap/ldapsearch -h ADhostname -p 638 -Z -P 
>> /etc/dirsrv/slapd-instancename -s base -b "" "objectclass=*"
>> 
>> Or use /usr/lib64/mozldap/ldapsearch on a 64bit system.
>>>
>>> ----------------------------------------
>>>   
>>>> Date: Wed, 9 Jan 2008 11:09:54 -0700
>>>> From: rmeggins at redhat.com
>>>> To: fedora-directory-users at redhat.com
>>>> Subject: Re: [Fedora-directory-users] Windows Active Directory sync Help!
>>>>
>>>> kiran madala wrote:
>>>>     
>>>>> I am using  Fedora 1.1 on Fedora 6 x86 machine.  When i fill in the entries and click next a message pops up saying "Unable to connet to Active Directory server, continue?".  Also in the domain controller host field can I specify the IP address of the machine?. 
>>>>>
>>>>> The error log for DS server is below. The IP is the windows xp machine on whcih I am  runnign the remote DS console.
>>>>>
>>>>> [Wed Jan 09 09:15:08 2008] [notice] [client 192.168.8.241] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.8.241
>>>>> <snip<
>>>>>   
>>>>>       
>>>> Actually, this is the error log for the admin server.  The error log for 
>>>> the directory server is in /var/log/dirsrv/slapd-INSTANCE where instance 
>>>> is your instance name.
>>>>
>>>> The console might be failing to connect to AD because the console has a 
>>>> separate key/cert db under ~/.fedora-idm-console (in 1.1).  You may need 
>>>> to add the CA cert in this directory too:
>>>>
>>>> certutil -A -d ~/.fedora-idm-console -n "CA certificate" -t "CT,," -a -i /path/to/cacert.asc
>>>>
>>>>     
>>>>> ----------------------------------------
>>>>>   
>>>>>       
>>>>>> Date: Wed, 9 Jan 2008 10:52:05 -0700
>>>>>> From: rmeggins at redhat.com
>>>>>> To: fedora-directory-users at redhat.com
>>>>>> Subject: Re: [Fedora-directory-users] Windows Active Directory sync Help!
>>>>>>
>>>>>> kiran madala wrote:
>>>>>>     
>>>>>>         
>>>>>>> As far I understand by reading docs again that the user specified in the Syn agreement and Bind DN should be same and exist on Active directory with Domain Admin privileges.  But I have other issues now.
>>>>>>>
>>>>>>> The DS server is unable to connect to my AD.
>>>>>>>       
>>>>>>>           
>>>>>> What error messages are you getting?  Check the error log.
>>>>>>
>>>>>> You can also try using ldapsearch.  Are you using Fedora DS 1.1 or 
>>>>>> 1.0.4?  What OS?
>>>>>>     
>>>>>>         
>>>>>>> I enabled SSL by copying the same root certificate into AD and also generating a server certificate and opened up ports in firewall. Am I missing something like allowing client Authentication on the AD machine?
>>>>>>>   
>>>>>>>       
>>>>>>>           
>>>>>> You don't need to use cert based client auth.  You can use regular 
>>>>>> username/password auth over TLS/SSL.
>>>>>>     
>>>>>>         
>>>>>>> My currents certificates are as follows.
>>>>>>>
>>>>>>> DS has its own server certificate
>>>>>>> AD has its own server  certificate
>>>>>>> ALL 3 servers AS,DS and AD have the same CA root certificate
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----------------------------------------
>>>>>>>   
>>>>>>>       
>>>>>>>           
>>>>>>>> From: kirankmadala at hotmail.com
>>>>>>>> To: fedora-directory-users at redhat.com
>>>>>>>> Date: Wed, 9 Jan 2008 10:35:00 -0400
>>>>>>>> Subject: [Fedora-directory-users] Windows Active Directory sync Help!
>>>>>>>>
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I am trying to sync the DS with AD. Since I am new to AD and DS I have few questions.
>>>>>>>>
>>>>>>>> I want to synchronize only users and groups so Is it necessary to enable SSL on Active Directory and connect to Active directory through SSL?
>>>>>>>>
>>>>>>>> In the replica settings the supplier DN user need to be on both AD and DS with should be a Domain admin of the AD?
>>>>>>>>
>>>>>>>> When trying to synchronize with AD the bind DN (In screen shot) user should be in both AD and DS?
>>>>>>>>
>>>>>>>>
>>>>>>>> I have attached the screen shot of my final DS agreement window. I believe currently it is defined to synchronize users what changes I need to make it synchronize groups aswell.
>>>>>>>>
>>>>>>>> Thanks in advance
>>>>>>>> _________________________________________________________________
>>>>>>>> Exercise your brain! Try Flexicon!
>>>>>>>> http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig
>>>>>>>>     
>>>>>>>>         
>>>>>>>>             
>>>>>>> _________________________________________________________________
>>>>>>> Use fowl language with Chicktionary. Click here to start playing!
>>>>>>> http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig
>>>>>>>
>>>>>>> --
>>>>>>> Fedora-directory-users mailing list
>>>>>>> Fedora-directory-users at redhat.com
>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>>   
>>>>>>>       
>>>>>>>           
>>>>> _________________________________________________________________
>>>>> Read what Santa`s been up to! For all the latest, visit asksantaclaus.spaces.live.com!
>>>>> http://asksantaclaus.spaces.live.com/
>>>>>
>>>>> --
>>>>> Fedora-directory-users mailing list
>>>>> Fedora-directory-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>   
>>>>>       
>>>
>>> _________________________________________________________________
>>> Introducing the City @ Live! Take a tour!
>>> http://getyourliveid.ca/?icid=LIVEIDENCA006
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>   
>> 
> 
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

_________________________________________________________________
Exercise your brain! Try Flexicon!
http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig

More information about the Fedora-directory-users mailing list