[Freeipa-users] synchronizing with AD
Rich Megginson
rmeggins at redhat.com
Thu Dec 8 21:44:53 UTC 2011
On 12/08/2011 02:31 PM, Jimmy wrote:
> I had a few weeks away from this configuration and finally getting
> back to it. I'm uncertain of the correct path forward. I don't seem to
> be able to find the documentation on how to install the cert into the
> Passsync NSS database. I have been following this document:
>
> http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/chap-Installation_and_Deployment_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory.html
>
> We are attempting to replicate users from an AD instance to FreeIPA,
> Thanks- Jimmy
There's this:
Refer to the Fedora Directory Server Administration Guide
<http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync.html>
for more information on the Windows Sync utility.
Not only should it not be called "Fedora Directory Server" but the link
is out of date - should point to the latest doc here
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync-About_Windows_Sync
For information specifically about setting up passsync on Windows, see
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service
>
> On Fri, Nov 11, 2011 at 4:55 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
> Rich Megginson wrote:
>
> On 11/11/2011 02:23 PM, Jimmy wrote:
>
> I do have the AD SSL cert installed, but from how I read
> it, I need to
> install the cert from the FreeIPA DS into Windows AD
> certificate store.
>
> Perhaps for something else, but for windows sync/passsync, you
> do not
> need to install the cert from the FreeIPA DS into Windows AD
> certificate
> store.
>
>
> Right, you just need to install it in the Passsync NSS databsae.
>
> rob
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111208/7c408334/attachment.htm>
More information about the Freeipa-users
mailing list