[Freeipa-users] synchronizing with AD
Rich Megginson
rmeggins at redhat.com
Fri Nov 11 20:33:43 UTC 2011
On 11/11/2011 01:11 PM, Jimmy wrote:
> I am trying to get FreeIPA synchronizing with AD. The instructions I
> have found on the web go through setting up SSL for passsync, but they
> all reference installing the CA cert from the Directory Server without
> specifying how to go about getting the DS CA cert. I found a couple
> links on how to export the CA cert but they didn't work as described.
>
> (step 'f' in this link)
> https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#
Step f isn't necessary. And it is usually not necessary to manually
setup AD for SSL. If you install the Microsoft Cert System in
Enterprise Root CA mode, it will usually create and install the AD SSL
cert automatically.
This link
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service
explains a bit more about how to set up PassSync to use SSL to talk to
IPA (i.e. how and where to install the IPA CA cert for use by
PassSync). Note that AD itself doesn't talk to IPA - it's only the
PassSync "AD plugin" that talks to IPA, and only for the purpose of
sending the clear text password changes from AD to IPA.
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111111/0dc96880/attachment.htm>
More information about the Freeipa-users
mailing list