[Freeipa-users] Fwd: passsync ssl help?

Nate Marks npmarks at gmail.com
Sun Dec 23 19:06:53 UTC 2012 

Of course. No need to apologize at all. I'm grateful for all the support
I've already received.  Please enjoy the holidays and respond at your
leisure
On Dec 23, 2012 2:03 PM, "Dmitri Pal" <dpal at redhat.com> wrote:

>  On 12/23/2012 08:56 AM, Nate Marks wrote:
>
> I'm pretty sure this is an ssl problem, but the steps for troubleshooting
> in the 389 server docs don't seem to work well here.  I think they use a
> different version of ldapsearch that seems to allow me to specify the
> location of my cert db.  the ldapsearch  I'm using doesn't work that way.
>
> The question then, is how to test ssl for passsync  with freeipa. I try to
> run this on my freeipa server:
> openssl s_client -connect <ad domaincontroller>:636
> and I get: verify error:num=20:unable to get local issuer certificate
>  but I don't even knwo if that's a valid, relevant test for passync.
>
> do I need that to run  error free in both directions?  do I need to add an
> argument to make sure it's using the same DBs as the  passsync pocess?
>
>
> I am sorry but most likely you would not hear from us till new year. All
> knowledgeable people in this area are on vacation next week.
>
> Thanks
> Dmitri
>
>
>
> ---------- Forwarded message ----------
> From: Nate Marks <npmarks at gmail.com>
> Date: Sat, Dec 22, 2012 at 2:19 PM
> Subject: passsync ssl help?
> To: freeipa-users at redhat.com
>
>
> I've got a default freeipa installation.  account sync is working great.
> passsync makes me sad.
> here are the passsync settings:
>
> hostname: <FQDN of the freeipa server>
> port: 636
> username: uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx>
> password: <password>
> cert token :  tried it with and without the
> /etc/dirsrv/slapd-instance/pwdfile.txt contents
> serach base=cn=users,cn=accounts,dc=inframax,dc=ncare
>
>
> I cheked the passsync acocunt/pass work with ldp  (not ssl) and it worked
> fine.
>
>
> it looks like  I correctly imported the cert  from my freeipa server
> into the db in program files\389 directory server
>
> I just keep getting :
> ldap bind error in connect
> 81: can't contact ldap server
> can not connect to ldap server in syncpassowrds
>
> I'd really appreciate some help.
> I've also disabled UAC.
>
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121223/5a968301/attachment.htm>

More information about the Freeipa-users mailing list