[Freeipa-users] LDAP Connection error while Integrating AD with FreeIPA
Prady Dash
pradyd at qinec.com
Tue Feb 10 17:14:25 UTC 2015
Hi,
Use Case :
We have a user group for VPN, So in a case of DR no one else would able to use VPN as AD is the SPOF, So what am trying to achieve if FreeIPA can help to hold the user data for this group might be temporary so that users could use VPN during AD failure.
Is this possible ?
Regards,
/Prady
From: Dmitri Pal [mailto:dpal at redhat.com]
Sent: 10 February 2015 17:09
To: Prady Dash; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] LDAP Connection error while Integrating AD with FreeIPA
On 02/10/2015 11:21 AM, Prady Dash wrote:
Hi,
I am using the below version :
ipa-server-3.0.0-42.el6.x86_64
What I want is to integrate AD with FreeIPA so in case of AD failure FreeIPA should able to handle the requests( might be temporary such as cache or something like that ).
This is not the use case that would be easy to make work.
So are you planning to configure SSSD on clients to use AD and IPA domains in parallel?
Regards,
/Prady
From: freeipa-users-bounces at redhat.com<mailto:freeipa-users-bounces at redhat.com> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Dmitri Pal
Sent: 10 February 2015 16:07
To: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] LDAP Connection error while Integrating AD with FreeIPA
On 02/10/2015 10:59 AM, Prady Dash wrote:
Hi,
I am trying to integrate AD with FreeIPA. I was following the below document.
https://www.freeipa.org/images/2/2b/Installation_and_Deployment_Guide.pdf
While configuring am facing the below error.
[root at appserver2 ~]# ipa-replica-manage connect --winsync --binddn cn=Administrator,cn=users,dc=abc,dc=local --bindpw XXXXXXX --passsync XXXXXX --passsync XXXXXXX --cacert /etc/openldap/certs/abc.cer ad.abc.local -v
Directory Manager password:
Added CA certificate /etc/openldap/certs/ abc.cer to certificate database for appserver2.qinec.com
ipa: INFO: AD Suffix is: DC=abc,DC=local
The user for the Windows PassSync service is uid=passsync,cn=sysaccounts,cn=etc,dc=xyz,dc=com
Windows PassSync entry exists, not resetting password
ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
ipa: INFO: Replication Update in progress: FALSE: status: -11 - LDAP error: Connect error: start: 0: end: 0
ipa: INFO: Agreement is ready, starting replication . . .
Starting replication, please wait until this has completed.
[appserver2.abc.com] reports: Update failed! Status: [-11 - LDAP error: Connect error]
Failed to start replication
Please suggest.
Regards,
/Prady
This is a very old documentation.
Please use the latest documentation on the Red Hat portal.
What IPA version and platform are you using?
Do you really want to sync users? Have you considered a trust? Are you aware of that option which is preferred now?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150210/50e97b4c/attachment.htm>
More information about the Freeipa-users
mailing list