[Freeipa-users] LDAP Connection error while Integrating AD with FreeIPA
Dmitri Pal
dpal at redhat.com
Tue Feb 10 17:24:37 UTC 2015
On 02/10/2015 12:14 PM, Prady Dash wrote:
>
> Hi,
>
> Use Case :
>
> We have a user group for VPN, So in a case of DR no one else would
> able to use VPN as AD is the SPOF, So what am trying to achieve if
> FreeIPA can help to hold the user data for this group might be
> temporary so that users could use VPN during AD failure.
>
> Is this possible ?
>
This would be possible but would require reconfiguration of the VPN in
case of problems with AD.
It would also require for you to do a winsync of the user passwords keep
passwords in sync.
I am all for you using FreeIPA for this but seems like a much more work
for you than to add another AD instance or use Samba 4 as a secondary DC.
> Regards,
>
> /Prady
>
> *From:*Dmitri Pal [mailto:dpal at redhat.com]
> *Sent:* 10 February 2015 17:09
> *To:* Prady Dash; freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] LDAP Connection error while Integrating
> AD with FreeIPA
>
> On 02/10/2015 11:21 AM, Prady Dash wrote:
>
> Hi,
>
> I am using the below version :
>
> ipa-server-3.0.0-42.el6.x86_64
>
> What I want is to integrate AD with FreeIPA so in case of AD
> failure FreeIPA should able to handle the requests( might be
> temporary such as cache or something like that ).
>
>
> This is not the use case that would be easy to make work.
> So are you planning to configure SSSD on clients to use AD and IPA
> domains in parallel?
>
>
> Regards,
>
> /Prady
>
> *From:*freeipa-users-bounces at redhat.com
> <mailto:freeipa-users-bounces at redhat.com>
> [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *Dmitri Pal
> *Sent:* 10 February 2015 16:07
> *To:* freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> *Subject:* Re: [Freeipa-users] LDAP Connection error while
> Integrating AD with FreeIPA
>
> On 02/10/2015 10:59 AM, Prady Dash wrote:
>
> Hi,
>
> I am trying to integrate AD with FreeIPA. I was following the
> below document.
>
> https://www.freeipa.org/images/2/2b/Installation_and_Deployment_Guide.pdf
>
> While configuring am facing the below error.
>
> /[root at appserver2 ~]# ipa-replica-manage connect --winsync
> --binddn cn=Administrator,cn=users,dc=abc,dc=local --bindpw
> XXXXXXX --passsync XXXXXX --passsync XXXXXXX --cacert
> /etc/openldap/certs/abc.cer ad.abc.local -v/
>
> /Directory Manager password:/
>
> //
>
> /Added CA certificate /etc/openldap/certs/ abc.cer to
> certificate database for appserver2.qinec.com/
>
> /ipa: INFO: AD Suffix is: DC=abc,DC=local/
>
> /The user for the Windows PassSync service is
> uid=passsync,cn=sysaccounts,cn=etc,dc=xyz,dc=com/
>
> /Windows PassSync entry exists, not resetting password/
>
> /ipa: INFO: Added new sync agreement, waiting for it to become
> ready . . ./
>
> /ipa: INFO: Replication Update in progress: FALSE: status:
> -11 - LDAP error: Connect error: start: 0: end: 0/
>
> /ipa: INFO: Agreement is ready, starting replication . . ./
>
> /Starting replication, please wait until this has completed./
>
> /[appserver2.abc.com] reports: Update failed! Status: [-11 -
> LDAP error: Connect error]/
>
> /Failed to start replication/
>
> //
>
> Please suggest.
>
> Regards,
>
> /Prady
>
>
>
>
> This is a very old documentation.
> Please use the latest documentation on the Red Hat portal.
> What IPA version and platform are you using?
> Do you really want to sync users? Have you considered a trust? Are
> you aware of that option which is preferred now?
>
>
>
> --
>
> Thank you,
>
> Dmitri Pal
>
>
>
> Sr. Engineering Manager IdM portfolio
>
> Red Hat, Inc.
>
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150210/9ea74cde/attachment.htm>
More information about the Freeipa-users
mailing list