<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#ffffff" text="#000000">
    On 11/11/2011 01:11 PM, Jimmy wrote:
    <blockquote
cite="mid:CAG8E47S4zoxx==tOKLe+U5pMRmQorZXUaXkzHtXfkDa+0-YRLw@mail.gmail.com"
      type="cite">I am trying to get FreeIPA synchronizing with AD. The
      instructions I have found on the web go through setting up SSL for
      passsync, but they all reference installing the CA cert from the
      Directory Server without specifying how to go about getting the DS
      CA cert. I found a couple links on how to export the CA cert but
      they didn't work as described.
      <div>
        <br>
      </div>
      <div>(step 'f' in this link)</div>
      <div><a moz-do-not-send="true"
href="https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#">https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#</a></div>
    </blockquote>
    Step f isn't necessary.  And it is usually not necessary to manually
    setup AD for SSL.  If you install the Microsoft Cert System in
    Enterprise Root CA mode, it will usually create and install the AD
    SSL cert automatically.<br>
    <br>
    This link
    <a class="moz-txt-link-freetext" href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service</a>
    explains a bit more about how to set up PassSync to use SSL to talk
    to IPA (i.e. how and where to install the IPA CA cert for use by
    PassSync).  Note that AD itself doesn't talk to IPA - it's only the
    PassSync "AD plugin" that talks to IPA, and only for the purpose of
    sending the clear text password changes from AD to IPA.<br>
    <blockquote
cite="mid:CAG8E47S4zoxx==tOKLe+U5pMRmQorZXUaXkzHtXfkDa+0-YRLw@mail.gmail.com"
      type="cite">
      <pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
    </blockquote>
    <br>
  </body>
</html>