<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    On 11/05/2012 01:51 PM, Tim Hughes wrote:
    <blockquote
cite="mid:CALQL5_KoF34aN-iRyEanoM5LihZdy=L89tguap1o_5nB_Qk=qg@mail.gmail.com"
      type="cite"><br>
      I am trying to migrate from a fedora-ds-1.1.2-1.fc6 server to
      ipa-server-2.2.0-16.el6.x86_64 with the following command<br>
      <br>
      <br>
      <span style="font-family:courier new,monospace">ipa migrate-ds
        <a class="moz-txt-link-freetext" href="ldaps://fedora-ds-server.internal">ldaps://fedora-ds-server.internal</a> --continue --with-compat
        --base-dn=dc=custsvc,dc=mycompany
        --user-container=ou=People,ou=custsvc,dc=co,dc=mycompany
        --group-container=ou=Groups,ou=custsvc,dc=co,dc=mycompany</span><br>
      <br>
    </blockquote>
    <br>
    You are using ldaps but there is no cert info defined to connect to
    fedora-DS with SSL.<br>
    Did you mean <a class="moz-txt-link-freetext" href="ldap://">ldap://</a>... ?<br>
    <br>
    <blockquote
cite="mid:CALQL5_KoF34aN-iRyEanoM5LihZdy=L89tguap1o_5nB_Qk=qg@mail.gmail.com"
      type="cite"><br>
      I get the following response.<br>
      <br>
      <br>
      <span style="font-family:courier new,monospace">ipa: DEBUG:
        approved_usage = SSLServer intended_usage = SSLServer<br>
        ipa: DEBUG: cert valid True for "CN=</span><span
        style="font-family:courier new,monospace">ipa-server</span><span
        style="font-family:courier new,monospace"><span
          style="font-family:courier new,monospace">.internal</span>,O=CO.MYCOMPANY"<br>
        ipa: DEBUG: handshake complete, peer = <a
          moz-do-not-send="true" href="http://192.168.10.6:443">192.168.10.6:443</a><br>
        ipa: DEBUG: Caught fault 4203 from server <a class="moz-txt-link-freetext" href="http://">http://</a></span><span
        style="font-family:courier new,monospace"><span
          style="font-family:courier new,monospace">ipa-server</span><span
          style="font-family:courier new,monospace"><span
            style="font-family:courier new,monospace">.internal</span></span>/ipa/xml:
        Can't contact LDAP server: TLS error -8172:Peer's certificate
        issuer has been marked as not trusted by the user.<br>
        ipa: DEBUG: Destroyed connection context.xmlclient<br>
        ipa: ERROR: Can't contact LDAP server: TLS error -8172:Peer's
        certificate issuer has been marked as not trusted by the user</span>.<br>
      <br>
      <br>
      I am trying to work out which certificate is not trusted and how I
      should make it trusted. Any help would be appreciated.<br>
      <br>
      <br clear="all">
      Tim Hughes<br>
      mailto:<a moz-do-not-send="true"
        href="mailto:thughes@thegoldfish.org" target="_blank">thughes@thegoldfish.org</a><br>
      <br>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="72">-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>


</pre>
  </body>
</html>