<p>Of course. No need to apologize at all. I'm grateful for all the support I've already received. Please enjoy the holidays and respond at your leisure </p>
<div class="gmail_quote">On Dec 23, 2012 2:03 PM, "Dmitri Pal" <<a href="mailto:dpal@redhat.com">dpal@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
On 12/23/2012 08:56 AM, Nate Marks wrote:
<blockquote type="cite">I'm pretty sure this is an ssl problem, but the steps
for troubleshooting in the 389 server docs don't seem to work well
here. I think they use a different version of ldapsearch that
seems to allow me to specify the location of my cert db. the
ldapsearch I'm using doesn't work that way.<br>
<br>
The question then, is how to test ssl for passsync with freeipa.
I try to run this on my freeipa server:<br>
openssl s_client -connect <ad domaincontroller>:636<br>
and I get: verify error:num=20:unable to get local issuer
certificate<br>
but I don't even knwo if that's a valid, relevant test for
passync.<br>
<br>
do I need that to run error free in both directions? do I need
to add an argument to make sure it's using the same DBs as the
passsync pocess?<br>
</blockquote>
<br>
I am sorry but most likely you would not hear from us till new year.
All knowledgeable people in this area are on vacation next week.<br>
<br>
Thanks<br>
Dmitri <br>
<blockquote type="cite">
<br>
<br>
<div class="gmail_quote">---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">Nate Marks</b> <span dir="ltr"><<a href="mailto:npmarks@gmail.com" target="_blank">npmarks@gmail.com</a>></span><br>
Date: Sat, Dec 22, 2012 at 2:19 PM<br>
Subject: passsync ssl help?<br>
To: <a href="mailto:freeipa-users@redhat.com" target="_blank">freeipa-users@redhat.com</a><br>
<br>
<br>
I've got a default freeipa installation. account sync is
working great. passsync makes me sad.<br>
here are the passsync settings:<br>
<br>
hostname: <FQDN of the freeipa server><br>
port: 636<br>
username:
uid=passsync,cn=sysaccounts,cn=etc,dc=<xxx>,dc=<xxx><br>
password: <password><br>
cert token : tried it with and without the
/etc/dirsrv/slapd-instance/pwdfile.txt contents<br>
serach base=cn=users,cn=accounts,dc=inframax,dc=ncare<br>
<br>
<br>
I cheked the passsync acocunt/pass work with ldp (not ssl) and
it worked fine.<br>
<br>
<br>
it looks like I correctly imported the cert from my freeipa
server into the db in program files\389 directory server<br>
<br>
I just keep getting :<br>
ldap bind error in connect<br>
81: can't contact ldap server<br>
can not connect to ldap server in syncpassowrds<br>
<br>
I'd really appreciate some help. <br>
I've also disabled UAC.<br>
</div>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>
</pre>
</div>
<br>_______________________________________________<br>
Freeipa-users mailing list<br>
<a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br></blockquote></div>