7 messages in com.redhat.fedora-directory-usersRE: [Fedora-directory-users] LDAP Err...| From | Sent On | Attachments |
|---|---|---|
| steve nguyen | Sep 1, 2008 2:09 am | |
| steve nguyen | Sep 1, 2008 6:10 am | |
| Groot, Mathijs de (IDT Competence Java) | Sep 2, 2008 6:06 am | |
| steve nguyen | Sep 2, 2008 6:34 am | |
| Rich Megginson | Sep 2, 2008 8:23 am | |
| Rich Megginson | Sep 2, 2008 8:25 am | |
| steve nguyen | Sep 8, 2008 6:23 am |
| Subject: | RE: [Fedora-directory-users] LDAP Error with sync agreement using ssl | |
|---|---|---|
| From: | steve nguyen (stev...@hotmail.fr) | |
| Date: | Sep 8, 2008 6:23:57 am | |
| List: | com.redhat.fedora-directory-users | |
OK
So in the passsync log I have this error message :
Error initializing SSL: err=-8192 Ensure that your SSL is setup correctly
Failed to load entries from file Ldap bind error in Connect 49: Invalid credentials
Can not connect to ldap server in SyncPasswords Ldap bind error in Connect 81: Can't contact LDAP server
Ldap bind error in Connect 91: Can't connect to the LDAP server
In the FDS log (replication status) I've got this :
"LDAP error: Can't contact LDAP server. Error > > Code 81.
In AD, I set up SSL using IIS because I had some troubles usiing certreq
I enter this url http://<servername>/certsrv in my browser and I ask for a user
certificate.
And I import it in the Trusted Root CA.
After the passync installation in Windows 2003 Server :
I enter this commands : certutil.exe -d . -N
I export my certs from FDS by doing this : pk12util -d . -o dscert.p12 -n
Server-Cert
In 2003 Server I put the FDS cert in the passync installation folder and I
export : pk12util.exe -d "C:\Program Files\Red Hat Directory Password
Synchronization" –i dscert.p12
And I give the trusted peer status : certutil.exe -d "C:\Program Files\Red Hat
Directory Password Synchronization" –M -n Server-Cert -t "P,P,P"
I also do the same for the cascert cert but I give this attributes trust
attributes "CT,CT,CT" because it was mention in the FDS wiki.
That's all I do to set up SSL
Did you see what I did wrong ?
Thanks
------------------------------------------------------------------------------------------------------------------------->
Date: Tue, 2 Sep 2008 09:24:19 -0600> From: rmeg...@redhat.com> To:
fedo...@redhat.com> Subject: Re: [Fedora-directory-users] LDAP
Error with sync agreement using ssl> > steve nguyen wrote:> > Hi everybody,> > >
> I have created two sync agreement in FDS. I've got an error message > > with
the one using ssl : "LDAP error: Can't contact LDAP server. Error > > Code 81.>
You'll have to provide more information, like the CA that issued your AD >
server cert, and other messages in the DS error log.> > The second sync
agreement without ssl works.> > > > I think this error should come from a
certificate that I've create.> > To create my certificate on Fedora I've used
the second script from > > the fds wiki.> > > > I want to know another thing : I
selected a single master in the > > replica role column. If I choose multiple
master, will the sync happen > > from both side : ad and fds ?> The setting for
single vs. multiple master is not applicable with > Windows Sync - it shouldn't
matter as long as the DS side is a master. > Windows sync is always 2 way.> > >
> ps : escuse me for my bad english.
_________________________________________________________________
Téléphonez gratuitement à tous vos proches avec Windows Live Messenger !
Téléchargez-le maintenant !
http://www.windowslive.fr/messenger/1.asp
-- Fedora-directory-users mailing list Fedo...@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users