Dennis Crissman wrote:> I am really struggling to get Fedora Directory Server working using
> ADSync. I am confused on a lot of fronts, it would be fair to say I am
> a newbie when it comes to SSH, CAs, and synchronizing anything against
> Active Directory. So I am at a disadvantage to start with.
>
> I have been using
> http://directory.fedoraproject.org/wiki/Howto:WindowsSync for my
> instruction base as well as
> http://directory.fedoraproject.org/wiki/Howto:SSL for setting up FDS
> to use SSL.
>
> Here are my steps so far:
> 1) Install and setup FDS and create my directory server. So far so good.
> 2) Execute setupssl.sh from the Howto:SSL link above.
> * As far as I can tell this script automates everything in "Basic
> Steps", so correct me if I am wrong, but I shouldn''t have to
actually
> do any of them after running the script?
Correct.> 3) Restart both my admin and directory servers.
>
> After I have restarted my servers, it would seem to me that FDS would
> be exclusively accessible over port 636. So I use an LDAP Browser to
> verify, and it turns out that 389 is still available and the other
> isn''t. Why is this?
It should listen to both 389 and 636. Check the error log, do netstat
-an | grep 636, and use ldapsearch instead of LDAP Browser to
verify.>
> At this point I decide to move onto another step
>
(http://directory.fedoraproject.org/wiki/Howto:WindowsSync#Enabling_SSL_for_PassSync)
> in the instructions and setup ADSync on the Active Directory box.
> Install goes fine, though I am obviously unable to get it to connect
> to the FDS yet.
>
> I am able to create the cert8.db, but then hit a road block again when
> I try to execute "pk12util -d . -P slapd-<instance> -o
servercert.p12
> -n Server-Cert", and yes I swap <instance> for my host name. I
get
> this exception: "pk12util: find user certs from nickname failed:
> security library: bad database.". Any idea?
I think you can skip this step. But when you give the -P argument, do
not forget the trailing dash - the prefix (-P) is really
slapd-instance->
> I know this is a lot, but I would appreciate any help I can get.
>
> Thank you,
> Dennis
>
>
>
>
>
> --
> The sender of this email subscribes to Perimeter eSecurity''s email
> anti-virus service. This email has been scanned for malicious code and is
> believed to be virus free. For more information on email security please
> visit: http://www.perimeterusa.com/email-defense-content.html
> This communication is confidential, intended only for the named
> recipient(s)
> above and may contain trade secrets or other information that is
> exempt from
> disclosure under applicable law. Any use, dissemination, distribution or
> copying of this communication by anyone other than the named
> recipient(s) is
> strictly prohibited. If you have received this communication in error,
> please
> delete the email and immediately notify our Command Center at
> 203-541-3444.
>
> Thanks
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users