Hi, I''m trying to follow the documentation to setup synchronisation to windows active directory.>From the documentation:http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync-Configuring_Windows_Sync.html [quote] 2. Create a new cert8.db and key.db using certutil.exe on the Password Sync machine. certutil.exe -d . -N ln -s slapd-serverID-cert8.db cert8.db ln -s slapd-serverID-key3.db key3.db [/quote] If I execute that in a new directory: # certutil.exe -d . -N # ln -s slapd-rhds-cert8.db cert8.db ln: creating symbolic link `cert8.db'' to `slapd-rhds-cert8.db'': File exists I don''t follow why the ln -s should be executed? Why not start with part 3: On the Directory Server, export the server certificate using pk12util. pk12util -d . -o servercert.pfx -n Server-Cert Because SSL is already configured on this linux machine, so I guess I can use the server-cert from that cert8.db? Can someone clarify/confirm this? Thanks!
Rich Megginson
2008-Jul-17 14:39 UTC
Re: [Fedora-directory-users] password sync documentation
omight wrote:> Hi, > I''m trying to follow the documentation to setup synchronisation to > windows active directory. > >From the documentation: > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync-Configuring_Windows_Sync.html > [quote] > 2. Create a new cert8.db and key.db using certutil.exe on the Password > Sync machine. > certutil.exe -d . -N > ln -s slapd-serverID-cert8.db cert8.db > ln -s slapd-serverID-key3.db key3.db > [/quote] > > If I execute that in a new directory: > # certutil.exe -d . -N > # ln -s slapd-rhds-cert8.db cert8.db > ln: creating symbolic link `cert8.db'' to `slapd-rhds-cert8.db'': File exists > > I don''t follow why the ln -s should be executed? Why not start with part 3: > On the Directory Server, export the server certificate using pk12util. > pk12util -d . -o servercert.pfx -n Server-Cert >Yes. It looks like that section of the docs has not been updated for RHDS 8.0/Fedora DS 1.1. The key/cert db do not have a prefix anymore, so the ln -s step should be omitted.> Because SSL is already configured on this linux machine, so I guess I > can use the server-cert from that cert8.db? > Can someone clarify/confirm this? Thanks! > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
HI, Instead of creating symbolic links u can create all certificates in one directory and copy into the directory instance directory.For example copy all certficates inito /etc/dirsrv/slapd-xxx/.If any file is already existing it will ask u for overwrite while copying tell yes to all. Recently i implemented the user and pass sync from windows 2003 AD box.If you have any query mail me back. Regards lingu On Thu, Jul 17, 2008 at 4:49 PM, omight <omight@gmail.com> wrote:> Hi, > I''m trying to follow the documentation to setup synchronisation to > windows active directory. > >From the documentation: > > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync-Configuring_Windows_Sync.html > [quote] > 2. Create a new cert8.db and key.db using certutil.exe on the Password > Sync machine. > certutil.exe -d . -N > ln -s slapd-serverID-cert8.db cert8.db > ln -s slapd-serverID-key3.db key3.db > [/quote] > > If I execute that in a new directory: > # certutil.exe -d . -N > # ln -s slapd-rhds-cert8.db cert8.db > ln: creating symbolic link `cert8.db'' to `slapd-rhds-cert8.db'': File exists > > I don''t follow why the ln -s should be executed? Why not start with part 3: > On the Directory Server, export the server certificate using pk12util. > pk12util -d . -o servercert.pfx -n Server-Cert > > Because SSL is already configured on this linux machine, so I guess I > can use the server-cert from that cert8.db? > Can someone clarify/confirm this? Thanks! > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >