Hi All ,
I am doing Active directory ----> FDS ( ssl) , all attribute is replicated from ADC ---> FDS .. But i am not able to see password attribute in FDS ?
Replication FDS - working as master Passync for replication
replication is happening from Active Directory:636 ---- > FDS : 636 .
Am i am missing something ...
------Adc user profile , which is replicated in FDS ------- dn: uid=vramani, ou=People, dc=tf-lab,dc=test,dc=com ntUniqueId: f96921fe188c4b47a243ab088512103d givenName: vipul sn: r objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser uid: vramani ntUserDeleteAccount: true cn: vipul r ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807 ntUserCodePage: 0 ------ ----acess------
[14/Oct/2008:08:37:16 -0700] conn=4 op=170 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:16 -0700] conn=4 op=170 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:17 -0700] conn=4 op=171 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:17 -0700] conn=4 op=171 RESULT err=0 tag=101 nentries=0 etime=1 [14/Oct/2008:08:37:19 -0700] conn=4 op=173 SRCH base="dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL[14/Oct/2008:08:37:19 -0700] conn=4 op=173 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:19 -0700] conn=4 op=174 SRCH base="dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:19 -0700] conn=4 op=174 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:20 -0700] conn=4 op=175 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:20 -0700] conn=4 op=175 RESULT err=0 tag=101 nentries=1 etime=0[14/Oct/2008:08:37:26 -0700] conn=3 op=122 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:26 -0700] conn=3 op=122 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:27 -0700] conn=3 op=124 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:27 -0700] conn=3 op=124 RESULT err=0 tag=103 nentries=0 etime=0[14/Oct/2008:08:37:27 -0700] conn=3 op=125 SRCH base="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [14/Oct/2008:08:37:27 -0700] conn=3 op=125 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:31 -0700] conn=3 op=126 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL[14/Oct/2008:08:37:31 -0700] conn=3 op=126 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:31 -0700] conn=3 op=127 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:31 -0700] conn=3 op=127 RESULT err=0 tag=103 nentries=0 etime=0[14/Oct/2008:08:37:31 -0700] conn=3 op=128 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:31 -0700] conn=3 op=128 RESULT err=0 tag=103 nentries=0 etime=0 [14/Oct/2008:08:37:37 -0700] conn=4 op=176 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:37 -0700] conn=4 op=176 RESULT err=0 tag=101 nentries=18 etime=0 ------
thanks in Adv...
--- passyc log ---
10/14/08 17:05:56: Failed to load entries from file 10/14/08 17:05:56: Ldap bind error in Connect 48: Inappropriate authentication 10/14/08 17:05:56: Can not connect to ldap server in SyncPasswords -----------------------------
ADC ( where passysnc installed ) #
On the Directory Server, export the server certificate using pk12util.
FDS# pk12util -d . -o servercert.pfx -n Server-Cert
then ,
Import the server certificate from the Directory Server into the new certificate databases using pk12util.exe.
pk12util.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" -i servercert.pfx
then
Give trusted peer status to the server.
certutil.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" -M -n Server-Cert -t "P,P,P"
C:\Program Files (x86)\Red Hat Directory Password Synchronization>certutil.exe - L -d . -P CA certificate c,c,c Server-Cert Pu,Pu,Pu <-- imported from FDS
C:\Program Files (x86)\Red Hat Directory Password Synchronization> ---------------------------
still same error . ...
On Tue, Oct 14, 2008 at 3:42 PM, Vipul Ramani vipulramani@gmail.com wrote:
Hi All ,
I am doing Active directory ----> FDS ( ssl) , all attribute is replicated from ADC ---> FDS .. But i am not able to see password attribute in FDS ?
Replication FDS - working as master Passync for replication
replication is happening from Active Directory:636 ---- > FDS : 636 .
Am i am missing something ...
------Adc user profile , which is replicated in FDS ------- dn: uid=vramani, ou=People, dc=tf-lab,dc=test,dc=com ntUniqueId: f96921fe188c4b47a243ab088512103d givenName: vipul sn: r objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser uid: vramani ntUserDeleteAccount: true cn: vipul r ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807 ntUserCodePage: 0
----acess------
[14/Oct/2008:08:37:16 -0700] conn=4 op=170 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:16 -0700] conn=4 op=170 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:17 -0700] conn=4 op=171 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:17 -0700] conn=4 op=171 RESULT err=0 tag=101 nentries=0 etime=1 [14/Oct/2008:08:37:19 -0700] conn=4 op=173 SRCH base="dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL[14/Oct/2008:08:37:19 -0700] conn=4 op=173 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:19 -0700] conn=4 op=174 SRCH base="dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:19 -0700] conn=4 op=174 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:20 -0700] conn=4 op=175 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:20 -0700] conn=4 op=175 RESULT err=0 tag=101 nentries=1 etime=0[14/Oct/2008:08:37:26 -0700] conn=3 op=122 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:26 -0700] conn=3 op=122 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:27 -0700] conn=3 op=124 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:27 -0700] conn=3 op=124 RESULT err=0 tag=103 nentries=0 etime=0[14/Oct/2008:08:37:27 -0700] conn=3 op=125 SRCH base="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [14/Oct/2008:08:37:27 -0700] conn=3 op=125 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:31 -0700] conn=3 op=126 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL[14/Oct/2008:08:37:31 -0700] conn=3 op=126 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:31 -0700] conn=3 op=127 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:31 -0700] conn=3 op=127 RESULT err=0 tag=103 nentries=0 etime=0[14/Oct/2008:08:37:31 -0700] conn=3 op=128 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:31 -0700] conn=3 op=128 RESULT err=0 tag=103 nentries=0 etime=0 [14/Oct/2008:08:37:37 -0700] conn=4 op=176 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:37 -0700] conn=4 op=176 RESULT err=0 tag=101 nentries=18 etime=0
thanks in Adv...
I feel i am so close to solve this problem ..since long time .. if any 1 have clue where what i forgot ...
I changed password of cn=replication,cn=config
and now only i am getting error ----passsync log ----
10/14/08 17:24:19: Failed to load entries from file ##### I dont know Failed to load entires from FILE ( WHICH PassSync talking about ) ##### 10/14/08 17:26:41: Failed to load entries from file 10/14/08 17:26:41: PassSync service stopped 10/14/08 17:26:42: PassSync service started 10/14/08 17:26:42: Failed to load entries from file
---------------- /var/log/dir-serv/slapd-linux2/access
[14/Oct/2008:10:21:20 -0700] conn=38 fd=69 slot=69 SSL connection from 192.168.1.200 to 192.168.1.210 [14/Oct/2008:10:21:20 -0700] conn=38 SSL 128-bit RC4 [14/Oct/2008:10:21:20 -0700] conn=38 op=0 BIND dn="cn=replication,cn=config" method=128 version=2 [14/Oct/2008:10:21:20 -0700] conn=38 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=replication,cn=config" [14/Oct/2008:10:21:20 -0700] conn=38 op=1 UNBIND [14/Oct/2008:10:21:20 -0700] conn=38 op=1 fd=69 closed - U1 [14/Oct/2008:10:21:21 -0700] conn=39 fd=69 slot=69 SSL connection from 192.168.1.200 to 192.168.1.210 [14/Oct/2008:10:21:21 -0700] conn=39 SSL 128-bit RC4 [14/Oct/2008:10:21:21 -0700] conn=39 op=0 BIND dn="cn=replication,cn=config" method=128 version=2 [14/Oct/2008:10:21:21 -0700] conn=39 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=replication,cn=config" [14/Oct/2008:10:21:21 -0700] conn=39 op=1 UNBIND [14/Oct/2008:10:21:21 -0700] conn=39 op=1 fd=69 closed - U1
/var/log/dir-serv/slapd-linux2/errors NO ERRORs ..
On Tue, Oct 14, 2008 at 5:10 PM, Vipul Ramani vipulramani@gmail.com wrote:
--- passyc log ---
10/14/08 17:05:56: Failed to load entries from file 10/14/08 17:05:56: Ldap bind error in Connect 48: Inappropriate authentication 10/14/08 17:05:56: Can not connect to ldap server in SyncPasswords
ADC ( where passysnc installed ) #
On the Directory Server, export the server certificate using pk12util.
FDS# pk12util -d . -o servercert.pfx -n Server-Cert
then ,
Import the server certificate from the Directory Server into the new certificate databases using pk12util.exe.
pk12util.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" -i servercert.pfx
then
Give trusted peer status to the server.
certutil.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" -M -n Server-Cert -t "P,P,P"
C:\Program Files (x86)\Red Hat Directory Password Synchronization>certutil.exe - L -d . -P CA certificate c,c,c Server-Cert Pu,Pu,Pu <-- imported from FDS
C:\Program Files (x86)\Red Hat Directory Password Synchronization>
still same error . ...
On Tue, Oct 14, 2008 at 3:42 PM, Vipul Ramani vipulramani@gmail.comwrote:
Hi All ,
I am doing Active directory ----> FDS ( ssl) , all attribute is replicated from ADC ---> FDS .. But i am not able to see password attribute in FDS ?
Replication FDS - working as master Passync for replication
replication is happening from Active Directory:636 ---- > FDS : 636 .
Am i am missing something ...
------Adc user profile , which is replicated in FDS ------- dn: uid=vramani, ou=People, dc=tf-lab,dc=test,dc=com ntUniqueId: f96921fe188c4b47a243ab088512103d givenName: vipul sn: r objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser uid: vramani ntUserDeleteAccount: true cn: vipul r ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807 ntUserCodePage: 0
----acess------
[14/Oct/2008:08:37:16 -0700] conn=4 op=170 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:16 -0700] conn=4 op=170 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:17 -0700] conn=4 op=171 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:17 -0700] conn=4 op=171 RESULT err=0 tag=101 nentries=0 etime=1 [14/Oct/2008:08:37:19 -0700] conn=4 op=173 SRCH base="dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL[14/Oct/2008:08:37:19 -0700] conn=4 op=173 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:19 -0700] conn=4 op=174 SRCH base="dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:19 -0700] conn=4 op=174 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:20 -0700] conn=4 op=175 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:20 -0700] conn=4 op=175 RESULT err=0 tag=101 nentries=1 etime=0[14/Oct/2008:08:37:26 -0700] conn=3 op=122 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:26 -0700] conn=3 op=122 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:27 -0700] conn=3 op=124 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:27 -0700] conn=3 op=124 RESULT err=0 tag=103 nentries=0 etime=0[14/Oct/2008:08:37:27 -0700] conn=3 op=125 SRCH base="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [14/Oct/2008:08:37:27 -0700] conn=3 op=125 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:31 -0700] conn=3 op=126 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL[14/Oct/2008:08:37:31 -0700] conn=3 op=126 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:31 -0700] conn=3 op=127 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:31 -0700] conn=3 op=127 RESULT err=0 tag=103 nentries=0 etime=0[14/Oct/2008:08:37:31 -0700] conn=3 op=128 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:31 -0700] conn=3 op=128 RESULT err=0 tag=103 nentries=0 etime=0 [14/Oct/2008:08:37:37 -0700] conn=4 op=176 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:37 -0700] conn=4 op=176 RESULT err=0 tag=101 nentries=18 etime=0
thanks in Adv...
-- Regards
Vipul Ramani
Any luck ??? any 1 one who had pass through same problem ...
Clueless no errors ( FDS , ADC ) only PassSync Error ..which is mentioned below ...
On Tue, Oct 14, 2008 at 5:26 PM, Vipul Ramani vipulramani@gmail.com wrote:
I feel i am so close to solve this problem ..since long time .. if any 1 have clue where what i forgot ...
I changed password of cn=replication,cn=config
and now only i am getting error ----passsync log ----
10/14/08 17:24:19: Failed to load entries from file ##### I dont know Failed to load entires from FILE *( PassSync talking about which file ) *##### 10/14/08 17:26:41: Failed to load entries from file 10/14/08 17:26:41: PassSync service stopped 10/14/08 17:26:42: PassSync service started 10/14/08 17:26:42: Failed to load entries from file
/var/log/dir-serv/slapd-linux2/access
[14/Oct/2008:10:21:20 -0700] conn=38 fd=69 slot=69 SSL connection from 192.168.1.200 to 192.168.1.210 [14/Oct/2008:10:21:20 -0700] conn=38 SSL 128-bit RC4 [14/Oct/2008:10:21:20 -0700] conn=38 op=0 BIND dn="cn=replication,cn=config" method=128 version=2 [14/Oct/2008:10:21:20 -0700] conn=38 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=replication,cn=config" [14/Oct/2008:10:21:20 -0700] conn=38 op=1 UNBIND [14/Oct/2008:10:21:20 -0700] conn=38 op=1 fd=69 closed - U1 [14/Oct/2008:10:21:21 -0700] conn=39 fd=69 slot=69 SSL connection from 192.168.1.200 to 192.168.1.210 [14/Oct/2008:10:21:21 -0700] conn=39 SSL 128-bit RC4 [14/Oct/2008:10:21:21 -0700] conn=39 op=0 BIND dn="cn=replication,cn=config" method=128 version=2 [14/Oct/2008:10:21:21 -0700] conn=39 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=replication,cn=config" [14/Oct/2008:10:21:21 -0700] conn=39 op=1 UNBIND [14/Oct/2008:10:21:21 -0700] conn=39 op=1 fd=69 closed - U1
/var/log/dir-serv/slapd-linux2/errors NO ERRORs ..
On Tue, Oct 14, 2008 at 5:10 PM, Vipul Ramani vipulramani@gmail.comwrote:
--- passyc log ---
10/14/08 17:05:56: Failed to load entries from file 10/14/08 17:05:56: Ldap bind error in Connect 48: Inappropriate authentication 10/14/08 17:05:56: Can not connect to ldap server in SyncPasswords
ADC ( where passysnc installed ) #
On the Directory Server, export the server certificate using pk12util.
FDS# pk12util -d . -o servercert.pfx -n Server-Cert
then ,
Import the server certificate from the Directory Server into the new certificate databases using pk12util.exe.
pk12util.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" -i servercert.pfx
then
Give trusted peer status to the server.
certutil.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" -M -n Server-Cert -t "P,P,P"
C:\Program Files (x86)\Red Hat Directory Password Synchronization>certutil.exe - L -d . -P CA certificate c,c,c Server-Cert Pu,Pu,Pu <-- imported from FDS
C:\Program Files (x86)\Red Hat Directory Password Synchronization>
still same error . ...
On Tue, Oct 14, 2008 at 3:42 PM, Vipul Ramani vipulramani@gmail.comwrote:
Hi All ,
I am doing Active directory ----> FDS ( ssl) , all attribute is replicated from ADC ---> FDS .. But i am not able to see password attribute in FDS ?
Replication FDS - working as master Passync for replication
replication is happening from Active Directory:636 ---- > FDS : 636 .
Am i am missing something ...
------Adc user profile , which is replicated in FDS ------- dn: uid=vramani, ou=People, dc=tf-lab,dc=test,dc=com ntUniqueId: f96921fe188c4b47a243ab088512103d givenName: vipul sn: r objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser uid: vramani ntUserDeleteAccount: true cn: vipul r ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807 ntUserCodePage: 0
----acess------
[14/Oct/2008:08:37:16 -0700] conn=4 op=170 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:16 -0700] conn=4 op=170 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:17 -0700] conn=4 op=171 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:17 -0700] conn=4 op=171 RESULT err=0 tag=101 nentries=0 etime=1 [14/Oct/2008:08:37:19 -0700] conn=4 op=173 SRCH base="dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL[14/Oct/2008:08:37:19 -0700] conn=4 op=173 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:19 -0700] conn=4 op=174 SRCH base="dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:19 -0700] conn=4 op=174 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:20 -0700] conn=4 op=175 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:20 -0700] conn=4 op=175 RESULT err=0 tag=101 nentries=1 etime=0[14/Oct/2008:08:37:26 -0700] conn=3 op=122 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:26 -0700] conn=3 op=122 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:27 -0700] conn=3 op=124 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:27 -0700] conn=3 op=124 RESULT err=0 tag=103 nentries=0 etime=0[14/Oct/2008:08:37:27 -0700] conn=3 op=125 SRCH base="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [14/Oct/2008:08:37:27 -0700] conn=3 op=125 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:31 -0700] conn=3 op=126 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL[14/Oct/2008:08:37:31 -0700] conn=3 op=126 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:31 -0700] conn=3 op=127 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:31 -0700] conn=3 op=127 RESULT err=0 tag=103 nentries=0 etime=0[14/Oct/2008:08:37:31 -0700] conn=3 op=128 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:31 -0700] conn=3 op=128 RESULT err=0 tag=103 nentries=0 etime=0 [14/Oct/2008:08:37:37 -0700] conn=4 op=176 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:37 -0700] conn=4 op=176 RESULT err=0 tag=101 nentries=18 etime=0
thanks in Adv...
-- Regards
Vipul Ramani
-- Regards
Vipul Ramani
Vipul Ramani wrote:
Any luck ??? any 1 one who had pass through same problem ...
Clueless no errors ( FDS , ADC ) only PassSync Error ..which is mentioned below ...
On Tue, Oct 14, 2008 at 5:26 PM, Vipul Ramani <vipulramani@gmail.com mailto:vipulramani@gmail.com> wrote:
I feel i am so close to solve this problem ..since long time .. if any 1 have clue where what i forgot ... I changed password of cn=replication,cn=config and now only i am getting error ----passsync log ---- 10/14/08 17:24:19: Failed to load entries from file ##### I dont know Failed to load entires from FILE *( PassSync talking about which file ) *##### 10/14/08 17:26:41: Failed to load entries from file 10/14/08 17:26:41: PassSync service stopped 10/14/08 17:26:42: PassSync service started 10/14/08 17:26:42: Failed to load entries from file
I'm not sure, but I think this means that there were no passwords to sync from AD to Fedora DS. It keeps a queue of passwords to send in a file (encrypted).
---------------- /var/log/dir-serv/slapd-linux2/access [14/Oct/2008:10:21:20 -0700] conn=38 fd=69 slot=69 SSL connection from 192.168.1.200 <http://192.168.1.200> to 192.168.1.210 <http://192.168.1.210> [14/Oct/2008:10:21:20 -0700] conn=38 SSL 128-bit RC4 [14/Oct/2008:10:21:20 -0700] conn=38 op=0 BIND dn="cn=replication,cn=config" method=128 version=2 [14/Oct/2008:10:21:20 -0700] conn=38 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=replication,cn=config" [14/Oct/2008:10:21:20 -0700] conn=38 op=1 UNBIND [14/Oct/2008:10:21:20 -0700] conn=38 op=1 fd=69 closed - U1 [14/Oct/2008:10:21:21 -0700] conn=39 fd=69 slot=69 SSL connection from 192.168.1.200 <http://192.168.1.200> to 192.168.1.210 <http://192.168.1.210> [14/Oct/2008:10:21:21 -0700] conn=39 SSL 128-bit RC4 [14/Oct/2008:10:21:21 -0700] conn=39 op=0 BIND dn="cn=replication,cn=config" method=128 version=2 [14/Oct/2008:10:21:21 -0700] conn=39 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=replication,cn=config" [14/Oct/2008:10:21:21 -0700] conn=39 op=1 UNBIND [14/Oct/2008:10:21:21 -0700] conn=39 op=1 fd=69 closed - U1 /var/log/dir-serv/slapd-linux2/errors NO ERRORs .. On Tue, Oct 14, 2008 at 5:10 PM, Vipul Ramani <vipulramani@gmail.com <mailto:vipulramani@gmail.com>> wrote: --- passyc log --- 10/14/08 17:05:56: Failed to load entries from file 10/14/08 17:05:56: Ldap bind error in Connect 48: Inappropriate authentication 10/14/08 17:05:56: Can not connect to ldap server in SyncPasswords ----------------------------- ADC ( where passysnc installed ) # On the Directory Server, export the server certificate using |pk12util|. FDS# pk12util -d . -o servercert.pfx -n Server-Cert then , Import the server certificate from the Directory Server into the new certificate databases using p|k12util.exe|. pk12util.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" -i servercert.pfx then Give trusted peer status to the server. certutil.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" -M -n Server-Cert -t "P,P,P" C:\Program Files (x86)\Red Hat Directory Password Synchronization>certutil.exe - L -d . -P CA certificate c,c,c Server-Cert Pu,Pu,Pu <-- imported from FDS C:\Program Files (x86)\Red Hat Directory Password Synchronization> --------------------------- still same error . ... On Tue, Oct 14, 2008 at 3:42 PM, Vipul Ramani <vipulramani@gmail.com <mailto:vipulramani@gmail.com>> wrote: Hi All , I am doing Active directory ----> FDS ( ssl) , all attribute is replicated from ADC ---> FDS .. But i am not able to see password attribute in FDS ? Replication FDS - working as master Passync for replication replication is happening from Active Directory:636 ---- > FDS : 636 . Am i am missing something ... ------Adc user profile , which is replicated in FDS ------- dn: uid=vramani, ou=People, dc=tf-lab,dc=test,dc=com ntUniqueId: f96921fe188c4b47a243ab088512103d givenName: vipul sn: r objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser uid: vramani ntUserDeleteAccount: true cn: vipul r ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807 ntUserCodePage: 0 ------ ----acess------ [14/Oct/2008:08:37:16 -0700] conn=4 op=170 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:16 -0700] conn=4 op=170 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:17 -0700] conn=4 op=171 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:17 -0700] conn=4 op=171 RESULT err=0 tag=101 nentries=0 etime=1 [14/Oct/2008:08:37:19 -0700] conn=4 op=173 SRCH base="dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL[14/Oct/2008:08:37:19 -0700] conn=4 op=173 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:19 -0700] conn=4 op=174 SRCH base="dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:19 -0700] conn=4 op=174 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:20 -0700] conn=4 op=175 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:20 -0700] conn=4 op=175 RESULT err=0 tag=101 nentries=1 etime=0[14/Oct/2008:08:37:26 -0700] conn=3 op=122 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL [14/Oct/2008:08:37:26 -0700] conn=3 op=122 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:27 -0700] conn=3 op=124 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:27 -0700] conn=3 op=124 RESULT err=0 tag=103 nentries=0 etime=0[14/Oct/2008:08:37:27 -0700] conn=3 op=125 SRCH base="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [14/Oct/2008:08:37:27 -0700] conn=3 op=125 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:31 -0700] conn=3 op=126 SRCH base="cn=replication,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL[14/Oct/2008:08:37:31 -0700] conn=3 op=126 RESULT err=0 tag=101 nentries=1 etime=0 [14/Oct/2008:08:37:31 -0700] conn=3 op=127 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:31 -0700] conn=3 op=127 RESULT err=0 tag=103 nentries=0 etime=0[14/Oct/2008:08:37:31 -0700] conn=3 op=128 MOD dn="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test,dc=com\22, cn=mapping tree, cn=config" [14/Oct/2008:08:37:31 -0700] conn=3 op=128 RESULT err=0 tag=103 nentries=0 etime=0 [14/Oct/2008:08:37:37 -0700] conn=4 op=176 SRCH base="ou=People, dc=tf-lab,dc=test,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass" [14/Oct/2008:08:37:37 -0700] conn=4 op=176 RESULT err=0 tag=101 nentries=18 etime=0 ------ thanks in Adv... -- Regards Vipul Ramani -- Regards Vipul Ramani
-- Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hi Rich ,
But i can login and changed the password of ADC users. :(
is there any other way to debug in to the deep ??? Kindly suggest i am ready ....
I'm not sure, but I think this means that there were no passwords to sync from AD to Fedora DS. It keeps a queue of passwords to send in a file (encrypted).
Regards Vipul Ramani
Vipul Ramani wrote:
Hi Rich ,
But i can login and changed the password of ADC users. :(
is there any other way to debug in to the deep ??? Kindly suggest i am ready ....
I don't know.
I'm not sure, but I think this means that there were no passwords to sync from AD to Fedora DS. It keeps a queue of passwords to send in a file (encrypted).
Regards Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hi,
I've lost my directory server admin password, how do i recover it ?, so that i can manage the DS via GUI interface on the machine
Help Please
On Thu, Oct 16, 2008 at 10:10 AM, Eric Beda ebeda@udsm.ac.tz wrote:
Hi,
I've lost my directory server admin password, how do i recover it ?, so that i can manage the DS via GUI interface on the machine
If you mean the directory manager password check this link :
http://directory.fedoraproject.org/wiki/Howto:ResetDirMgrPassword
If you remember the password of your directory manager password you can log with directory manager through the console and change the admin user under o=netscaperoot or you can perform the following :
$ slappasswd -v -c '$1$%.8s' -h {CRYPT} run the above command and supply your new password, then copy the output
Then issue ldapmodify command:
$ ldapmodify -x -h localhost -D"cn=Directory Manager" -W dn : uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot changetype: modify replace: userPassword userPassword: 'paste clipboard'
Help Please
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Diaa Radwan
I enabled logleve 8192 in error log of FDS
linux2.test2.com is FDS and LABDC01 is ADC
I created sync aggrement between LDAP:636 and ADC:636 , but in logs it shows still *ldap://linux2.test2.com:389 ---
---- error of FDS ---- *
16/Oct/2008:07:33:15 -0700] - acquire_replica, supplier RUV is newer [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Cancelling linger on the connection [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - windows_acquire_replica returned success (101) [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): State: ready_to_acquire_replica -> sending_updates[16/Oct/2008:07:33:15 -0700] - csngen_adjust_time: gen state before 48f750ab0003:1224167595:0:0 [16/Oct/2008:07:33:15 -0700] - _cl5PositionCursorForReplay (agmt="cn=Vedant" (LABDC01:636)): Consumer RUV: [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replicageneration} 48f373b90000014d0000[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replica 333 ldap://linux2.test2.com:389} 48f3772f0000014d0000 48f74f7b0013014d0000 48f74f7b [16/Oct/2008:07:33:15 -0700] - _cl5PositionCursorForReplay (agmt="cn=Vedant" *(LABDC01:636)*): Supplier RUV:[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replicageneration} 48f373b90000014d0000 [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replica 333 *ldap://linux2.test2.com:389*} 48f3772f0000014d0000 48f750ab0001014d0000 48f750ab [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - session start: anchorcsn=48f74f7b0013014d0000 [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - changelog program - agmt="cn=Vedant" (LABDC01:636): CSN 48f74f7b0013014d0000 found , position set for replay [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - load=1 rec=1 csn=48f750ab0001014d0000[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): windows_replay_update: Looking at modify operation local dn="uid=vramani,ou=people,dc=tf-lab,dc=test2,dc=com" (ours,user,not group) [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): map_entry_dn_outbound: looking for AD entry for DS dn="uid=vramani,ou=People, dc=tf-lab,dc=test2,dc=com" guid="f96921fe188c4b47a243ab088512103d" [16/Oct/2008:07:33:15 -0700] - Calling windows entry search request plugin[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Linger timeout has expired on the connection [16/Oct/2008:07:33:15 -0700] - windows_search_entry: recieved 2 messages, 1 entries, 0 references [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): map_entry_dn_outbound: return code 0 from search f or AD entry dn="<GUID=f96921fe188c4b47a243ab088512103d>" or dn="CN=vipul r,CN=Users,DC=tf-lab,DC=test2,DC=com" [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): windows_replay_update: Processing modify operation local dn="uid=vramani,ou=people,dc=tf-lab,dc=test2,dc=com" remote dn="<GUID=f96921fe188c4b47a243ab088512103d>" [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - clcache_load_buffer: rc=-30989
-----
i see this *" Linger time out has expired the connection " *
16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Beginning linger on the connection [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): State: sending_updates -> wait_for_changes [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): *Linger timeout has expired on the connection* [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Disconnected from the consumer
Any any clue
On Wed, Oct 15, 2008 at 2:15 PM, Vipul Ramani vipulramani@gmail.com wrote:
Hi Rich ,
But i can login and changed the password of ADC users. :(
is there any other way to debug in to the deep ??? Kindly suggest i am ready ....
I'm not sure, but I think this means that there were no passwords to sync from AD to Fedora DS. It keeps a queue of passwords to send in a file (encrypted).
Regards Vipul Ramani
Vipul Ramani wrote:
I enabled logleve 8192 in error log of FDS
linux2.test2.com http://linux2.test2.com is FDS and LABDC01 is ADC
I created sync aggrement between LDAP:636 and ADC:636 , but in logs it shows still *ldap://linux2.test2.com:389 http://linux2.test2.com:389
That's just the "name" of the agreement not the actual protocol and port used to connect. It looks as though the code is successfully connecting to AD.
---- error of FDS ----
16/Oct/2008:07:33:15 -0700] - acquire_replica, supplier RUV is newer [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Cancelling linger on the connection [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - windows_acquire_replica returned success (101) [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): State: ready_to_acquire_replica -> sending_updates[16/Oct/2008:07:33:15 -0700] - csngen_adjust_time: gen state before 48f750ab0003:1224167595:0:0 [16/Oct/2008:07:33:15 -0700] - _cl5PositionCursorForReplay (agmt="cn=Vedant" (LABDC01:636)): Consumer RUV: [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replicageneration} 48f373b90000014d0000[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin
- agmt="cn=Vedant" (LABDC01:636): {replica 333
ldap://linux2.test2.com:389 http://linux2.test2.com:389} 48f3772f0000014d0000 48f74f7b0013014d0000 48f74f7b [16/Oct/2008:07:33:15 -0700] - _cl5PositionCursorForReplay (agmt="cn=Vedant" *(LABDC01:636)*): Supplier RUV:[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replicageneration} 48f373b90000014d0000 [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replica 333 *ldap://linux2.test2.com:389 http://linux2.test2.com:389*} 48f3772f0000014d0000 48f750ab0001014d0000 48f750ab [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - session start: anchorcsn=48f74f7b0013014d0000 [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - changelog program
- agmt="cn=Vedant" (LABDC01:636): CSN 48f74f7b0013014d0000 found
, position set for replay [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - load=1 rec=1 csn=48f750ab0001014d0000[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): windows_replay_update: Looking at modify operation local dn="uid=vramani,ou=people,dc=tf-lab,dc=test2,dc=com" (ours,user,not group) [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): map_entry_dn_outbound: looking for AD entry for DS dn="uid=vramani,ou=People, dc=tf-lab,dc=test2,dc=com" guid="f96921fe188c4b47a243ab088512103d" [16/Oct/2008:07:33:15 -0700] - Calling windows entry search request plugin[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Linger timeout has expired on the connection [16/Oct/2008:07:33:15 -0700] - windows_search_entry: recieved 2 messages, 1 entries, 0 references [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): map_entry_dn_outbound: return code 0 from search f or AD entry dn="<GUID=f96921fe188c4b47a243ab088512103d>" or dn="CN=vipul r,CN=Users,DC=tf-lab,DC=test2,DC=com" [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): windows_replay_update: Processing modify operation local dn="uid=vramani,ou=people,dc=tf-lab,dc=test2,dc=com" remote dn="<GUID=f96921fe188c4b47a243ab088512103d>" [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - clcache_load_buffer: rc=-30989
i see this *" Linger time out has expired the connection " *
16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Beginning linger on the connection [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): State: sending_updates -> wait_for_changes [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): *Linger timeout has expired on the connection* [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Disconnected from the consumer
Any any clue
That's normal. I don't see any errors here.
On Wed, Oct 15, 2008 at 2:15 PM, Vipul Ramani <vipulramani@gmail.com mailto:vipulramani@gmail.com> wrote:
Hi Rich , But i can login and changed the password of ADC users. :( is there any other way to debug in to the deep ??? Kindly suggest i am ready .... I'm not sure, but I think this means that there were no passwords to sync from AD to Fedora DS. It keeps a queue of passwords to send in a file (encrypted). Regards Vipul Ramani
-- Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hey Rich ,
Do really need *Password policy @ Active directory and Password policy @ FDS needs to be same .... is that i am missing ... *
On Thu, Oct 16, 2008 at 2:44 PM, Vipul Ramani vipulramani@gmail.com wrote:
I enabled logleve 8192 in error log of FDS
linux2.test2.com is FDS and LABDC01 is ADC
I created sync aggrement between LDAP:636 and ADC:636 , but in logs it shows still *ldap://linux2.test2.com:389 ---
---- error of FDS ----
16/Oct/2008:07:33:15 -0700] - acquire_replica, supplier RUV is newer [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Cancelling linger on the connection [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - windows_acquire_replica returned success (101) [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): State: ready_to_acquire_replica -> sending_updates[16/Oct/2008:07:33:15 -0700] - csngen_adjust_time: gen state before 48f750ab0003:1224167595:0:0 [16/Oct/2008:07:33:15 -0700] - _cl5PositionCursorForReplay (agmt="cn=Vedant" (LABDC01:636)): Consumer RUV: [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replicageneration} 48f373b90000014d0000[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replica 333 ldap://linux2.test2.com:389} 48f3772f0000014d0000 48f74f7b0013014d0000 48f74f7b [16/Oct/2008:07:33:15 -0700] - _cl5PositionCursorForReplay (agmt="cn=Vedant" *(LABDC01:636)*): Supplier RUV:[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replicageneration} 48f373b90000014d0000 [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replica 333 *ldap://linux2.test2.com:389*} 48f3772f0000014d0000 48f750ab0001014d0000 48f750ab [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - session start: anchorcsn=48f74f7b0013014d0000 [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - changelog program - agmt="cn=Vedant" (LABDC01:636): CSN 48f74f7b0013014d0000 found , position set for replay [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - load=1 rec=1 csn=48f750ab0001014d0000[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): windows_replay_update: Looking at modify operation local dn="uid=vramani,ou=people,dc=tf-lab,dc=test2,dc=com" (ours,user,not group) [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): map_entry_dn_outbound: looking for AD entry for DS dn="uid=vramani,ou=People, dc=tf-lab,dc=test2,dc=com" guid="f96921fe188c4b47a243ab088512103d" [16/Oct/2008:07:33:15 -0700] - Calling windows entry search request plugin[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Linger timeout has expired on the connection [16/Oct/2008:07:33:15 -0700] - windows_search_entry: recieved 2 messages, 1 entries, 0 references [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): map_entry_dn_outbound: return code 0 from search f or AD entry dn="<GUID=f96921fe188c4b47a243ab088512103d>" or dn="CN=vipul r,CN=Users,DC=tf-lab,DC=test2,DC=com" [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): windows_replay_update: Processing modify operation local dn="uid=vramani,ou=people,dc=tf-lab,dc=test2,dc=com" remote dn="<GUID=f96921fe188c4b47a243ab088512103d>" [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - clcache_load_buffer: rc=-30989
i see this *" Linger time out has expired the connection " *
16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Beginning linger on the connection [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): State: sending_updates -> wait_for_changes [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): *Linger timeout has expired on the connection* [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Disconnected from the consumer
Any any clue
On Wed, Oct 15, 2008 at 2:15 PM, Vipul Ramani vipulramani@gmail.comwrote:
Hi Rich ,
But i can login and changed the password of ADC users. :(
is there any other way to debug in to the deep ??? Kindly suggest i am ready ....
I'm not sure, but I think this means that there were no passwords to sync from AD to Fedora DS. It keeps a queue of passwords to send in a file (encrypted).
Regards Vipul Ramani
-- Regards
Vipul Ramani
Vipul Ramani wrote:
Hey Rich ,
Do really need *Password policy @ Active directory and Password policy @ FDS needs to be same .... is that i am missing ...
If you don't manually make them the same, then you run the risk that a password accepted on AD will be rejected on FDS, or vice versa.
On Thu, Oct 16, 2008 at 2:44 PM, Vipul Ramani <vipulramani@gmail.com mailto:vipulramani@gmail.com> wrote:
I enabled logleve 8192 in error log of FDS linux2.test2.com <http://linux2.test2.com> is FDS and LABDC01 is ADC I created sync aggrement between LDAP:636 and ADC:636 , but in logs it shows still *ldap://linux2.test2.com:389 <http://linux2.test2.com:389> --- ---- error of FDS ---- * 16/Oct/2008:07:33:15 -0700] - acquire_replica, supplier RUV is newer [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Cancelling linger on the connection [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - windows_acquire_replica returned success (101) [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): State: ready_to_acquire_replica -> sending_updates[16/Oct/2008:07:33:15 -0700] - csngen_adjust_time: gen state before 48f750ab0003:1224167595:0:0 [16/Oct/2008:07:33:15 -0700] - _cl5PositionCursorForReplay (agmt="cn=Vedant" (LABDC01:636)): Consumer RUV: [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replicageneration} 48f373b90000014d0000[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replica 333 ldap://linux2.test2.com:389 <http://linux2.test2.com:389>} 48f3772f0000014d0000 48f74f7b0013014d0000 48f74f7b [16/Oct/2008:07:33:15 -0700] - _cl5PositionCursorForReplay (agmt="cn=Vedant" *(LABDC01:636)*): Supplier RUV:[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replicageneration} 48f373b90000014d0000 [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): {replica 333 *ldap://linux2.test2.com:389 <http://linux2.test2.com:389>*} 48f3772f0000014d0000 48f750ab0001014d0000 48f750ab [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - session start: anchorcsn=48f74f7b0013014d0000 [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - changelog program - agmt="cn=Vedant" (LABDC01:636): CSN 48f74f7b0013014d0000 found , position set for replay [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - load=1 rec=1 csn=48f750ab0001014d0000[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): windows_replay_update: Looking at modify operation local dn="uid=vramani,ou=people,dc=tf-lab,dc=test2,dc=com" (ours,user,not group) [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): map_entry_dn_outbound: looking for AD entry for DS dn="uid=vramani,ou=People, dc=tf-lab,dc=test2,dc=com" guid="f96921fe188c4b47a243ab088512103d" [16/Oct/2008:07:33:15 -0700] - Calling windows entry search request plugin[16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Linger timeout has expired on the connection [16/Oct/2008:07:33:15 -0700] - windows_search_entry: recieved 2 messages, 1 entries, 0 references [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): map_entry_dn_outbound: return code 0 from search f or AD entry dn="<GUID=f96921fe188c4b47a243ab088512103d>" or dn="CN=vipul r,CN=Users,DC=tf-lab,DC=test2,DC=com" [16/Oct/2008:07:33:15 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): windows_replay_update: Processing modify operation local dn="uid=vramani,ou=people,dc=tf-lab,dc=test2,dc=com" remote dn="<GUID=f96921fe188c4b47a243ab088512103d>" [16/Oct/2008:07:33:15 -0700] agmt="cn=Vedant" (LABDC01:636) - clcache_load_buffer: rc=-30989 ----- i see this *" Linger time out has expired the connection " * 16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Beginning linger on the connection [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): State: sending_updates -> wait_for_changes [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): *Linger timeout has expired on the connection* [16/Oct/2008:07:43:16 -0700] NSMMReplicationPlugin - agmt="cn=Vedant" (LABDC01:636): Disconnected from the consumer Any any clue On Wed, Oct 15, 2008 at 2:15 PM, Vipul Ramani <vipulramani@gmail.com <mailto:vipulramani@gmail.com>> wrote: Hi Rich , But i can login and changed the password of ADC users. :( is there any other way to debug in to the deep ??? Kindly suggest i am ready .... I'm not sure, but I think this means that there were no passwords to sync from AD to Fedora DS. It keeps a queue of passwords to send in a file (encrypted). Regards Vipul Ramani -- Regards Vipul Ramani
-- Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hi Rich ,
i have done setup from scratch ... again ...acutally this is my ( 9th time i am testing... )
for CA - i generated certification of requst from FDS and and that CSR is signed by ADC - CA . Then i installed @ CA @ FDS ..
------------ error -- ------------- NSMMReplicationPlugin - agmt ="cn=vedant " ( labdc01:636) : simple bind failed , LDAP sdk error 91 ( Can't connect to the LDAP server ) , Netscape Portable Runtime error - 8179 ( Peer's Certificate issuer is not recoginzed )
------------
I have one question - I ADC it installted i think StandAlone CA - not Enterprise CA ( i am not Windows Admin and i dont know much about ADC ) ...
so , to work PassSYN - FDS CSR must be signed by *" Enterprise CA "* ???
*and Any tip how to do i check on win2003 ( x64 edition ) Enterprise CA is installed or not ???? ... *
thanks in adv to all ... FDS users ...
Regards Vipul Ramani
Vipul Ramani wrote:
Hi Rich ,
i have done setup from scratch ... again ...acutally this is my ( 9th time i am testing... )
for CA - i generated certification of requst from FDS and and that CSR is signed by ADC - CA . Then i installed @ CA @ FDS ..
------------ error -- ------------- NSMMReplicationPlugin - agmt ="cn=vedant " ( labdc01:636) : simple bind failed , LDAP sdk error 91 ( Can't connect to the LDAP server ) , Netscape Portable Runtime error - 8179 ( Peer's Certificate issuer is not recoginzed )
How did you install the MS CA cert into Fedora DS? certutil -L -d /etc/dirsrv/slapd-instancename
I have one question - I ADC it installted i think StandAlone CA - not Enterprise CA ( i am not Windows Admin and i dont know much about ADC ) ...
so , to work PassSYN - FDS CSR must be signed by *" Enterprise CA "* ???
*and Any tip how to do i check on win2003 ( x64 edition ) Enterprise CA is installed or not ???? ...
I've only used Enterprise CA, because if you do that, AD will automatically get an SSL server cert. Otherwise, I'm not sure how to configure AD to be an SSL server.
Note that we only provide a 32-bit binary for passsync. I have no idea if it will work on 64-bit Windows - we've never tested that.
The code is all open source though, and should be buildable with the free microsoft visual studio C++.
thanks in adv to all ... FDS users ...
Regards Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hi Rich ,
I installed from Fedora console - i copied MS CA on Window box then i did install using Fedora directory Console.
Vipul Ramani wrote:
Hi Rich ,
i have done setup from scratch ... again ...acutally this is my ( 9th time i am testing... ) for CA - i generated certification of requst from FDS and and that CSR is signed by ADC - CA . Then i installed @ CA @ FDS ..
------------ error -- -------------
NSMMReplicationPlugin - agmt ="cn=vedant " ( labdc01:636) : simple bind failed , LDAP sdk error 91 ( Can't connect to the LDAP server ) , Netscape Portable Runtime error - 8179 ( Peer's Certificate issuer is not recoginzed )
How did you install the MS CA cert into Fedora DS? certutil -L -d /etc/dirsrv/slapd-instancename
------------
I have one question - I ADC it installted i think StandAlone CA - not Enterprise CA ( i am not Windows Admin and i dont know much about ADC ) ...
so , to work PassSYN - FDS CSR must be signed by *" Enterprise CA "* ???
*and Any tip how to do i check on win2003 ( x64 edition ) Enterprise CA is installed or not ???? ...
*
I've only used Enterprise CA, because if you do that, AD will automatically get an SSL server cert. Otherwise, I'm not sure how to configure AD to be an SSL server. Note that we only provide a 32-bit binary for passsync. I have no idea if it will work on 64-bit Windows - we've never tested that. The code is all open source though, and should be buildable with the free microsoft visual studio C++.
On Sun, Oct 19, 2008 at 10:21 PM, Vipul Ramani vipulramani@gmail.comwrote:
Hi Rich ,
i have done setup from scratch ... again ...acutally this is my ( 9th time i am testing... )
for CA - i generated certification of requst from FDS and and that CSR is signed by ADC - CA . Then i installed @ CA @ FDS ..
------------ error -- ------------- NSMMReplicationPlugin - agmt ="cn=vedant " ( labdc01:636) : simple bind failed , LDAP sdk error 91 ( Can't connect to the LDAP server ) , Netscape Portable Runtime error - 8179 ( Peer's Certificate issuer is not recoginzed )
I have one question - I ADC it installted i think StandAlone CA - not Enterprise CA ( i am not Windows Admin and i dont know much about ADC ) ...
so , to work PassSYN - FDS CSR must be signed by *" Enterprise CA "* ???
*and Any tip how to do i check on win2003 ( x64 edition ) Enterprise CA is installed or not ???? ...
thanks in adv to all ... FDS users ...
Regards Vipul Ramani
Vipul Ramani wrote:
Hi Rich ,
I installed from Fedora console - i copied MS CA on Window box then i did install using Fedora directory Console.
certutil -L -d /etc/dirsrv/slapd-instancename
Vipul Ramani wrote:
Hi Rich , i have done setup from scratch ... again ...acutally this is my ( 9th time i am testing... ) for CA - i generated certification of requst from FDS and and that CSR is signed by ADC - CA . Then i installed @ CA @ FDS .. ------------ error -- ------------- NSMMReplicationPlugin - agmt ="cn=vedant " ( labdc01:636) : simple bind failed , LDAP sdk error 91 ( Can't connect to the LDAP server ) , Netscape Portable Runtime error - 8179 ( Peer's Certificate issuer is not recoginzed )
How did you install the MS CA cert into Fedora DS? certutil -L -d /etc/dirsrv/slapd-instancename
------------ I have one question - I ADC it installted i think StandAlone CA - not Enterprise CA ( i am not Windows Admin and i dont know much about ADC ) ... so , to work PassSYN - FDS CSR must be signed by *" Enterprise CA "* ??? *and Any tip how to do i check on win2003 ( x64 edition ) Enterprise CA is installed or not ???? ... *
I've only used Enterprise CA, because if you do that, AD will automatically get an SSL server cert. Otherwise, I'm not sure how to configure AD to be an SSL server. Note that we only provide a 32-bit binary for passsync. I have no idea if it will work on 64-bit Windows
- we've never tested that. The code is all open source though, and
should be buildable with the free microsoft visual studio C++.
On Sun, Oct 19, 2008 at 10:21 PM, Vipul Ramani <vipulramani@gmail.com mailto:vipulramani@gmail.com> wrote:
Hi Rich , i have done setup from scratch ... again ...acutally this is my ( 9th time i am testing... ) for CA - i generated certification of requst from FDS and and that CSR is signed by ADC - CA . Then i installed @ CA @ FDS .. ------------ error -- ------------- NSMMReplicationPlugin - agmt ="cn=vedant " ( labdc01:636) : simple bind failed , LDAP sdk error 91 ( Can't connect to the LDAP server ) , Netscape Portable Runtime error - 8179 ( Peer's Certificate issuer is not recoginzed ) ------------ I have one question - I ADC it installted i think StandAlone CA - not Enterprise CA ( i am not Windows Admin and i dont know much about ADC ) ... so , to work PassSYN - FDS CSR must be signed by *" Enterprise CA "* ??? *and Any tip how to do i check on win2003 ( x64 edition ) Enterprise CA is installed or not ???? ... * thanks in adv to all ... FDS users ... Regards Vipul Ramani
-- Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Vipul Ramani wrote:
Hi Rich ,
I installed from Fedora console - i copied MS CA on Window box then i did install using Fedora directory Console.
certutil -L -d /etc/dirsrv/slapd-instancename
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI
CA CTu,u,u Server-Cert u,u,u linux2 CTu,u,u <-- this Cert is signed by ADC CA [root@linux2 ~]#
And Sample profile which is replicated from ADC
dn: uid=vramani, ou=People, dc=tf-lab,dc=test2,dc=com ntUniqueId: f6bcff406f334d46824236fc82f2b762 ntUserLastLogoff: 0 givenName: vipul sn: ramani ntUserParms:: bSAgICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgICA gUAQaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C 5EggBQ3R4U2hhZG9345Cw44Cw44Cw44CwKgIBQ3R4TWluRW5jcnlwdGlvbkxldmVs44Sw objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser uid: vramani ntUserDeleteAccount: true cn: vipul ramani ntUserLastLogon: 128687513442500000 ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807 ntUserCodePage: 0
Vipul Ramani wrote:
Vipul Ramani wrote:
Hi Rich , I installed from Fedora console - i copied MS CA on Window box then i did install using Fedora directory Console.
certutil -L -d /etc/dirsrv/slapd-instancename
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA CTu,u,u Server-Cert u,u,u
linux2 CTu,u,u <-- this Cert is signed by ADC CA [root@linux2 ~]#
Which one is the MS CA cert? The MS CA cert is required.
And Sample profile which is replicated from ADC
dn: uid=vramani, ou=People, dc=tf-lab,dc=test2,dc=com
ntUniqueId: f6bcff406f334d46824236fc82f2b762 ntUserLastLogoff: 0 givenName: vipul sn: ramani ntUserParms:: bSAgICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgICA gUAQaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C
5EggBQ3R4U2hhZG9345Cw44Cw44Cw44CwKgIBQ3R4TWluRW5jcnlwdGlvbkxldmVs44Sw objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser uid: vramani
ntUserDeleteAccount: true cn: vipul ramani ntUserLastLogon: 128687513442500000 ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807 ntUserCodePage: 0
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Rich ,
i tell you how i did
https://localhosts/certsrv/ ---> download cert in DER form and imported in FDS console ...
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA CTu,u,u Server-Cert u,u,u linux2 CTu,u,u <-- this Cert is signed by ADC CA *labdc01 CT,, <---- MS CA Cert *
sorry i missed last line ... last email .
But no Luck ...
On Mon, Oct 20, 2008 at 11:36 AM, Vipul Ramani vipulramani@gmail.comwrote:
Vipul Ramani wrote:
Hi Rich ,
I installed from Fedora console - i copied MS CA on Window box then i did install using Fedora directory Console.
certutil -L -d /etc/dirsrv/slapd-instancename
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA CTu,u,u Server-Cert u,u,u
linux2 CTu,u,u <-- this Cert is signed by ADC CA [root@linux2 ~]#
And Sample profile which is replicated from ADC
dn: uid=vramani, ou=People, dc=tf-lab,dc=test2,dc=com
ntUniqueId: f6bcff406f334d46824236fc82f2b762 ntUserLastLogoff: 0 givenName: vipul sn: ramani ntUserParms:: bSAgICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgICA gUAQaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C
5EggBQ3R4U2hhZG9345Cw44Cw44Cw44CwKgIBQ3R4TWluRW5jcnlwdGlvbkxldmVs44Sw objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser uid: vramani
ntUserDeleteAccount: true cn: vipul ramani ntUserLastLogon: 128687513442500000 ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807 ntUserCodePage: 0
Vipul Ramani wrote:
Rich ,
i tell you how i did
https://localhosts/certsrv/ ---> download cert in DER form and imported in FDS console ...
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA CTu,u,u
What is this CA? certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA"
Server-Cert u,u,u linux2 CTu,u,u <-- this Cert is signed by ADC CA
certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2" Make sure the subjectDN starts with cn=fqdn where fqdn is the FQDN of linux2
*labdc01 CT,, <---- MS CA Cert *
sorry i missed last line ... last email .
But no Luck ...
A good way to test TLS/SSL is to use ldapsearch: /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P /etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*"
If that works, then you have the CA installed correctly, and the AD server cert is correct.
On Mon, Oct 20, 2008 at 11:36 AM, Vipul Ramani <vipulramani@gmail.com mailto:vipulramani@gmail.com> wrote:
Vipul Ramani wrote: Hi Rich , I installed from Fedora console - i copied MS CA on Window box then i did install using Fedora directory Console. certutil -L -d /etc/dirsrv/slapd-instancename [root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI CA CTu,u,u Server-Cert u,u,u linux2 CTu,u,u <-- this Cert is signed by ADC CA [root@linux2 ~]# And Sample profile which is replicated from ADC dn: uid=vramani, ou=People, dc=tf-lab,dc=test2,dc=com ntUniqueId: f6bcff406f334d46824236fc82f2b762 ntUserLastLogoff: 0 givenName: vipul sn: ramani ntUserParms:: bSAgICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgICA gUAQaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C 5EggBQ3R4U2hhZG9345Cw44Cw44Cw44CwKgIBQ3R4TWluRW5jcnlwdGlvbkxldmVs44Sw objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser uid: vramani ntUserDeleteAccount: true cn: vipul ramani ntUserLastLogon: 128687513442500000 ntUserDomainId: vramani ntUserAcctExpires: 9223372036854775807 ntUserCodePage: 0
-- Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
CA is self-signed generated certificate . by Linux2 it self.
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA"
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Certificate: Data: Version: 3 (0x2) Serial Number: 1000 (0x3e8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CAcert" Validity: Not Before: Fri Oct 17 15:11:18 2008 Not After : Wed Oct 17 15:11:18 2018 Subject: "CN=CAcert" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:40:4b:86:0b:70:3d:5d:6a:f6:f4:a5:86:e9:1c:98: d0:dd:19:31:e3:b8:18:3b:0a:c8:9f:83:33:98:cd:98: 54:83:9d:73:97:69:04:26:b8:75:4a:95:7e:ed:92:62: 51:2c:70:8a:a6:f2:a6:8b:b5:c6:53:d3:f8:cc:01:c9: e8:78:55:1f:69:e3:c4:5c:5e:e8:a6:bf:dc:53:ac:a6: ce:75:14:98:2f:a7:c0:da:ae:be:5d:91:e6:f2:96:84: 02:a0:ec:df:e4:de:91:25:2d:65:d8:bd:79:3d:07:ea: 8c:9f:9e:5b:ee:04:a3:18:2e:98:c6:ab:15:a1:d5:d9 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:bd:f2:f7:37:e5:60:e0:87:20:a7:d7:69:b2:eb:79: e6:98:7e:72:f1:b1:dc:11:08:94:fd:c3:56:a8:14:37: 2b:1b:cd:bc:05:3d:54:45:73:7f:b2:dc:f8:f1:f4:44: 61:25:54:c6:e2:c2:68:1f:d7:cc:d3:37:16:37:98:b8: 37:c3:7e:49:48:12:58:17:26:fe:87:bc:d4:ef:ee:6b: 5d:35:1f:1f:72:a5:5e:6b:b7:94:e6:c3:63:7c:2a:24: 4c:43:39:cd:74:7b:56:08:15:f9:85:3f:ed:c9:ba:01: 88:d0:90:84:1d:e6:0e:84:7f:83:8e:bf:9e:9a:b2:a3 Fingerprint (MD5): 2C:77:B6:61:BA:3D:F0:E2:8E:EB:BA:4D:74:A4:E4:0C Fingerprint (SHA1): 06:FE:B9:62:26:E7:56:1E:2B:84:C0:5E:AC:DC:F7:1A:AE:A8:58:0E
Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Trusted Client CA Email Flags: User Object Signing Flags: User
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2"
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Certificate: Data: Version: 3 (0x2) Serial Number: 14:fc:4e:02:00:00:00:00:00:16 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=labdc01,DC=tf-lab,DC=test2,DC=com" Validity: Not Before: Fri Oct 17 23:35:13 2008 Not After : Sun Oct 17 23:35:13 2010 Subject: "CN=linux2,OU=Ops,O=Exponential,L=Emeryville,ST=California,C =US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:db:9b:d8:c2:aa:42:4e:85:69:b2:0a:19:46:87:2d: 67:e6:4b:9b:4d:97:96:6a:e3:bf:90:c2:ab:a7:0d:17: --removed-some-part--- 24:72:dc:18:5c:7e:1a:16:b3:bd:38:1b:0a:0f:a6:48: ae:4e:ef:5a:eb:cd:12:6f:5e:16:8f:6c:ce:ff:fa:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Key ID Data: 75:e0:f9:0d:9f:77:24:61:38:87:17:87:43:ee:25:5d: c0:b2:4f:d3
Name: Certificate Authority Key Identifier Key ID: 83:c2:a6:03:eb:b2:a8:ea:40:d0:63:42:01:68:8f:a8: 11:9e:ec:f9
Name: CRL Distribution Points URI: "ldap:///CN=labdc01,CN=labdc01,CN=CDP,CN=Public%20Key%20Serv ices,CN=Services,CN=Configuration,DC=tf-lab,DC=test2,D
C=com?certificateRevocationList?base?objectClass=cRLDistribut ionPoint" URI: "http://labdc01.tf-lab.test2.com/CertEnroll/labdc01.c rl"
Name: Authority Information Access Method: PKIX CA issuers access method Location: URI: "ldap:///CN=labdc01,CN=AIA,CN=Public%20Key%20Services,CN =Services,CN=Configuration,DC=tf-lab,DC=test2,DC=c
om?cACertificate?base?objectClass=certificationAuthority" Method: PKIX CA issuers access method Location: URI: "*http://labdc01.tf-lab.test2.com*/CertEnroll/labdc 01.tf-lab.test2.com_labdc01.crt"
Name: Microsoft Enrollment Cert Type Extension Data: "WebServer"
Name: Certificate Basic Constraints Critical: True Data: Is not a CA.
Name: Certificate Key Usage Usages: Digital Signature Key Encipherment
Name: Extended Key Usage TLS Web Server Authentication Certificate
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:f7:2f:25:e5:99:aa:27:59:5d:76:96:5a:64:0b:a7: 91:7d:48:49:fd:a8:46:db:cc:39:7b:97:34:94:3c:0c: 7c:fe:4d:f7:99:5e:da:a6:7d:53:5c:36:ba:ed:a7:05: 60:04:2a:76:6e:02:75:a0:1c:59:bd:ad:82:db:fc:61: --removed some--part-- 6d:11:23:4c:77:60:18:ec:fd:47:63:72:d3:00:ee:04: c2:01:3a:d8:dc:f1:4b:55:c5:7a:39:09:83:9b:09:bd: 65:64:4c:6f:8d:19:86:94:95:76:1b:07:08:ad:03:70 Fingerprint (MD5): BD:3D:31:6C:27:A8:82:1A:11:81:5B:F6:56:D7:FA:E3 Fingerprint (SHA1): 89:45:EE:8E:7D:B7:01:EB:72:80:F2:86:91:B8:02:D4:60:3A:19:FA
Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Trusted Client CA Email Flags: User Object Signing Flags: User
*| /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P /etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*" *
*When i do this i am getting cordump ... :(( *
Vipul Ramani wrote:
CA is self-signed generated certificate . by Linux2 it self.
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA"
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Certificate: Data: Version: 3 (0x2) Serial Number: 1000 (0x3e8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CAcert" Validity: Not Before: Fri Oct 17 15:11:18 2008 Not After : Wed Oct 17 15:11:18 2018 Subject: "CN=CAcert" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:40:4b:86:0b:70:3d:5d:6a:f6:f4:a5:86:e9:1c:98: d0:dd:19:31:e3:b8:18:3b:0a:c8:9f:83:33:98:cd:98: 54:83:9d:73:97:69:04:26:b8:75:4a:95:7e:ed:92:62: 51:2c:70:8a:a6:f2:a6:8b:b5:c6:53:d3:f8:cc:01:c9: e8:78:55:1f:69:e3:c4:5c:5e:e8:a6:bf:dc:53:ac:a6: ce:75:14:98:2f:a7:c0:da:ae:be:5d:91:e6:f2:96:84: 02:a0:ec:df:e4:de:91:25:2d:65:d8:bd:79:3d:07:ea: 8c:9f:9e:5b:ee:04:a3:18:2e:98:c6:ab:15:a1:d5:d9 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:bd:f2:f7:37:e5:60:e0:87:20:a7:d7:69:b2:eb:79: e6:98:7e:72:f1:b1:dc:11:08:94:fd:c3:56:a8:14:37: 2b:1b:cd:bc:05:3d:54:45:73:7f:b2:dc:f8:f1:f4:44: 61:25:54:c6:e2:c2:68:1f:d7:cc:d3:37:16:37:98:b8: 37:c3:7e:49:48:12:58:17:26:fe:87:bc:d4:ef:ee:6b: 5d:35:1f:1f:72:a5:5e:6b:b7:94:e6:c3:63:7c:2a:24: 4c:43:39:cd:74:7b:56:08:15:f9:85:3f:ed:c9:ba:01: 88:d0:90:84:1d:e6:0e:84:7f:83:8e:bf:9e:9a:b2:a3 Fingerprint (MD5): 2C:77:B6:61:BA:3D:F0:E2:8E:EB:BA:4D:74:A4:E4:0C Fingerprint (SHA1): 06:FE:B9:62:26:E7:56:1E:2B:84:C0:5E:AC:DC:F7:1A:AE:A8:58:0E
Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Trusted Client CA Email Flags: User Object Signing Flags: User
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2"
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Certificate: Data: Version: 3 (0x2) Serial Number: 14:fc:4e:02:00:00:00:00:00:16 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=labdc01,DC=tf-lab,DC=test2,DC=com" Validity: Not Before: Fri Oct 17 23:35:13 2008 Not After : Sun Oct 17 23:35:13 2010 Subject: "CN=linux2,OU=Ops,O=Exponential,L=Emeryville,ST=California,C =US"
This is not correct. instead of CN=linux2, you should have CN=linux2.tf-lab.test2.com or whatever your domain is. Although I don't think this is the cause of the failure to connect.
Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:db:9b:d8:c2:aa:42:4e:85:69:b2:0a:19:46:87:2d: 67:e6:4b:9b:4d:97:96:6a:e3:bf:90:c2:ab:a7:0d:17: --removed-some-part--- 24:72:dc:18:5c:7e:1a:16:b3:bd:38:1b:0a:0f:a6:48: ae:4e:ef:5a:eb:cd:12:6f:5e:16:8f:6c:ce:ff:fa:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Key ID Data: 75:e0:f9:0d:9f:77:24:61:38:87:17:87:43:ee:25:5d: c0:b2:4f:d3 Name: Certificate Authority Key Identifier Key ID: 83:c2:a6:03:eb:b2:a8:ea:40:d0:63:42:01:68:8f:a8: 11:9e:ec:f9 Name: CRL Distribution Points URI:
"ldap:///CN=labdc01,CN=labdc01,CN=CDP,CN=Public%20Key%20Serv ices,CN=Services,CN=Configuration,DC=tf-lab,DC=test2,D
C=com?certificateRevocationList?base?objectClass=cRLDistribut ionPoint" URI: "http://labdc01.tf-lab.test2.com/CertEnroll/labdc01.c rl"
Name: Authority Information Access Method: PKIX CA issuers access method Location: URI:
"ldap:///CN=labdc01,CN=AIA,CN=Public%20Key%20Services,CN =Services,CN=Configuration,DC=tf-lab,DC=test2,DC=c
om?cACertificate?base?objectClass=certificationAuthority" Method: PKIX CA issuers access method Location: URI: "*http://labdc01.tf-lab.test2.com*/CertEnroll/labdc 01.tf-lab.test2.com_labdc01.crt"
Name: Microsoft Enrollment Cert Type Extension Data: "WebServer" Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Name: Certificate Key Usage Usages: Digital Signature Key Encipherment Name: Extended Key Usage TLS Web Server Authentication Certificate Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:f7:2f:25:e5:99:aa:27:59:5d:76:96:5a:64:0b:a7: 91:7d:48:49:fd:a8:46:db:cc:39:7b:97:34:94:3c:0c: 7c:fe:4d:f7:99:5e:da:a6:7d:53:5c:36:ba:ed:a7:05: 60:04:2a:76:6e:02:75:a0:1c:59:bd:ad:82:db:fc:61: --removed some--part-- 6d:11:23:4c:77:60:18:ec:fd:47:63:72:d3:00:ee:04: c2:01:3a:d8:dc:f1:4b:55:c5:7a:39:09:83:9b:09:bd: 65:64:4c:6f:8d:19:86:94:95:76:1b:07:08:ad:03:70 Fingerprint (MD5): BD:3D:31:6C:27:A8:82:1A:11:81:5B:F6:56:D7:FA:E3 Fingerprint (SHA1): 89:45:EE:8E:7D:B7:01:EB:72:80:F2:86:91:B8:02:D4:60:3A:19:FA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Trusted Client CA Email Flags: User Object Signing Flags: User
*| /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P /etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*" *
Sorry, try /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P /etc/dirsrv/slapd-linux2/cert8.db -3 -s base -b "" "objectclass=*"
*When i do this i am getting cordump ... :(( *
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
i think we are head to solutions ...
do i need to re-install certificate in passync again ??? after we install new CSR with FQDN ... ???
root@linux2 slapd-linux2]# /usr/lib/mozldap/ldapsearch -v -h labdc01.tf-lab.test2.com -p 636 -Z -P /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db -3 -s base -b "" "objectclass=*" ldapsearch: started Mon Oct 20 06:18:20 2008
ldap_init( labdc01.tf-lab.test2.com, 636 ) ldaptool_getcertpath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db ldaptool_getkeypath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db ldaptool_getmodpath -- (null) ldaptool_getdonglefilename -- (null) filter pattern: objectclass=* returning: ALL filter is: (objectclass=*) version: 1 dn: currentTime: 20081020202134.0Z subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=tf-lab,DC=tribal fusion,DC=com dsServiceName: CN=NTDS Settings,CN=LABDC01,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com namingContexts: DC=tf-lab,DC=test2,DC=com namingContexts: CN=Configuration,DC=tf-lab,DC=test2,DC=com namingContexts: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=com namingContexts: DC=DomainDnsZones,DC=tf-lab,DC=test2,DC=com namingContexts: DC=ForestDnsZones,DC=tf-lab,DC=test2,DC=com defaultNamingContext: DC=tf-lab,DC=test2,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=c om configurationNamingContext: CN=Configuration,DC=tf-lab,DC=test2,DC=com rootDomainNamingContext: DC=tf-lab,DC=test2,DC=com supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.840.113556.1.4.801 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 1.2.840.113556.1.4.528 supportedControl: 1.2.840.113556.1.4.417 supportedControl: 1.2.840.113556.1.4.619 supportedControl: 1.2.840.113556.1.4.841 supportedControl: 1.2.840.113556.1.4.529 supportedControl: 1.2.840.113556.1.4.805 supportedControl: 1.2.840.113556.1.4.521 supportedControl: 1.2.840.113556.1.4.1948 supportedLDAPVersion: 3 supportedLDAPVersion: 2 supportedLDAPPolicies: MaxPoolThreads supportedLDAPPolicies: MaxDatagramRecv supportedLDAPPolicies: MaxReceiveBuffer supportedLDAPPolicies: InitRecvTimeout supportedLDAPPolicies: MaxConnections supportedLDAPPolicies: MaxConnIdleTime supportedLDAPPolicies: MaxPageSize supportedLDAPPolicies: MaxQueryDuration supportedLDAPPolicies: MaxTempTableSize supportedLDAPPolicies: MaxResultSetSize supportedLDAPPolicies: MaxNotificationPerConn supportedLDAPPolicies: MaxValRange highestCommittedUSN: 90680 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: DIGEST-MD5 dnsHostName: labdc01.tf-lab.test2.com ldapServiceName: tf-lab.test2.com:labdc01$@TF-LAB.TEST2.COM serverName: CN=LABDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com supportedCapabilities: 1.2.840.113556.1.4.800 supportedCapabilities: 1.2.840.113556.1.4.1670 supportedCapabilities: 1.2.840.113556.1.4.1791 isSynchronized: TRUE isGlobalCatalogReady: TRUE domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2
root@linux2 slapd-linux2]# grep err /var/log/dirsrv/slapd-linux2/errors [root@linux2 slapd-linux2]#
On Mon, Oct 20, 2008 at 12:07 PM, Vipul Ramani vipulramani@gmail.comwrote:
CA is self-signed generated certificate . by Linux2 it self.
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA"
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Certificate: Data: Version: 3 (0x2) Serial Number: 1000 (0x3e8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CAcert" Validity: Not Before: Fri Oct 17 15:11:18 2008 Not After : Wed Oct 17 15:11:18 2018 Subject: "CN=CAcert" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:40:4b:86:0b:70:3d:5d:6a:f6:f4:a5:86:e9:1c:98: d0:dd:19:31:e3:b8:18:3b:0a:c8:9f:83:33:98:cd:98: 54:83:9d:73:97:69:04:26:b8:75:4a:95:7e:ed:92:62: 51:2c:70:8a:a6:f2:a6:8b:b5:c6:53:d3:f8:cc:01:c9: e8:78:55:1f:69:e3:c4:5c:5e:e8:a6:bf:dc:53:ac:a6: ce:75:14:98:2f:a7:c0:da:ae:be:5d:91:e6:f2:96:84: 02:a0:ec:df:e4:de:91:25:2d:65:d8:bd:79:3d:07:ea: 8c:9f:9e:5b:ee:04:a3:18:2e:98:c6:ab:15:a1:d5:d9 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:bd:f2:f7:37:e5:60:e0:87:20:a7:d7:69:b2:eb:79: e6:98:7e:72:f1:b1:dc:11:08:94:fd:c3:56:a8:14:37: 2b:1b:cd:bc:05:3d:54:45:73:7f:b2:dc:f8:f1:f4:44: 61:25:54:c6:e2:c2:68:1f:d7:cc:d3:37:16:37:98:b8: 37:c3:7e:49:48:12:58:17:26:fe:87:bc:d4:ef:ee:6b: 5d:35:1f:1f:72:a5:5e:6b:b7:94:e6:c3:63:7c:2a:24: 4c:43:39:cd:74:7b:56:08:15:f9:85:3f:ed:c9:ba:01: 88:d0:90:84:1d:e6:0e:84:7f:83:8e:bf:9e:9a:b2:a3 Fingerprint (MD5): 2C:77:B6:61:BA:3D:F0:E2:8E:EB:BA:4D:74:A4:E4:0C Fingerprint (SHA1): 06:FE:B9:62:26:E7:56:1E:2B:84:C0:5E:AC:DC:F7:1A:AE:A8:58:0E
Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Trusted Client CA Email Flags: User Object Signing Flags: User
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2"
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Certificate: Data: Version: 3 (0x2) Serial Number: 14:fc:4e:02:00:00:00:00:00:16 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=labdc01,DC=tf-lab,DC=test2,DC=com" Validity: Not Before: Fri Oct 17 23:35:13 2008 Not After : Sun Oct 17 23:35:13 2010 Subject: "CN=linux2,OU=Ops,O=Exponential,L=Emeryville,ST=California,C =US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:db:9b:d8:c2:aa:42:4e:85:69:b2:0a:19:46:87:2d: 67:e6:4b:9b:4d:97:96:6a:e3:bf:90:c2:ab:a7:0d:17: --removed-some-part--- 24:72:dc:18:5c:7e:1a:16:b3:bd:38:1b:0a:0f:a6:48: ae:4e:ef:5a:eb:cd:12:6f:5e:16:8f:6c:ce:ff:fa:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Key ID Data: 75:e0:f9:0d:9f:77:24:61:38:87:17:87:43:ee:25:5d: c0:b2:4f:d3
Name: Certificate Authority Key Identifier Key ID: 83:c2:a6:03:eb:b2:a8:ea:40:d0:63:42:01:68:8f:a8: 11:9e:ec:f9 Name: CRL Distribution Points URI:
"ldap:///CN=labdc01,CN=labdc01,CN=CDP,CN=Public%20Key%20Serv ices,CN=Services,CN=Configuration,DC=tf-lab,DC=test2,D
C=com?certificateRevocationList?base?objectClass=cRLDistribut ionPoint" URI: "http://labdc01.tf-lab.test2.com/CertEnroll/labdc01.c rl"
Name: Authority Information Access Method: PKIX CA issuers access method Location: URI:
"ldap:///CN=labdc01,CN=AIA,CN=Public%20Key%20Services,CN =Services,CN=Configuration,DC=tf-lab,DC=test2,DC=c
om?cACertificate?base?objectClass=certificationAuthority" Method: PKIX CA issuers access method Location: URI: "*http://labdc01.tf-lab.test2.com*/CertEnroll/labdc 01.tf-lab.test2.com_labdc01.crt"
Name: Microsoft Enrollment Cert Type Extension Data: "WebServer" Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Name: Certificate Key Usage Usages: Digital Signature Key Encipherment Name: Extended Key Usage TLS Web Server Authentication Certificate Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:f7:2f:25:e5:99:aa:27:59:5d:76:96:5a:64:0b:a7: 91:7d:48:49:fd:a8:46:db:cc:39:7b:97:34:94:3c:0c: 7c:fe:4d:f7:99:5e:da:a6:7d:53:5c:36:ba:ed:a7:05: 60:04:2a:76:6e:02:75:a0:1c:59:bd:ad:82:db:fc:61: --removed some--part-- 6d:11:23:4c:77:60:18:ec:fd:47:63:72:d3:00:ee:04: c2:01:3a:d8:dc:f1:4b:55:c5:7a:39:09:83:9b:09:bd: 65:64:4c:6f:8d:19:86:94:95:76:1b:07:08:ad:03:70 Fingerprint (MD5): BD:3D:31:6C:27:A8:82:1A:11:81:5B:F6:56:D7:FA:E3 Fingerprint (SHA1): 89:45:EE:8E:7D:B7:01:EB:72:80:F2:86:91:B8:02:D4:60:3A:19:FA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Trusted Client CA Email Flags: User Object Signing Flags: User
*| /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P /etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*" *
*When i do this i am getting cordump ... :(( *
Vipul Ramani wrote:
i think we are head to solutions ...
do i need to re-install certificate in passync again ??? after we install new CSR with FQDN ... ???
No, at least, not yet. The ldapsearch output below looks correct. In your sync agreement, did you use labdc01.tf-lab.test2.com or just labdc01? You have to use the FQDN.
Is /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db a symlink to /etc/dirsrv/slapd-linux2/cert8.db? What is the relationship between slapd-linux2cert8.db and cert8.db?
root@linux2 slapd-linux2]# /usr/lib/mozldap/ldapsearch -v -h labdc01.tf-lab.test2.com http://labdc01.tf-lab.test2.com -p 636 -Z -P /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db -3 -s base -b "" "objectclass=*" ldapsearch: started Mon Oct 20 06:18:20 2008
ldap_init( labdc01.tf-lab.test2.com http://labdc01.tf-lab.test2.com, 636 ) ldaptool_getcertpath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db ldaptool_getkeypath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db ldaptool_getmodpath -- (null) ldaptool_getdonglefilename -- (null) filter pattern: objectclass=* returning: ALL filter is: (objectclass=*) version: 1 dn: currentTime: 20081020202134.0Z subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=tf-lab,DC=tribal fusion,DC=com dsServiceName: CN=NTDS Settings,CN=LABDC01,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com namingContexts: DC=tf-lab,DC=test2,DC=com namingContexts: CN=Configuration,DC=tf-lab,DC=test2,DC=com namingContexts: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=com namingContexts: DC=DomainDnsZones,DC=tf-lab,DC=test2,DC=com namingContexts: DC=ForestDnsZones,DC=tf-lab,DC=test2,DC=com defaultNamingContext: DC=tf-lab,DC=test2,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=c om configurationNamingContext: CN=Configuration,DC=tf-lab,DC=test2,DC=com rootDomainNamingContext: DC=tf-lab,DC=test2,DC=com supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.840.113556.1.4.801 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 1.2.840.113556.1.4.528 supportedControl: 1.2.840.113556.1.4.417 supportedControl: 1.2.840.113556.1.4.619 supportedControl: 1.2.840.113556.1.4.841 supportedControl: 1.2.840.113556.1.4.529 supportedControl: 1.2.840.113556.1.4.805 supportedControl: 1.2.840.113556.1.4.521 supportedControl: 1.2.840.113556.1.4.1948 supportedLDAPVersion: 3 supportedLDAPVersion: 2 supportedLDAPPolicies: MaxPoolThreads supportedLDAPPolicies: MaxDatagramRecv supportedLDAPPolicies: MaxReceiveBuffer supportedLDAPPolicies: InitRecvTimeout supportedLDAPPolicies: MaxConnections supportedLDAPPolicies: MaxConnIdleTime supportedLDAPPolicies: MaxPageSize supportedLDAPPolicies: MaxQueryDuration supportedLDAPPolicies: MaxTempTableSize supportedLDAPPolicies: MaxResultSetSize supportedLDAPPolicies: MaxNotificationPerConn supportedLDAPPolicies: MaxValRange highestCommittedUSN: 90680 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: DIGEST-MD5 dnsHostName: labdc01.tf-lab.test2.com http://labdc01.tf-lab.test2.com ldapServiceName: tf-lab.test2.com:labdc01$@TF-LAB.TEST2.COM http://TF-LAB.TEST2.COM serverName: CN=LABDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com supportedCapabilities: 1.2.840.113556.1.4.800 supportedCapabilities: 1.2.840.113556.1.4.1670 supportedCapabilities: 1.2.840.113556.1.4.1791 isSynchronized: TRUE isGlobalCatalogReady: TRUE domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2
root@linux2 slapd-linux2]# grep err /var/log/dirsrv/slapd-linux2/errors [root@linux2 slapd-linux2]#
On Mon, Oct 20, 2008 at 12:07 PM, Vipul Ramani <vipulramani@gmail.com mailto:vipulramani@gmail.com> wrote:
CA is self-signed generated certificate . by Linux2 it self. [root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA" Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Certificate: Data: Version: 3 (0x2) Serial Number: 1000 (0x3e8) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=CAcert" Validity: Not Before: Fri Oct 17 15:11:18 2008 Not After : Wed Oct 17 15:11:18 2018 Subject: "CN=CAcert" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c8:40:4b:86:0b:70:3d:5d:6a:f6:f4:a5:86:e9:1c:98: d0:dd:19:31:e3:b8:18:3b:0a:c8:9f:83:33:98:cd:98: 54:83:9d:73:97:69:04:26:b8:75:4a:95:7e:ed:92:62: 51:2c:70:8a:a6:f2:a6:8b:b5:c6:53:d3:f8:cc:01:c9: e8:78:55:1f:69:e3:c4:5c:5e:e8:a6:bf:dc:53:ac:a6: ce:75:14:98:2f:a7:c0:da:ae:be:5d:91:e6:f2:96:84: 02:a0:ec:df:e4:de:91:25:2d:65:d8:bd:79:3d:07:ea: 8c:9f:9e:5b:ee:04:a3:18:2e:98:c6:ab:15:a1:d5:d9 Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 55:bd:f2:f7:37:e5:60:e0:87:20:a7:d7:69:b2:eb:79: e6:98:7e:72:f1:b1:dc:11:08:94:fd:c3:56:a8:14:37: 2b:1b:cd:bc:05:3d:54:45:73:7f:b2:dc:f8:f1:f4:44: 61:25:54:c6:e2:c2:68:1f:d7:cc:d3:37:16:37:98:b8: 37:c3:7e:49:48:12:58:17:26:fe:87:bc:d4:ef:ee:6b: 5d:35:1f:1f:72:a5:5e:6b:b7:94:e6:c3:63:7c:2a:24: 4c:43:39:cd:74:7b:56:08:15:f9:85:3f:ed:c9:ba:01: 88:d0:90:84:1d:e6:0e:84:7f:83:8e:bf:9e:9a:b2:a3 Fingerprint (MD5): 2C:77:B6:61:BA:3D:F0:E2:8E:EB:BA:4D:74:A4:E4:0C Fingerprint (SHA1): 06:FE:B9:62:26:E7:56:1E:2B:84:C0:5E:AC:DC:F7:1A:AE:A8:58:0E Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Trusted Client CA Email Flags: User Object Signing Flags: User [root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2" Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Certificate: Data: Version: 3 (0x2) Serial Number: 14:fc:4e:02:00:00:00:00:00:16 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=labdc01,DC=tf-lab,DC=test2,DC=com" Validity: Not Before: Fri Oct 17 23:35:13 2008 Not After : Sun Oct 17 23:35:13 2010 Subject: "CN=linux2,OU=Ops,O=Exponential,L=Emeryville,ST=California,C =US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: da:db:9b:d8:c2:aa:42:4e:85:69:b2:0a:19:46:87:2d: 67:e6:4b:9b:4d:97:96:6a:e3:bf:90:c2:ab:a7:0d:17: --removed-some-part--- 24:72:dc:18:5c:7e:1a:16:b3:bd:38:1b:0a:0f:a6:48: ae:4e:ef:5a:eb:cd:12:6f:5e:16:8f:6c:ce:ff:fa:71 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Subject Key ID Data: 75:e0:f9:0d:9f:77:24:61:38:87:17:87:43:ee:25:5d: c0:b2:4f:d3 Name: Certificate Authority Key Identifier Key ID: 83:c2:a6:03:eb:b2:a8:ea:40:d0:63:42:01:68:8f:a8: 11:9e:ec:f9 Name: CRL Distribution Points URI: "ldap:///CN=labdc01,CN=labdc01,CN=CDP,CN=Public%20Key%20Serv ices,CN=Services,CN=Configuration,DC=tf-lab,DC=test2,D C=com?certificateRevocationList?base?objectClass=cRLDistribut ionPoint" URI: "http://labdc01.tf-lab.test2.com/CertEnroll/labdc01.c rl" Name: Authority Information Access Method: PKIX CA issuers access method Location: URI: "ldap:///CN=labdc01,CN=AIA,CN=Public%20Key%20Services,CN =Services,CN=Configuration,DC=tf-lab,DC=test2,DC=c om?cACertificate?base?objectClass=certificationAuthority" Method: PKIX CA issuers access method Location: URI: "*http://labdc01.tf-lab.test2.com*/CertEnroll/labdc 01.tf-lab.test2.com_labdc01.crt" Name: Microsoft Enrollment Cert Type Extension Data: "WebServer" Name: Certificate Basic Constraints Critical: True Data: Is not a CA. Name: Certificate Key Usage Usages: Digital Signature Key Encipherment Name: Extended Key Usage TLS Web Server Authentication Certificate Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 0b:f7:2f:25:e5:99:aa:27:59:5d:76:96:5a:64:0b:a7: 91:7d:48:49:fd:a8:46:db:cc:39:7b:97:34:94:3c:0c: 7c:fe:4d:f7:99:5e:da:a6:7d:53:5c:36:ba:ed:a7:05: 60:04:2a:76:6e:02:75:a0:1c:59:bd:ad:82:db:fc:61: --removed some--part-- 6d:11:23:4c:77:60:18:ec:fd:47:63:72:d3:00:ee:04: c2:01:3a:d8:dc:f1:4b:55:c5:7a:39:09:83:9b:09:bd: 65:64:4c:6f:8d:19:86:94:95:76:1b:07:08:ad:03:70 Fingerprint (MD5): BD:3D:31:6C:27:A8:82:1A:11:81:5B:F6:56:D7:FA:E3 Fingerprint (SHA1): 89:45:EE:8E:7D:B7:01:EB:72:80:F2:86:91:B8:02:D4:60:3A:19:FA Certificate Trust Flags: SSL Flags: Valid CA Trusted CA User Trusted Client CA Email Flags: User Object Signing Flags: User *| /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P /etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*" * *When i do this i am getting cordump ... :(( *
-- Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
HI Rich
The ldapsearch output below looks correct. In your sync agreement, did you use labdc01.tf-lab.test2.com or just labdc01? You have to use the FQDN. Is
in winsync Aggreement i used FQDN ...
/etc/dirsrv/slapd-linux2/slapd-linux2cert8.db a symlink to /etc/dirsrv/slapd-linux2/cert8.db? What is the relationship between slapd-linux2cert8.db and cert8.db?
Yes you are right it is sym link. /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db a symlink to /etc/dirsrv/slapd-linux2/cert8.db ....
Regards Vipul Ramani
Vipul Ramani wrote:
HI Rich
The ldapsearch output below looks correct. In your sync agreement, did you use labdc01.tf-lab.test2.com http://labdc01.tf-lab.test2.com or just labdc01? You have to use the FQDN. Is
in winsync Aggreement i used FQDN ...
/etc/dirsrv/slapd-linux2/slapd-linux2cert8.db a symlink to /etc/dirsrv/slapd-linux2/cert8.db? What is the relationship between slapd-linux2cert8.db and cert8.db?
Yes you are right it is sym link. /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db a symlink to /etc/dirsrv/slapd-linux2/cert8.db ....
The original error is this: https://www.redhat.com/archives/fedora-directory-users/2008-October/msg00056... NSMMReplicationPlugin - agmt ="cn=vedant " ( labdc01:636) : simple bind failed , LDAP sdk error 91 ( Can't connect to the LDAP server ) , Netscape Portable Runtime error - 8179 ( Peer's Certificate issuer is not recoginzed )
That usually means that Fedora DS cannot verify the AD SSL server cert. This is usually because Fedora DS doesn't have or trust the CA cert of the CA that issued the AD SSL cert. The Peer in this case is the AD SSL server, the issuer is the CA that issued the AD SSL server cert. I'm not sure what the problem could be.
Regards Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
look new error ...
20/Oct/2008:06:36:22 -0700] conn=4 op=92 SRCH base="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test2,dc=com\22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [20/Oct/2008:06:36:22 -0700] conn=4 op=92 RESULT err=0 tag=101 nentries=1 etime=0 [20/Oct/2008:06:37:12 -0700] conn=12 fd=68 slot=68 SSL connection from 192.168.1.200 to 192.168.1.210 *[20/Oct/2008:06:37:12 -0700] conn=12 op=-1 fd=68 closed - Peer does not recognize and trust the CA that issued your certificate*. [20/Oct/2008:06:37:13 -0700] conn=13 fd=68 slot=68 SSL connection from 192.168.1.200 to 192.168.1.210 *[20/Oct/2008:06:37:13 -0700] conn=13 op=-1 fd=68 closed - Peer does not recognize and trust the CA that issued your certificate.* [20/Oct/2008:06:44:34 -0700] conn=5 op=111 SRCH base="cn=RAS and IAS Servers, ou=People, dc=tf-lab,dc=test2,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [20/Oct/2008:06:44:34 -0700] conn=5 op=111 RESULT err=0 tag=101 nentries=1 etime=0 [20/Oct/2008:06:44:35 -0
Vipul Ramani wrote:
look new error ...
20/Oct/2008:06:36:22 -0700] conn=4 op=92 SRCH base="cn=Vedant, cn=replica, cn=\22dc=tf-lab,dc=test2,dc=com\22, cn=mapping tree, cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nsds5replicaLastUpdateStart nsds5replicaLastUpdateEnd nsds5replicaChangesSentSinceStartup nsds5replicaLastUpdateStatus nsds5replicaUpdateInProgress nsds5replicaLastInitStart nsds5replicaLastInitEnd nsds5replicaLastInitStatus nsds5BeginReplicaRefresh" [20/Oct/2008:06:36:22 -0700] conn=4 op=92 RESULT err=0 tag=101 nentries=1 etime=0 [20/Oct/2008:06:37:12 -0700] conn=12 fd=68 slot=68 SSL connection from 192.168.1.200 http://192.168.1.200 to 192.168.1.210 http://192.168.1.210 *[20/Oct/2008:06:37:12 -0700] conn=12 op=-1 fd=68 closed - Peer does not recognize and trust the CA that issued your certificate*. [20/Oct/2008:06:37:13 -0700] conn=13 fd=68 slot=68 SSL connection from 192.168.1.200 http://192.168.1.200 to 192.168.1.210 http://192.168.1.210 *[20/Oct/2008:06:37:13 -0700] conn=13 op=-1 fd=68 closed - Peer does not recognize and trust the CA that issued your certificate.*
I'm not sure what this means - are you trying to use SSL client cert auth or simple bind?
[20/Oct/2008:06:44:34 -0700] conn=5 op=111 SRCH base="cn=RAS and IAS Servers, ou=People, dc=tf-lab,dc=test2,dc=com" scope=0 filter="(objectClass=*)" attrs=ALL [20/Oct/2008:06:44:34 -0700] conn=5 op=111 RESULT err=0 tag=101 nentries=1 etime=0 [20/Oct/2008:06:44:35 -0
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Vipul Ramani wrote:
Yes i am using simple authentication . NOT SSL based client auth ..
I don't understand why you're getting the peer cert error then. Try enabling the replication log level - http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting - to get some more detail about the bind procedure
Any plans for PassSyn Support for 64 - bit OS ???
No. No plans currently.
-- Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
already enabled 8192 log-level !!! ...
And what does it mean 640-bit does not supported - does mean FDS community wont be able to support or PassSyn not work at all !!! Can you please explain ...
do u know any other piece of code which will replace PassSync and i can come out of this 64-bit limitation ???
On Mon, Oct 20, 2008 at 4:01 PM, Vipul Ramani vipulramani@gmail.com wrote:
Yes i am using simple authentication . NOT SSL based client auth ..
Any plans for PassSyn Support for 64 - bit OS ???
-- Regards
Vipul Ramani
Vipul Ramani wrote:
already enabled 8192 log-level !!! ...
And what does it mean 640-bit does not supported - does mean FDS community wont be able to support or PassSyn not work at all !!! Can you please explain ...
That means we don't have a 64-bit Windows development environment with which to develop and test 64-bit winsync. AFAIK, the code is 64-bit clean - it just needs to be built and tested.
do u know any other piece of code which will replace PassSync and i can come out of this 64-bit limitation ???
No, not that I know of.
On Mon, Oct 20, 2008 at 4:01 PM, Vipul Ramani <vipulramani@gmail.com mailto:vipulramani@gmail.com> wrote:
Yes i am using simple authentication . NOT SSL based client auth .. Any plans for PassSyn Support for 64 - bit OS ??? -- Regards Vipul Ramani
-- Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Vipul Ramani wrote:
Rich,
Any Luck ?? What to do now ..
I'm not sure. It seems like some sort of SSL cert issuance or CA trust issue.
is it possible to build 64-bit PassSync - i wish to use it ....
Yes, it is possible for you to build it.
-- Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
then i am waiting for PassSync 64 bit version .
On Tue, Oct 21, 2008 at 10:16 AM, Vipul Ramani vipulramani@gmail.comwrote:
Rich,
Any Luck ?? What to do now ..
is it possible to build 64-bit PassSync - i wish to use it ....
-- Regards
Vipul Ramani
Rich ,
do you think this is problem due to password policy ?? - but if we disable password policy on FDS . It must copied data right ??? or it will failed .. ?? what do you say ...
Yes - we are getting error relatd to CA related .... [ it does not say anything about password policy related .... ]
Can we do initial winsync replication without same password policy @ ADC and @ FDS ?? - i guess it should - reason it is simple replication.
what is your view ???
As per document if password policy does not same @ FDS AND @ ADC , then if any password changed on ADC it wont replicated to FDS right .... ?
Vipul Ramani wrote:
Rich ,
do you think this is problem due to password policy ??
All of the problems I have seen so far are SSL related. So, no.
- but if we disable password policy on FDS . It must copied data
right ???
Right. If Fedora DS accepts the password change, it will attempt to replay it to AD, and vice versa.
or it will failed .. ?? what do you say ...
Yes - we are getting error relatd to CA related .... [ it does not say anything about password policy related .... ]
Can we do initial winsync replication without same password policy @ ADC and @ FDS ?? - i guess it should - reason it is simple replication.
what is your view ???
Yes. You can sync everything except passwords.
As per document if password policy does not same @ FDS AND @ ADC , then if any password changed on ADC it wont replicated to FDS right .... ?
Right. You could have a case where the password policy on FDS is more restrictive than on AD, or vice versa.
-- Regards
Vipul Ramani
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org