Message: 8 Date: Thu, 27 Apr 2006 13:36:56 +0200 From: "Espen A. Stefansen" espen.stefansen@imr.no Subject: [Fedora-directory-users] Need help syncing between Active Directory and FDS To: fedora-directory-users@redhat.com Message-ID: 1146137816.5150.62.camel@itse6848 Content-Type: text/plain
Hi I'm a new user to FDS, so I've got some problems getting it to work. I'm trying to sync our Active Directory over to FDS. Unfortunately it doesn't work, so hopefully someone can give me some pointers.
I've been looking through the wiki and the manuals, but i haven't found that helped.
This is how I installed FDS:
Installed FDS on CentOS 4; fds.example.com.
Ran setup with default values (including directory manager)
Ran setupssl.sh.
Install PassSync on a Windows Domain Controller (Windows 2003);
win.example.com.
- Values:
--- Hostname: fds.example.com --- Port: 686 --- Username: cn=directory manager,cn=config --- Cert Token: ?? (Should this be the password for the certificate?) --- Search: dc=example,dc=com
And then imported the certificates from fds.example.com
- Started the console, and enabled "changelog" and "replica" as
"single master".
- I then generated a "windows sync agreement".
--- domain: example.com --- DCH: win.example.com --- Enabled SSL --- Bind as: cn=directory manager,cn=config
- Values:
It looks like you are using the FDS Directory Manager account, rather than a valid AD account. You will need to use an AD account that has the ability to create/update entries.
When I try to do a full sync, it says it cant find the LDAP-server, error 81. Does that mean the FDS-server?
Does anyone have any idea on what might be wrong? And have I installed it correctly?
Regards Espen Stefansen
On Thu, 2006-04-27 at 10:47 -0400, Daniel Shackelford wrote:
Message: 8 Date: Thu, 27 Apr 2006 13:36:56 +0200 From: "Espen A. Stefansen" espen.stefansen@imr.no Subject: [Fedora-directory-users] Need help syncing between Active Directory and FDS To: fedora-directory-users@redhat.com Message-ID: 1146137816.5150.62.camel@itse6848 Content-Type: text/plain
<snip>
- Install PassSync on a Windows Domain Controller (Windows 2003);
win.example.com.
- Values:
--- Hostname: fds.example.com --- Port: 686 --- Username: cn=directory manager,cn=config --- Cert Token: ?? (Should this be the password for the certificate?) --- Search: dc=example,dc=com
The username here have to be a OU-name in AD. But after looking carefully at the DC i found out that it didn't run SSL. How to enable SSL on your DC, have a look here: http://support.microsoft.com/default.aspx?scid=kb;en-us;321051
After following this explanation and importing the certificate in FDS, the connection was ok.
And then imported the certificates from fds.example.com
- Started the console, and enabled "changelog" and "replica" as
"single master".
- I then generated a "windows sync agreement".
--- domain: example.com --- DCH: win.example.com --- Enabled SSL --- Bind as: cn=directory manager,cn=config
- Values:
The same goes here. The username must be in AD.
It looks like you are using the FDS Directory Manager account, rather than a valid AD account. You will need to use an AD account that has the ability to create/update entries.
I'm using a valid AD account now.
When I try to do a full sync, it says it cant find the LDAP-server, error 81. Does that mean the FDS-server?
So now it's starting to synchronize, but nothing shows up in the database in the console. Do i have to initialize the database as well? Or is there something else i have to do in the console?
It also give me the following error in the error log: "Replica has no update vector. It has never been initialized." Any ideas?
Does anyone have any idea on what might be wrong? And have I installed it correctly?
Regards Espen Stefansen
Regards Espen
389-users@lists.fedoraproject.org
-
Daniel Shackelford -
Espen A. Stefansen