i think we are head to solutions ...
do i need to re-install certificate in passync again ??? after we
install new CSR with FQDN ... ???
No, at least, not yet. The ldapsearch output
below looks correct. In
your sync agreement, did you use
or just
labdc01? You have to use the FQDN.
Is /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db a symlink to
/etc/dirsrv/slapd-linux2/cert8.db? What is the relationship between
slapd-linux2cert8.db and cert8.db?
root@linux2 slapd-linux2]# /usr/lib/mozldap/ldapsearch -v -h
labdc01.tf-lab.test2.com <
http://labdc01.tf-lab.test2.com> -p 636 -Z
-P /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db -3 -s base -b ""
"objectclass=*"
ldapsearch: started Mon Oct 20 06:18:20 2008
ldap_init(
labdc01.tf-lab.test2.com <
http://labdc01.tf-lab.test2.com>,
636 )
ldaptool_getcertpath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db
ldaptool_getkeypath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db
ldaptool_getmodpath -- (null)
ldaptool_getdonglefilename -- (null)
filter pattern: objectclass=*
returning: ALL
filter is: (objectclass=*)
version: 1
dn:
currentTime: 20081020202134.0Z
subschemaSubentry:
CN=Aggregate,CN=Schema,CN=Configuration,DC=tf-lab,DC=tribal
fusion,DC=com
dsServiceName: CN=NTDS
Settings,CN=LABDC01,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com
namingContexts: DC=tf-lab,DC=test2,DC=com
namingContexts: CN=Configuration,DC=tf-lab,DC=test2,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=com
namingContexts: DC=DomainDnsZones,DC=tf-lab,DC=test2,DC=com
namingContexts: DC=ForestDnsZones,DC=tf-lab,DC=test2,DC=com
defaultNamingContext: DC=tf-lab,DC=test2,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=c
om
configurationNamingContext: CN=Configuration,DC=tf-lab,DC=test2,DC=com
rootDomainNamingContext: DC=tf-lab,DC=test2,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 1.2.840.113556.1.4.528
supportedControl: 1.2.840.113556.1.4.417
supportedControl: 1.2.840.113556.1.4.619
supportedControl: 1.2.840.113556.1.4.841
supportedControl: 1.2.840.113556.1.4.529
supportedControl: 1.2.840.113556.1.4.805
supportedControl: 1.2.840.113556.1.4.521
supportedControl: 1.2.840.113556.1.4.1948
supportedLDAPVersion: 3
supportedLDAPVersion: 2
supportedLDAPPolicies: MaxPoolThreads
supportedLDAPPolicies: MaxDatagramRecv
supportedLDAPPolicies: MaxReceiveBuffer
supportedLDAPPolicies: InitRecvTimeout
supportedLDAPPolicies: MaxConnections
supportedLDAPPolicies: MaxConnIdleTime
supportedLDAPPolicies: MaxPageSize
supportedLDAPPolicies: MaxQueryDuration
supportedLDAPPolicies: MaxTempTableSize
supportedLDAPPolicies: MaxResultSetSize
supportedLDAPPolicies: MaxNotificationPerConn
supportedLDAPPolicies: MaxValRange
highestCommittedUSN: 90680
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5
dnsHostName:
labdc01.tf-lab.test2.com <
http://labdc01.tf-lab.test2.com>
ldapServiceName: tf-lab.test2.com:labdc01$@TF-LAB.TEST2.COM
<
http://TF-LAB.TEST2.COM>
serverName:
CN=LABDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
supportedCapabilities: 1.2.840.113556.1.4.1670
supportedCapabilities: 1.2.840.113556.1.4.1791
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2
root@linux2 slapd-linux2]# grep err /var/log/dirsrv/slapd-linux2/errors
[root@linux2 slapd-linux2]#
On Mon, Oct 20, 2008 at 12:07 PM, Vipul Ramani <vipulramani(a)gmail.com
<mailto:vipulramani@gmail.com>> wrote:
CA is self-signed generated certificate . by Linux2 it self.
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA"
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1000 (0x3e8)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=CAcert"
Validity:
Not Before: Fri Oct 17 15:11:18 2008
Not After : Wed Oct 17 15:11:18 2018
Subject: "CN=CAcert"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
c8:40:4b:86:0b:70:3d:5d:6a:f6:f4:a5:86:e9:1c:98:
d0:dd:19:31:e3:b8:18:3b:0a:c8:9f:83:33:98:cd:98:
54:83:9d:73:97:69:04:26:b8:75:4a:95:7e:ed:92:62:
51:2c:70:8a:a6:f2:a6:8b:b5:c6:53:d3:f8:cc:01:c9:
e8:78:55:1f:69:e3:c4:5c:5e:e8:a6:bf:dc:53:ac:a6:
ce:75:14:98:2f:a7:c0:da:ae:be:5d:91:e6:f2:96:84:
02:a0:ec:df:e4:de:91:25:2d:65:d8:bd:79:3d:07:ea:
8c:9f:9e:5b:ee:04:a3:18:2e:98:c6:ab:15:a1:d5:d9
Exponent: 65537 (0x10001)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
55:bd:f2:f7:37:e5:60:e0:87:20:a7:d7:69:b2:eb:79:
e6:98:7e:72:f1:b1:dc:11:08:94:fd:c3:56:a8:14:37:
2b:1b:cd:bc:05:3d:54:45:73:7f:b2:dc:f8:f1:f4:44:
61:25:54:c6:e2:c2:68:1f:d7:cc:d3:37:16:37:98:b8:
37:c3:7e:49:48:12:58:17:26:fe:87:bc:d4:ef:ee:6b:
5d:35:1f:1f:72:a5:5e:6b:b7:94:e6:c3:63:7c:2a:24:
4c:43:39:cd:74:7b:56:08:15:f9:85:3f:ed:c9:ba:01:
88:d0:90:84:1d:e6:0e:84:7f:83:8e:bf:9e:9a:b2:a3
Fingerprint (MD5):
2C:77:B6:61:BA:3D:F0:E2:8E:EB:BA:4D:74:A4:E4:0C
Fingerprint (SHA1):
06:FE:B9:62:26:E7:56:1E:2B:84:C0:5E:AC:DC:F7:1A:AE:A8:58:0E
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
User
Trusted Client CA
Email Flags:
User
Object Signing Flags:
User
[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2"
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:fc:4e:02:00:00:00:00:00:16
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=labdc01,DC=tf-lab,DC=test2,DC=com"
Validity:
Not Before: Fri Oct 17 23:35:13 2008
Not After : Sun Oct 17 23:35:13 2010
Subject:
"CN=linux2,OU=Ops,O=Exponential,L=Emeryville,ST=California,C
=US"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
da:db:9b:d8:c2:aa:42:4e:85:69:b2:0a:19:46:87:2d:
67:e6:4b:9b:4d:97:96:6a:e3:bf:90:c2:ab:a7:0d:17:
--removed-some-part---
24:72:dc:18:5c:7e:1a:16:b3:bd:38:1b:0a:0f:a6:48:
ae:4e:ef:5a:eb:cd:12:6f:5e:16:8f:6c:ce:ff:fa:71
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Subject Key ID
Data:
75:e0:f9:0d:9f:77:24:61:38:87:17:87:43:ee:25:5d:
c0:b2:4f:d3
Name: Certificate Authority Key Identifier
Key ID:
83:c2:a6:03:eb:b2:a8:ea:40:d0:63:42:01:68:8f:a8:
11:9e:ec:f9
Name: CRL Distribution Points
URI:
"ldap:///CN=labdc01,CN=labdc01,CN=CDP,CN=Public%20Key%20Serv
ices,CN=Services,CN=Configuration,DC=tf-lab,DC=test2,D
C=com?certificateRevocationList?base?objectClass=cRLDistribut
ionPoint"
URI: "http://labdc01.tf-lab.test2.com/CertEnroll/labdc01.c
rl"
Name: Authority Information Access
Method: PKIX CA issuers access method
Location:
URI:
"ldap:///CN=labdc01,CN=AIA,CN=Public%20Key%20Services,CN
=Services,CN=Configuration,DC=tf-lab,DC=test2,DC=c
om?cACertificate?base?objectClass=certificationAuthority"
Method: PKIX CA issuers access method
Location:
URI:
"*http://labdc01.tf-lab.test2.com*/CertEnroll/labdc
01.tf-lab.test2.com_labdc01.crt"
Name: Microsoft Enrollment Cert Type Extension
Data: "WebServer"
Name: Certificate Basic Constraints
Critical: True
Data: Is not a CA.
Name: Certificate Key Usage
Usages: Digital Signature
Key Encipherment
Name: Extended Key Usage
TLS Web Server Authentication Certificate
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
0b:f7:2f:25:e5:99:aa:27:59:5d:76:96:5a:64:0b:a7:
91:7d:48:49:fd:a8:46:db:cc:39:7b:97:34:94:3c:0c:
7c:fe:4d:f7:99:5e:da:a6:7d:53:5c:36:ba:ed:a7:05:
60:04:2a:76:6e:02:75:a0:1c:59:bd:ad:82:db:fc:61:
--removed some--part--
6d:11:23:4c:77:60:18:ec:fd:47:63:72:d3:00:ee:04:
c2:01:3a:d8:dc:f1:4b:55:c5:7a:39:09:83:9b:09:bd:
65:64:4c:6f:8d:19:86:94:95:76:1b:07:08:ad:03:70
Fingerprint (MD5):
BD:3D:31:6C:27:A8:82:1A:11:81:5B:F6:56:D7:FA:E3
Fingerprint (SHA1):
89:45:EE:8E:7D:B7:01:EB:72:80:F2:86:91:B8:02:D4:60:3A:19:FA
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
User
Trusted Client CA
Email Flags:
User
Object Signing Flags:
User
*| /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P
/etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*" *
*When i do this i am getting cordump ... :(( *
--
Regards
Vipul Ramani
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users