RHEL 4.0 redhat-ds-7.1SP1-3
Window 2003 Passync-1.msi from directory.fedora.com
/opt/redhat-ds/alias certutil -N -d . certutil -G -d .certutil -S -n "my ca" -s "cn=ice" -x -t "CT,CT,CT" -m 1000 -v 120 -d . certutil -S -n "ice cert" -s "cn=ice.icesolution.com" -c "my ca" -t "u,u,u" -m 1001 -v 120 -d . ln -s cert8.db slap-ice-cert8.db ln -s key3.db slap-ice-key3.db
pk12util -d . -o ca.pfx -n "my ca" pk12util -d . -o ice.pfx -n "ice cert"
import on Win2003 certutil.exe -d . -N pk12util -d . -i ca.pfx pk12util -d . -i ice.pfx
restart "password" sync service
test with /opt/redhat-ds/share/bin/ldapsearch DS# ldapsearch -v -Z -D "cn=administrator,cn=users,dc=win2003,dc=icesolution,dc=com" -w 123456 -P /etc/redhat-ds/alias -h <ip_of_ADS> -p 636 -b "cn=users,dc=win2003,dc=icesolution,dc=com" objectClass=*
return: -8156 isuer certificate is invalid
DS# openssl s_client -connect -showcerts its return different CA certificate that not import from my self sign certificate. its look like default certificate for window2003
passync not not bind nss certificate to ADS' port 636 ? i try to reboot window2003 but still same result and from directory console i try to config sync agreement but it return cannot contact ADS
Regards, Nattapon
_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
389-users@lists.fedoraproject.org