I am having a hard time getting the admin console to work in ssl mode. I get this "notice" error in the admin serv logs, is it a cause for concern? As far as I know, everything is setup correctly.
[notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx
I have created the certificates, then copied the slapd-<server>-* files to admin-serv-*, then tried to enable SSL in the admin console. I have followed the directions from "Managing SSL and SASL" but I get the error "Invalid LDAP Host/IP, could not connect to server in secure mode" when I change to secure mode in the "User DS" tab.
Any suggestions?
Thanks, Jeff
Jeff Gamsby wrote:
I am having a hard time getting the admin console to work in ssl mode. I get this "notice" error in the admin serv logs, is it a cause for concern? As far as I know, everything is setup correctly.
[notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx
This usually means reverse DNS is not working.
I have created the certificates,
Following the SSL howto at http://directory.fedora.redhat.com/wiki/Howto:SSL ?
then copied the slapd-<server>-* files to admin-serv-*, then tried to enable SSL in the admin console. I have followed the directions from "Managing SSL and SASL" but I get the error "Invalid LDAP Host/IP, could not connect to server in secure mode" when I change to secure mode in the "User DS" tab.
This error is from the console? Try using startconsole -D
Any suggestions?
Thanks, Jeff
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard Megginson wrote:
Jeff Gamsby wrote:
I am having a hard time getting the admin console to work in ssl mode. I get this "notice" error in the admin serv logs, is it a cause for concern? As far as I know, everything is setup correctly.
[notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx
This usually means reverse DNS is not working.
I have created the certificates,
Following the SSL howto at http://directory.fedora.redhat.com/wiki/Howto:SSL ?
Yes, but instead of creating an admin-serv-<serverID>- I copied the slapd-<serverID>- cert db's over. It is true that I can use these same certs?
I tried creating the admin certs db's seperately and importing the CA cert, but that did't work either.
I had this working a few weeks ago, I'm not sure what has changed.
then copied the slapd-<server>-* files to admin-serv-*, then tried to enable SSL in the admin console. I have followed the directions from "Managing SSL and SASL" but I get the error "Invalid LDAP Host/IP, could not connect to server in secure mode" when I change to secure mode in the "User DS" tab.
This error is from the console? Try using startconsole -D
Using this method I get this error:
validateLDAPParams netscape.ldap.LDAPException: JSSSocketFactory.makeSocket fds.server.example.com:636, SSL_ForceHandshake failed: (-8054) Unknown error (91); Cannot connect to the LDAP server
Any suggestions?
Thanks, Jeff
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jeff Gamsby wrote:
Richard Megginson wrote:
Jeff Gamsby wrote:
I am having a hard time getting the admin console to work in ssl mode. I get this "notice" error in the admin serv logs, is it a cause for concern? As far as I know, everything is setup correctly.
[notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx
This usually means reverse DNS is not working.
I have created the certificates,
Following the SSL howto at http://directory.fedora.redhat.com/wiki/Howto:SSL ?
Yes, but instead of creating an admin-serv-<serverID>- I copied the slapd-<serverID>- cert db's over. It is true that I can use these same certs?
I think so, but I've never tried it that way.
I tried creating the admin certs db's seperately and importing the CA cert, but that did't work either.
I had this working a few weeks ago, I'm not sure what has changed.
What, if anything, has changed?
then copied the slapd-<server>-* files to admin-serv-*, then tried to enable SSL in the admin console. I have followed the directions from "Managing SSL and SASL" but I get the error "Invalid LDAP Host/IP, could not connect to server in secure mode" when I change to secure mode in the "User DS" tab.
This error is from the console? Try using startconsole -D
Using this method I get this error:
validateLDAPParams netscape.ldap.LDAPException: JSSSocketFactory.makeSocket fds.server.example.com:636, SSL_ForceHandshake failed: (-8054) Unknown error (91); Cannot connect to the LDAP server
Any suggestions?
Thanks, Jeff
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jeff Gamsby Center for X-Ray Optics Lawrence Berkeley National Laboratory (510) 486-7783
Richard Megginson wrote:
Jeff Gamsby wrote:
Richard Megginson wrote:
Jeff Gamsby wrote:
I am having a hard time getting the admin console to work in ssl mode. I get this "notice" error in the admin serv logs, is it a cause for concern? As far as I know, everything is setup correctly.
[notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx
This usually means reverse DNS is not working.
I have created the certificates,
Following the SSL howto at http://directory.fedora.redhat.com/wiki/Howto:SSL ?
Yes, but instead of creating an admin-serv-<serverID>- I copied the slapd-<serverID>- cert db's over. It is true that I can use these same certs?
I think so, but I've never tried it that way.
I tried creating the admin certs db's seperately and importing the CA cert, but that did't work either.
I had this working a few weeks ago, I'm not sure what has changed.
What, if anything, has changed?
I blew away the server and started over. When I had password sync problems with AD, I reinstalled the server several times. Each time I reinstall, I delete the /opt/fedora-ds directory.
I don't really care about the admin console in SSL mode, I can use the Linux console or X, but I need the Sync agreements to run SSL in both directions, and so far, the only way I been able to establish that is when the admin console is in SSL mode. Unless there is another way.
then copied the slapd-<server>-* files to admin-serv-*, then tried to enable SSL in the admin console. I have followed the directions from "Managing SSL and SASL" but I get the error "Invalid LDAP Host/IP, could not connect to server in secure mode" when I change to secure mode in the "User DS" tab.
This error is from the console? Try using startconsole -D
Using this method I get this error:
validateLDAPParams netscape.ldap.LDAPException: JSSSocketFactory.makeSocket fds.server.example.com:636, SSL_ForceHandshake failed: (-8054) Unknown error (91); Cannot connect to the LDAP server
Any suggestions?
Thanks, Jeff
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jeff Gamsby wrote:
Jeff Gamsby Center for X-Ray Optics Lawrence Berkeley National Laboratory (510) 486-7783
Richard Megginson wrote:
Jeff Gamsby wrote:
Richard Megginson wrote:
Jeff Gamsby wrote:
I am having a hard time getting the admin console to work in ssl mode. I get this "notice" error in the admin serv logs, is it a cause for concern? As far as I know, everything is setup correctly.
[notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx
This usually means reverse DNS is not working.
I have created the certificates,
Following the SSL howto at http://directory.fedora.redhat.com/wiki/Howto:SSL ?
Yes, but instead of creating an admin-serv-<serverID>- I copied the slapd-<serverID>- cert db's over. It is true that I can use these same certs?
I think so, but I've never tried it that way.
I tried creating the admin certs db's seperately and importing the CA cert, but that did't work either.
I had this working a few weeks ago, I'm not sure what has changed.
What, if anything, has changed?
I blew away the server and started over. When I had password sync problems with AD, I reinstalled the server several times. Each time I reinstall, I delete the /opt/fedora-ds directory.
I don't really care about the admin console in SSL mode, I can use the Linux console or X, but I need the Sync agreements to run SSL in both directions, and so far, the only way I been able to establish that is when the admin console is in SSL mode. Unless there is another way.
Well, one thing is that if you recreate the CA cert you'll need to copy that CA cert to all clients who use it.
You can use ldapsearch to verify the LDAPS connections to the SSL enabled directory servers (FDS and AD).
Someone recently published steps to make windows sync work both ways with SSL to the fds users email list. Check the archives. I think someone was going to update the wiki with this information.
then copied the slapd-<server>-* files to admin-serv-*, then tried to enable SSL in the admin console. I have followed the directions from "Managing SSL and SASL" but I get the error "Invalid LDAP Host/IP, could not connect to server in secure mode" when I change to secure mode in the "User DS" tab.
This error is from the console? Try using startconsole -D
Using this method I get this error:
validateLDAPParams netscape.ldap.LDAPException: JSSSocketFactory.makeSocket fds.server.example.com:636, SSL_ForceHandshake failed: (-8054) Unknown error (91); Cannot connect to the LDAP server
Any suggestions?
Thanks, Jeff
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jeff Gamsby Center for X-Ray Optics Lawrence Berkeley National Laboratory (510) 486-7783
Richard Megginson wrote:
Jeff Gamsby wrote:
Jeff Gamsby Center for X-Ray Optics Lawrence Berkeley National Laboratory (510) 486-7783
Richard Megginson wrote:
Jeff Gamsby wrote:
Richard Megginson wrote:
Jeff Gamsby wrote:
I am having a hard time getting the admin console to work in ssl mode. I get this "notice" error in the admin serv logs, is it a cause for concern? As far as I know, everything is setup correctly.
[notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx
This usually means reverse DNS is not working.
I have created the certificates,
Following the SSL howto at http://directory.fedora.redhat.com/wiki/Howto:SSL ?
Yes, but instead of creating an admin-serv-<serverID>- I copied the slapd-<serverID>- cert db's over. It is true that I can use these same certs?
I think so, but I've never tried it that way.
I tried creating the admin certs db's seperately and importing the CA cert, but that did't work either.
I had this working a few weeks ago, I'm not sure what has changed.
What, if anything, has changed?
I blew away the server and started over. When I had password sync problems with AD, I reinstalled the server several times. Each time I reinstall, I delete the /opt/fedora-ds directory.
I don't really care about the admin console in SSL mode, I can use the Linux console or X, but I need the Sync agreements to run SSL in both directions, and so far, the only way I been able to establish that is when the admin console is in SSL mode. Unless there is another way.
Well, one thing is that if you recreate the CA cert you'll need to copy that CA cert to all clients who use it.
I do. Right now it's just the localhost
You can use ldapsearch to verify the LDAPS connections to the SSL enabled directory servers (FDS and AD).
Works (FDS). Right now, AD is not even in the picture. I pretty sure that I can get that to work. The problem is on the FDS side. When you create the Sync agreements, you cannot change the suppliers port, unless you have a secure connection to the admin console, AFAIK.
Someone recently published steps to make windows sync work both ways with SSL to the fds users email list. Check the archives. I think someone was going to update the wiki with this information.
I think that was me. I did not include instructions on how to get the admin console in SSL mode though.
then copied the slapd-<server>-* files to admin-serv-*, then tried to enable SSL in the admin console. I have followed the directions from "Managing SSL and SASL" but I get the error "Invalid LDAP Host/IP, could not connect to server in secure mode" when I change to secure mode in the "User DS" tab.
This error is from the console? Try using startconsole -D
Using this method I get this error:
validateLDAPParams netscape.ldap.LDAPException: JSSSocketFactory.makeSocket fds.server.example.com:636, SSL_ForceHandshake failed: (-8054) Unknown error (91); Cannot connect to the LDAP server
Any suggestions?
Thanks, Jeff
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jeff Gamsby wrote:
Jeff Gamsby Center for X-Ray Optics Lawrence Berkeley National Laboratory (510) 486-7783
Richard Megginson wrote:
Jeff Gamsby wrote:
Jeff Gamsby Center for X-Ray Optics Lawrence Berkeley National Laboratory (510) 486-7783
Richard Megginson wrote:
Jeff Gamsby wrote:
Richard Megginson wrote:
Jeff Gamsby wrote: > > I am having a hard time getting the admin console to work in ssl > mode. I get this "notice" error in the admin serv logs, is it a > cause for concern? As far as I know, everything is setup correctly. > > [notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: > ap_get_remote_host could not resolve xxx.xxx.xxx.xxx This usually means reverse DNS is not working. > > I have created the certificates, Following the SSL howto at http://directory.fedora.redhat.com/wiki/Howto:SSL ?
Yes, but instead of creating an admin-serv-<serverID>- I copied the slapd-<serverID>- cert db's over. It is true that I can use these same certs?
I think so, but I've never tried it that way.
I tried creating the admin certs db's seperately and importing the CA cert, but that did't work either.
I had this working a few weeks ago, I'm not sure what has changed.
What, if anything, has changed?
I blew away the server and started over. When I had password sync problems with AD, I reinstalled the server several times. Each time I reinstall, I delete the /opt/fedora-ds directory.
I don't really care about the admin console in SSL mode, I can use the Linux console or X, but I need the Sync agreements to run SSL in both directions, and so far, the only way I been able to establish that is when the admin console is in SSL mode. Unless there is another way.
Well, one thing is that if you recreate the CA cert you'll need to copy that CA cert to all clients who use it.
I do. Right now it's just the localhost
You can use ldapsearch to verify the LDAPS connections to the SSL enabled directory servers (FDS and AD).
Works (FDS). Right now, AD is not even in the picture. I pretty sure that I can get that to work. The problem is on the FDS side. When you create the Sync agreements, you cannot change the suppliers port, unless you have a secure connection to the admin console, AFAIK.
? You should be able to use secure or non-secure.
Someone recently published steps to make windows sync work both ways with SSL to the fds users email list. Check the archives. I think someone was going to update the wiki with this information.
I think that was me. I did not include instructions on how to get the admin console in SSL mode though.
> then copied the slapd-<server>-* files to admin-serv-*, then > tried to enable SSL in the admin console. I have followed the > directions from "Managing SSL and SASL" but I get the error > "Invalid LDAP Host/IP, could not connect to server in secure > mode" when I change to secure mode in the "User DS" tab. This error is from the console? Try using startconsole -D
Using this method I get this error:
validateLDAPParams netscape.ldap.LDAPException: JSSSocketFactory.makeSocket fds.server.example.com:636, SSL_ForceHandshake failed: (-8054) Unknown error (91); Cannot connect to the LDAP server
> > Any suggestions? > > Thanks, > Jeff > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jeff Gamsby wrote:
Jeff Gamsby Center for X-Ray Optics Lawrence Berkeley National Laboratory (510) 486-7783
Richard Megginson wrote:
Jeff Gamsby wrote:
Jeff Gamsby Center for X-Ray Optics Lawrence Berkeley National Laboratory (510) 486-7783
Richard Megginson wrote:
Jeff Gamsby wrote:
Richard Megginson wrote:
Jeff Gamsby wrote: > > I am having a hard time getting the admin console to work in ssl > mode. I get this "notice" error in the admin serv logs, is it a > cause for concern? As far as I know, everything is setup correctly. > > [notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: > ap_get_remote_host could not resolve xxx.xxx.xxx.xxx This usually means reverse DNS is not working. > > I have created the certificates, Following the SSL howto at http://directory.fedora.redhat.com/wiki/Howto:SSL ?
Yes, but instead of creating an admin-serv-<serverID>- I copied the slapd-<serverID>- cert db's over. It is true that I can use these same certs?
I think so, but I've never tried it that way.
I tried creating the admin certs db's seperately and importing the CA cert, but that did't work either.
I had this working a few weeks ago, I'm not sure what has changed.
What, if anything, has changed?
I blew away the server and started over. When I had password sync problems with AD, I reinstalled the server several times. Each time I reinstall, I delete the /opt/fedora-ds directory.
I don't really care about the admin console in SSL mode, I can use the Linux console or X, but I need the Sync agreements to run SSL in both directions, and so far, the only way I been able to establish that is when the admin console is in SSL mode. Unless there is another way.
Well, one thing is that if you recreate the CA cert you'll need to copy that CA cert to all clients who use it.
I do. Right now it's just the localhost
You can use ldapsearch to verify the LDAPS connections to the SSL enabled directory servers (FDS and AD).
Works (FDS). Right now, AD is not even in the picture. I pretty sure that I can get that to work. The problem is on the FDS side. When you create the Sync agreements, you cannot change the suppliers port, unless you have a secure connection to the admin console, AFAIK.
I think that you are getting hung up on a display issue. The supplier is just listed as a string to identify the instance. The synchronization is always[*] initiated from the FDS side, so as long as you are trying to connect to AD via SSL, everything will be encrypted.
[*] The one exception to this is the PassSync service installed on the windows side. You need to configure this to connect to FDS over the SSL port.
-NGK
Someone recently published steps to make windows sync work both ways with SSL to the fds users email list. Check the archives. I think someone was going to update the wiki with this information.
I think that was me. I did not include instructions on how to get the admin console in SSL mode though.
> then copied the slapd-<server>-* files to admin-serv-*, then > tried to enable SSL in the admin console. I have followed the > directions from "Managing SSL and SASL" but I get the error > "Invalid LDAP Host/IP, could not connect to server in secure > mode" when I change to secure mode in the "User DS" tab. This error is from the console? Try using startconsole -D
Using this method I get this error:
validateLDAPParams netscape.ldap.LDAPException: JSSSocketFactory.makeSocket fds.server.example.com:636, SSL_ForceHandshake failed: (-8054) Unknown error (91); Cannot connect to the LDAP server
> > Any suggestions? > > Thanks, > Jeff > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
I think that you are getting hung up on a display issue. The supplier is just listed as a string to identify the instance. The synchronization is always[*] initiated from the FDS side, so as long as you are trying to connect to AD via SSL, everything will be encrypted.
[*] The one exception to this is the PassSync service installed on the windows side. You need to configure this to connect to FDS over the SSL port.
-NGK
OK, but when I set it up this way and I check the replication logs, I see the suppliers port, and it's listed as 389. When configuring PassSync, I do put it in secure mode with the secure port. So it doesn't matter, since the PassSync config is set to SSL, and the FDS to AD has to be SSL, then that 389 is just an identifier?
Jeff
Jeff Gamsby wrote:
I think that you are getting hung up on a display issue. The supplier is just listed as a string to identify the instance. The synchronization is always[*] initiated from the FDS side, so as long as you are trying to connect to AD via SSL, everything will be encrypted.
[*] The one exception to this is the PassSync service installed on the windows side. You need to configure this to connect to FDS over the SSL port.
-NGK
OK, but when I set it up this way and I check the replication logs, I see the suppliers port, and it's listed as 389. When configuring PassSync, I do put it in secure mode with the secure port. So it doesn't matter, since the PassSync config is set to SSL, and the FDS to AD has to be SSL, then that 389 is just an identifier?
Yes, that's just an identifier used in the synchronization agreement. To check if the PassSync connection in truly using SSL, check the access log on the FDS side. I'm not sure what connection logging AD provides, but there may be something similar. If not, you can use ethereal to verify that the traffic is being encrypted.
-NGK
Jeff
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jeff Gamsby wrote:
I think that you are getting hung up on a display issue. The supplier is just listed as a string to identify the instance. The synchronization is always[*] initiated from the FDS side, so as long as you are trying to connect to AD via SSL, everything will be encrypted.
[*] The one exception to this is the PassSync service installed on the windows side. You need to configure this to connect to FDS over the SSL port.
-NGK
OK, but when I set it up this way and I check the replication logs, I see the suppliers port, and it's listed as 389. When configuring PassSync, I do put it in secure mode with the secure port. So it doesn't matter, since the PassSync config is set to SSL, and the FDS to AD has to be SSL, then that 389 is just an identifier?
Yes.
Jeff
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard Megginson wrote:
I think that you are getting hung up on a display issue. The supplier is just listed as a string to identify the instance. The synchronization is always[*] initiated from the FDS side, so as long as you are trying to connect to AD via SSL, everything will be encrypted.
[*] The one exception to this is the PassSync service installed on the windows side. You need to configure this to connect to FDS over the SSL port.
-NGK
OK, but when I set it up this way and I check the replication logs, I see the suppliers port, and it's listed as 389. When configuring PassSync, I do put it in secure mode with the secure port. So it doesn't matter, since the PassSync config is set to SSL, and the FDS to AD has to be SSL, then that 389 is just an identifier?
Yes.
OK. forgetting the Admin server SSL stuff which I don't really need, it is working, again.
Thank you all.
You cannot use pre-hashed passwords when trying to do synchronization. I was trying to go from OpenLDAP to FDS with my SSHA hashed passwords, and that did not work. You can do it, but you will have to reset the password on the AD side. You cannot carry the passwords with you to AD.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org
-
Jeff Gamsby -
Nathan Kinder -
Rich Megginson