FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 08-14-2008, 12:01 AM
"Vipul Ramani"
 
Default FDS and Active directory Sync

Rich ,

Do really need CA certification on ADC server to enable SSL on ADC ... is not possible way to work out we can install self signed certified which was signed my FDS ( linux server ) and we can install in to ADC and make it SSL enable ??


is there any way to work around ???



On Wed, Aug 13, 2008 at 4:15 PM, Vipul Ramani <vipulramani@gmail.com> wrote:

Cheers, Rich ,

Great only thing is now i have to find out how to enable SSL on ADC ..and most of thing will be done .... it is sync over 389 port ..but only password attribute is not replicated ..due to SSL is not enable on ADC ...




anyways thanks for your gr8 ...help

I feel i will create documentation stepwise and share with community ....





On Wed, Aug 13, 2008 at 3:22 PM, Vipul Ramani <vipulramani@gmail.com> wrote:


Cheers , Rich

yes , your right ... i tried with hostname instead of ip address.*



I created new windows sync aggreement. But this time i did not selected SSL connecition.. then replication is happening.. but i noticed..there is userPassword field is missing in all users ( which are replicated from ADC ) .. why it is so ... SSL is mandatory to copy password from ...ADC to FDS ??




Why userPassword ( windows password attribute not repliacated on LDAP ??? ) .


I made some progress..






--
Regards

Vipul Ramani





--
Regards

Vipul Ramani



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 08-14-2008, 01:23 AM
Rich Megginson
 
Default FDS and Active directory Sync

Vipul Ramani wrote:

Rich ,

Do really need CA certification on ADC server to enable SSL on ADC ...
is not possible way to work out we can install self signed certified
which was signed my FDS ( linux server ) and we can install in to ADC
and make it SSL enable ??
I'm not sure. Firstly, there is
http://directory.fedoraproject.org/wiki/Howto:WindowsSync


In order for AD to be an SSL server, you have to generate a server cert
from a CA or CA cert. I don't know much about this part. The easiest
way is probably to use MS Cert Server to issue the AD SSL server cert.
If you do that, you'll also have to get the CA cert because you must
install that CA cert in the Fedora DS cert db. In Windows sync (except
for the password part), Fedora DS is the client side of SSL, so it must
have the CA cert of the CA that issued the AD server cert.
For passsync, passsync is the client side of of SSL, so it must have the
CA cert of the CA that issued the Fedora DS SSL server cert.


is there any way to work around ???



On Wed, Aug 13, 2008 at 4:15 PM, Vipul Ramani <vipulramani@gmail.com
<mailto:vipulramani@gmail.com>> wrote:


Cheers, Rich ,

Great only thing is now i have to find out how to enable SSL on
ADC ..and most of thing will be done .... it is sync over 389 port
..but only password attribute is not replicated ..due to SSL is
not enable on ADC ...


anyways thanks for your gr8 ...help

I feel i will create documentation stepwise and share with
community ....






On Wed, Aug 13, 2008 at 3:22 PM, Vipul Ramani
<vipulramani@gmail.com <mailto:vipulramani@gmail.com>> wrote:


Cheers , Rich

yes , your right ... i tried with hostname instead of ip
address.


I created new windows sync aggreement. But this time i did not
selected SSL connecition.. then replication is happening.. but
i noticed..there is userPassword field is missing in all users
( which are replicated from ADC ) .. why it is so ... SSL is
mandatory to copy password from ...ADC to FDS ??

Why userPassword ( windows password attribute not repliacated
on LDAP ??? ) .


I made some progress..





--
Regards


Vipul Ramani




--
Regards

Vipul Ramani

------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 08-14-2008, 03:21 PM
Nathan Kinder
 
Default FDS and Active directory Sync

Vipul Ramani wrote:

Rich ,

Do really need CA certification on ADC server to enable SSL on ADC ...
is not possible way to work out we can install self signed certified
which was signed my FDS ( linux server ) and we can install in to ADC
and make it SSL enable ??

Yes, you can do this. See this article:

http://support.microsoft.com/kb/321051

-NGK


is there any way to work around ???



On Wed, Aug 13, 2008 at 4:15 PM, Vipul Ramani <vipulramani@gmail.com
<mailto:vipulramani@gmail.com>> wrote:


Cheers, Rich ,

Great only thing is now i have to find out how to enable SSL on
ADC ..and most of thing will be done .... it is sync over 389 port
..but only password attribute is not replicated ..due to SSL is
not enable on ADC ...


anyways thanks for your gr8 ...help

I feel i will create documentation stepwise and share with
community ....






On Wed, Aug 13, 2008 at 3:22 PM, Vipul Ramani
<vipulramani@gmail.com <mailto:vipulramani@gmail.com>> wrote:


Cheers , Rich

yes , your right ... i tried with hostname instead of ip
address.


I created new windows sync aggreement. But this time i did not
selected SSL connecition.. then replication is happening.. but
i noticed..there is userPassword field is missing in all users
( which are replicated from ADC ) .. why it is so ... SSL is
mandatory to copy password from ...ADC to FDS ??

Why userPassword ( windows password attribute not repliacated
on LDAP ??? ) .


I made some progress..





--
Regards


Vipul Ramani




--
Regards

Vipul Ramani

------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 10:39 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org