FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 09-01-2008, 09:09 AM
steve nguyen
 
Default LDAP Error with sync agreement using ssl

Hi everybody,

*

I have created two sync agreement in FDS. I've got an error message with the one using ssl : "LDAP error: Can't contact LDAP server. Error Code 81.

The second sync agreement without ssl works.

*

I think this error should come from a certificate that I've create.

To create my certificate on Fedora*I've used the second*script from the fds wiki.

*

I want to know another thing : I*selected a single master in the replica role column. If I choose multiple master, will the sync happen from both side : ad and fds ?

*

ps : escuse me for my bad english.

*

*

Avec une webcam et Messenger partagez vos ťmotions en vidťo ! Tťlťchargez gratuitement !
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-01-2008, 01:10 PM
steve nguyen
 
Default LDAP Error with sync agreement using ssl

Hi everybody,
*
I have created two sync agreement in FDS. I've got an error message with the one using ssl : "LDAP error: Can't contact LDAP server. Error Code 81.
The second sync agreement without ssl works.
*
I think this error should come from a certificate that I've create.
To create my certificate on Fedora*I've used the second*script from the fds wiki.
*
I want to know another thing : I*selected a single master in the replica role column. If I choose multiple master, will the sync happen from both side : ad and fds ?
*
ps : escuse me for my bad english.
*
*


Votre correspondant a choisi Hotmail et profite d'un stockage quasiment illimitť. Crťez un compte Hotmail gratuitement !
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-02-2008, 01:06 PM
"Groot, Mathijs de (IDT Competence Java)"
 
Default LDAP Error with sync agreement using ssl

Hi,


¬*


I have / had the same problem.


The first question is, what architecture are you running, a
32bit of 64bits version?


¬*


Im working with a Red Hat Directory Server, Ive set up the SSL
and the certificates for a few times now on 64bit RHEL servers, but it is just
not working


I’m working on it with the Red Hat Support team but haven’t got
the solution yet.


¬*


Ive set up a couple of 32bits servers and they are working fine
with the windows synchronization over SSL.


¬*


If more people have it same problem (32bits vs 64bits SSL Sync),
I would like to hear from it.


And if you are running a 64bits Red Hat Enterprise 5 server and
the Windows Sync over SSL is working fine, I would like to know what version
you are running.


¬*


Best regards,


¬*


Mathijs de Groot ¬*¬*


¬*






From:
fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of steve
nguyen

Sent: maandag 1 september 2008 11:10

To: fedora-directory-users@redhat.com

Subject: [Fedora-directory-users] LDAP Error with sync agreement using
ssl






¬*


Hi everybody,

¬*

I have created two sync agreement in FDS. I've got an error message with the
one using ssl : "LDAP error: Can't contact LDAP server. Error Code 81.

The second sync agreement without ssl works.

¬*

I think this error should come from a certificate that I've create.

To create my certificate on Fedora¬*I've used the second¬*script from
the fds wiki.

¬*

I want to know another thing : I¬*selected a single master in the replica
role column. If I choose multiple master, will the sync happen from both side :
ad and fds ?

¬*

ps : escuse me for my bad english.

¬*

¬*








Avec
une webcam et Messenger partagez vos émotions en vidéo ! Téléchargez
gratuitement !




This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.





--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-02-2008, 01:34 PM
steve nguyen
 
Default LDAP Error with sync agreement using ssl

Hi,

¬*

I'm using a 32 bit version

¬*

thanks







Subject: RE: [Fedora-directory-users] LDAP Error with sync agreement using ssl
Date: Tue, 2 Sep 2008 15:06:29 +0200
From: math.de.groot@logica.com
To: fedora-directory-users@redhat.com









Hi,

¬*

I have / had the same problem.

The first question is, what architecture are you running, a 32bit of 64bits version?

¬*

Im working with a Red Hat Directory Server, Ive set up the SSL and the certificates for a few times now on 64bit RHEL servers, but it is just not working

I’m working on it with the Red Hat Support team but haven’t got the solution yet.

¬*

Ive set up a couple of 32bits servers and they are working fine with the windows synchronization over SSL.

¬*

If more people have it same problem (32bits vs 64bits SSL Sync), I would like to hear from it.

And if you are running a 64bits Red Hat Enterprise 5 server and the Windows Sync over SSL is working fine, I would like to know what version you are running.

¬*

Best regards,

¬*

Mathijs de Groot ¬*¬*

¬*

¬*
Qui vous permet d‚Äôenregistrer la TV sur votre PC et lire vos emails sur votre mobile¬*? la r√©ponse en vid√©o la r√©ponse en vid√©o
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-02-2008, 03:24 PM
Rich Megginson
 
Default LDAP Error with sync agreement using ssl

steve nguyen wrote:

Hi everybody,

I have created two sync agreement in FDS. I've got an error message
with the one using ssl : "LDAP error: Can't contact LDAP server. Error
Code 81.
You'll have to provide more information, like the CA that issued your AD
server cert, and other messages in the DS error log.

The second sync agreement without ssl works.

I think this error should come from a certificate that I've create.
To create my certificate on Fedora I've used the second script from
the fds wiki.

I want to know another thing : I selected a single master in the
replica role column. If I choose multiple master, will the sync happen
from both side : ad and fds ?
The setting for single vs. multiple master is not applicable with
Windows Sync - it shouldn't matter as long as the DS side is a master.
Windows sync is always 2 way.

ps : escuse me for my bad english.




------------------------------------------------------------------------
Avec une webcam et Messenger partagez vos ťmotions en vidťo !
Tťlťchargez gratuitement ! <http://www.windowslive.fr/messenger/>

------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users




--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-02-2008, 03:25 PM
Rich Megginson
 
Default LDAP Error with sync agreement using ssl

Groot, Mathijs de (IDT Competence Java) wrote:


Hi,

I have / had the same problem.

The first question is, what architecture are you running, a 32bit of
64bits version?


Windows Sync does not support 64-bit Windows - it should work fine on
64-bit RHEL/Fedora.


Im working with a Red Hat Directory Server, Ive set up the SSL and the
certificates for a few times now on 64bit RHEL servers, but it is just
not working


I’m working on it with the Red Hat Support team but haven’t got the
solution yet.


Ive set up a couple of 32bits servers and they are working fine with
the windows synchronization over SSL.


I'm not sure why it would make a difference - 32-bit should work the
same as 64-bit.


If more people have it same problem (32bits vs 64bits SSL Sync), I
would like to hear from it.


And if you are running a 64bits Red Hat Enterprise 5 server and the
Windows Sync over SSL is working fine, I would like to know what
version you are running.


Best regards,

Mathijs de Groot

*From:* fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] *On Behalf Of
*steve nguyen

*Sent:* maandag 1 september 2008 11:10
*To:* fedora-directory-users@redhat.com
*Subject:* [Fedora-directory-users] LDAP Error with sync agreement
using ssl


Hi everybody,

I have created two sync agreement in FDS. I've got an error message
with the one using ssl : "LDAP error: Can't contact LDAP server. Error
Code 81.

The second sync agreement without ssl works.

I think this error should come from a certificate that I've create.
To create my certificate on Fedora I've used the second script from
the fds wiki.


I want to know another thing : I selected a single master in the
replica role column. If I choose multiple master, will the sync happen
from both side : ad and fds ?


ps : escuse me for my bad english.

------------------------------------------------------------------------

Avec une webcam et Messenger partagez vos émotions en vidéo !
Téléchargez gratuitement ! <http://www.windowslive.fr/messenger/>



This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied, disclosed to, retained or used by, any other party. If you are
not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.

------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users




--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-08-2008, 01:24 PM
steve nguyen
 
Default LDAP Error with sync agreement using ssl

OK

¬*

So in the passsync log I have this error message :

¬*

Error initializing SSL: err=-8192

Ensure that your SSL is setup correctly

¬*

Failed to load entries from file

Ldap bind error in Connect

49: Invalid credentials

¬*

Can not connect to ldap server in SyncPasswords

Ldap bind error in Connect

81: Can't contact LDAP server

¬*

Ldap bind error in Connect

91: Can't connect to the LDAP server

¬*

In the FDS log (replication status) I've got this :

¬*

"LDAP error: Can't contact LDAP server. Error
> > Code 81.

¬*

¬*

In AD, I set up SSL using IIS because I had some troubles usiing certreq

I enter this url /certsrv">http://<servername>/certsrv¬*in my browser and I ask for a user certificate.

¬*

And I import it in the Trusted Root CA.

¬*

¬*

After the passync installation in Windows 2003 Server :

¬*

I enter this commands : certutil.exe -d . -N

¬*

I export my certs from FDS by doing this :¬* pk12util -d . -o dscert.p12 -n Server-Cert

¬*

In 2003 Server I¬*put the FDS cert in the passync installation folder and I export : pk12util.exe -d "C:Program FilesRed Hat Directory Password Synchronization" ‚Äďi dscert.p12

¬*

And I give the trusted peer status : certutil.exe -d "C:Program FilesRed Hat Directory Password Synchronization" ‚ÄďM -n Server-Cert -t "P,P,P"

¬*

I also do¬*the same for the cascert cert¬*but I give this attributes trust¬*attributes "CT,CT,CT" because it was mention in the FDS wiki.

¬*

That's all I do to set up SSL

¬*

Did you see what I did wrong ?

¬*

Thanks




¬*

¬*

¬*


-------------------------------------------------------------------------------------------------------------------------
> Date: Tue, 2 Sep 2008 09:24:19 -0600
> From: rmeggins@redhat.com
> To: fedora-directory-users@redhat.com
> Subject: Re: [Fedora-directory-users] LDAP Error with sync agreement using ssl
>
> steve nguyen wrote:
> > Hi everybody,
> >
> > I have created two sync agreement in FDS. I've got an error message
> > with the one using ssl : "LDAP error: Can't contact LDAP server. Error
> > Code 81.
> You'll have to provide more information, like the CA that issued your AD
> server cert, and other messages in the DS error log.
> > The second sync agreement without ssl works.
> >
> > I think this error should come from a certificate that I've create.
> > To create my certificate on Fedora I've used the second script from
> > the fds wiki.
> >
> > I want to know another thing : I selected a single master in the
> > replica role column. If I choose multiple master, will the sync happen
> > from both side : ad and fds ?
> The setting for single vs. multiple master is not applicable with
> Windows Sync - it shouldn't matter as long as the DS side is a master.
> Windows sync is always 2 way.
> >
> > ps : escuse me for my bad english.



Votre correspondant a choisi Hotmail et profite d’un stockage quasiment illimité. Créez un compte Hotmail gratuitement !
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 03:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org