Hi,
This is driving me crazy....
I'm trying to setup a SSL communication between Directory Server and AD.
Without SSL, the synchronization works very well, I can see all user accounts in DS, but I
need SSL to be able to synchronize the passwords as well.
So, here what I did:
On AD, I opened IE on this following address:
http://localhost/certsrv/
I requested a new certificate and installed it. I can see the new certificate in MMC
console, in Certificate->Personal->Certificates.
After, I exported the CA Certificate from DS like this:
pk12util -d . -o CAcert.pfx -n CAcert
I transfered the file to AD and imported it right here:
MMC Console->Certificate->Trusted Root Certification Authorites->Certificates
Then, I exported the CA Certificate (from AD) from the same directory as above and
imported in DS with the DS Console (section Manage Certificates->CA Certs)
I tested the communication by doing this:
/usr/lib/mozldap6/ldapsearch -Z -P /etc/dirsrv/slapd-myinst/cert8.db -h 1.1.1.1 -p 636 -D
"cn=Windows Sync,cn=users,dc=domain,dc=local" -w _PASS_ -s sub -b
"ou=users,dc=domain,dc=local" "(objectClass=*)"
Work well, I have a listing of user accounts.
Then, I re-created a new Windows Sync agreement (with SSL and port 636) and I'm always
getting this following error:
The consumer initialization has unsuccessfully completed.
The error received by the replica is: 48 - LDAP error: Inappropriate authentication
Thank you for your help in advance.
_________________________________________________________________
If you like crossword puzzles, then you'll love Flexicon, a game which combines four
overlapping crossword puzzles into one!
http://g.msn.ca/ca55/208