PassSync and SSL

I am experimenting with Fedora Directory Server and trying
to hook up 
PassSync to synchronize with Active Directory. I have found
a walk 
through on how to set this up 
(http://directory.fedoraproject.org
/wiki/Howto:WindowsSync#Configuring_PassSync), 
but it seems to require using SSL. Is there a way to set
this up without 
SSL for quick testing.

Thanks,
Dennis



--
The sender of this email subscribes to Perimeter
Internetworking's email
anti-virus service. This email has been scanned for
malicious code and is
believed 
to be virus free. For more information on email security
please 
visit:
http://www.perimeterusa.com/email-defense-content.html


This communication is 
confidential, intended only for the named recipient(s)
above and may contain trade secrets 
or other information that is exempt from
disclosure under applicable law. Any use, 
dissemination, distribution or
copying of this communication by anyone other than the named

recipient(s) is
strictly prohibited. If you have received this communication
in error, 
please
delete the email and immediately notify our Command Center
at 203-541-3444.

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users

Dennis Crissman wrote:
> I am experimenting with Fedora Directory Server and
trying to hook up 
> PassSync to synchronize with Active Directory. I have
found a walk 
> through on how to set this up 
> (http://directory.fedoraproject.org
/wiki/Howto:WindowsSync#Configuring_PassSync), 
> but it seems to require using SSL. Is there a way to
set this up 
> without SSL for quick testing.
>
Nope.  It absolutely requires SSL.  AD will not accept a
password 
modification over LDAP without SSL.  The PassSync service
will also not 
send a password over an unencrypted channel.

-NGK
> Thanks,
> Dennis
>
>
>
> -- 
> The sender of this email subscribes to Perimeter
Internetworking's email
> anti-virus service. This email has been scanned for
malicious code and is
> believed to be virus free. For more information on
email security 
> please visit:
> http://www.perimeterusa.com/email-defense-content.html

>
> This communication is confidential, intended only for
the named 
> recipient(s)
> above and may contain trade secrets or other
information that is 
> exempt from
> disclosure under applicable law. Any use,
dissemination, distribution or
> copying of this communication by anyone other than the
named 
> recipient(s) is
> strictly prohibited. If you have received this
communication in error, 
> please
> delete the email and immediately notify our Command
Center at 
> 203-541-3444.
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-usersredhat.com
> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users


--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users

I have just one other question then. Since SSL is required,
is a CA also 
required? Or can I go without one?

Thank you for your help,
Dennis

Nathan Kinder wrote:
> Dennis Crissman wrote:
>> I am experimenting with Fedora Directory Server and
trying to hook up 
>> PassSync to synchronize with Active Directory. I
have found a walk 
>> through on how to set this up 
>> (http://directory.fedoraproject.org
/wiki/Howto:WindowsSync#Configuring_PassSync), 
>> but it seems to require using SSL. Is there a way
to set this up 
>> without SSL for quick testing.
>>
> Nope.  It absolutely requires SSL.  AD will not accept
a password 
> modification over LDAP without SSL.  The PassSync
service will also 
> not send a password over an unencrypted channel.
>
> -NGK
>> Thanks,
>> Dennis
>>
>>
>>
>> -- 
>> The sender of this email subscribes to Perimeter
Internetworking's email
>> anti-virus service. This email has been scanned for
malicious code 
>> and is
>> believed to be virus free. For more information on
email security 
>> please visit:
>> http://www.perimeterusa.com/email-defense-content.html

>>
>> This communication is confidential, intended only
for the named 
>> recipient(s)
>> above and may contain trade secrets or other
information that is 
>> exempt from
>> disclosure under applicable law. Any use,
dissemination, distribution or
>> copying of this communication by anyone other than
the named 
>> recipient(s) is
>> strictly prohibited. If you have received this
communication in 
>> error, please
>> delete the email and immediately notify our Command
Center at 
>> 203-541-3444.
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-usersredhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>
>
------------------------------------------------------------
------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-usersredhat.com
> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>   




--
The sender of this email subscribes to Perimeter
Internetworking's email
anti-virus service. This email has been scanned for
malicious code and is
believed 
to be virus free. For more information on email security
please 
visit:
http://www.perimeterusa.com/email-defense-content.html


This communication is 
confidential, intended only for the named recipient(s)
above and may contain trade secrets 
or other information that is exempt from
disclosure under applicable law. Any use, 
dissemination, distribution or
copying of this communication by anyone other than the named

recipient(s) is
strictly prohibited. If you have received this communication
in error, 
please
delete the email and immediately notify our Command Center
at 203-541-3444.

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users

Dennis Crissman wrote:
> I have just one other question then. Since SSL is
required, is a CA also
> required? Or can I go without one?

A CA is required.  For self-signed certs you're going to
need a CA cert
on the FDS side and the Windows side (Certificate
Services).

I'm working on this very same setup, and I have successfully
got it working.

If you wait a month or two I hope to have a howtoforge
document created
on all the steps.

The RedHat docs are fine for everything but the Windows
side.  Enabling
certificate services, creating the enterprise root cert,
exporting the
server cert, and importing into FDS (and then importing the
FDS server
cert into Windows).

-- 
Kris S. Amundson
Founder, CIO                   GPG Key: D6D39F2C
OpenSourcery, LLC.             http://www.opensourcery.
com/


--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users