SSH help

I am really struggling to get Fedora Directory Server
working using 
ADSync. I am confused on a lot of fronts, it would be fair
to say I am a 
newbie when it comes to SSH, CAs, and synchronizing anything
against 
Active Directory. So I am at a disadvantage to start with.

I have been using 
http://directory.fedoraproject.org/wiki/Howto:WindowsSy
nc for my 
instruction base as well as 
htt
p://directory.fedoraproject.org/wiki/Howto:SSL for
setting up FDS to 
use SSL.

Here are my steps so far:
 1) Install and setup FDS and create my directory server. So
far so good.
 2) Execute setupssl.sh from the Howto:SSL link above.
     * As far as I can tell this script automates everything
in "Basic 
Steps", so correct me if I am wrong, but I shouldn't
have to actually do 
any of them after running the script?
 3) Restart both my admin and directory servers.

After I have restarted my servers, it would seem to me that
FDS would be 
exclusively accessible over port 636. So I use an LDAP
Browser to 
verify, and it turns out that 389 is still available and the
other 
isn't. Why is this?

At this point I decide to move onto another step 
(http://directory.fedoraprojec
t.org/wiki/Howto:WindowsSync#Enabling_SSL_for_PassSync)

in the instructions and setup ADSync on the Active Directory
box. 
Install goes fine, though I am obviously unable to get it to
connect to 
the FDS yet.

I am able to create the cert8.db, but then hit a road block
again when I 
try to execute "pk12util -d . -P slapd-<instance>
-o servercert.p12 -n 
Server-Cert", and yes I swap <instance> for my
host name. I get this 
exception: "pk12util: find user certs from nickname
failed: security 
library: bad database.". Any idea?

I know this is a lot, but I would appreciate any help I can
get.

Thank you,
Dennis





--
 The sender of this email subscribes to Perimeter
eSecurity's email
 anti-virus service. This email has been scanned for
malicious code and is
 believed to be virus free. For more information on email
security please
 visit: http://www.perimeterusa.com/email-defense-content.html

 This communication is confidential, intended only for the
named recipient(s)
 above and may contain trade secrets or other information
that is exempt from
 disclosure under applicable law. Any use, dissemination,
distribution or
 copying of this communication by anyone other than the
named recipient(s) is
 strictly prohibited. If you have received this
communication in error, please
 delete the email and immediately notify our Command Center
at 203-541-3444.

 Thanks 

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users

Dennis Crissman wrote:
> I am really struggling to get Fedora Directory Server
working using 
> ADSync. I am confused on a lot of fronts, it would be
fair to say I am 
> a newbie when it comes to SSH, CAs, and synchronizing
anything against 
> Active Directory. So I am at a disadvantage to start
with.
>
> I have been using 
> http://directory.fedoraproject.org/wiki/Howto:WindowsSy
nc for my 
> instruction base as well as 
> htt
p://directory.fedoraproject.org/wiki/Howto:SSL for
setting up FDS 
> to use SSL.
>
> Here are my steps so far:
> 1) Install and setup FDS and create my directory
server. So far so good.
> 2) Execute setupssl.sh from the Howto:SSL link above.
>     * As far as I can tell this script automates
everything in "Basic 
> Steps", so correct me if I am wrong, but I
shouldn't have to actually 
> do any of them after running the script?
Correct.
> 3) Restart both my admin and directory servers.
>
> After I have restarted my servers, it would seem to me
that FDS would 
> be exclusively accessible over port 636. So I use an
LDAP Browser to 
> verify, and it turns out that 389 is still available
and the other 
> isn't. Why is this?
It should listen to both 389 and 636.  Check the error log,
do netstat 
-an | grep 636, and use ldapsearch instead of LDAP Browser
to verify.
>
> At this point I decide to move onto another step 
> (http://directory.fedoraprojec
t.org/wiki/Howto:WindowsSync#Enabling_SSL_for_PassSync)

> in the instructions and setup ADSync on the Active
Directory box. 
> Install goes fine, though I am obviously unable to get
it to connect 
> to the FDS yet.
>
> I am able to create the cert8.db, but then hit a road
block again when 
> I try to execute "pk12util -d . -P
slapd-<instance> -o servercert.p12 
> -n Server-Cert", and yes I swap <instance>
for my host name. I get 
> this exception: "pk12util: find user certs from
nickname failed: 
> security library: bad database.". Any idea?
I think you can skip this step.  But when you give the -P
argument, do 
not forget the trailing dash - the prefix (-P) is really
slapd-instance-
>
> I know this is a lot, but I would appreciate any help I
can get.
>
> Thank you,
> Dennis
>
>
>
>
>
> -- 
> The sender of this email subscribes to Perimeter
eSecurity's email
> anti-virus service. This email has been scanned for
malicious code and is
> believed to be virus free. For more information on
email security please
> visit: http://www.perimeterusa.com/email-defense-content.html

> This communication is confidential, intended only for
the named 
> recipient(s)
> above and may contain trade secrets or other
information that is 
> exempt from
> disclosure under applicable law. Any use,
dissemination, distribution or
> copying of this communication by anyone other than the
named 
> recipient(s) is
> strictly prohibited. If you have received this
communication in error, 
> please
> delete the email and immediately notify our Command
Center at 
> 203-541-3444.
>
> Thanks
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-usersredhat.com
> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users