Hi Darshen,
Indeed, the agmt parameters indeed look wrong:
--port 389 and --conn-protocol LDAPS should not be used together.
It should either be:
--port 389 --conn-protocol StartTLS
or --port 636 --conn-protocol LDAPS
Regards,
Pierre
On Mon, Sep 19, 2022 at 1:41 PM Mark Reynolds wrote:
>
> On 9/19/22 3:05 AM, Darshan B wrote:
> > Hello Team
> >
> > I have a question on sync between 389 DS and windows active Directoty.
> > I have followed this link to
> https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-security-ldap.html
> for Synchronizing with Microsoft Active Directory(6.11) with 389 DS , I'm
> able to create the repl-winsync-agmt but while checking its status using
> sudo dsconf ldap1 repl-winsync-agmt init-status i'm getting below error .
> >
> > Error:
> > [16/Sep/2022:16:25:45.129760205 +051800] - ERR - slapi_ldap_bind - Could
> not send bind request for id
> [CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com] authentication
> mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error
> -5950 (File not found.), network error 107 (Transport endpoint is not
> connected, host "192.168.56.106:389")
>
> This means the replication agreement can not connect to the AD server.
> Perhaps your winsync agreement is not configured correctly. Please
> provide the agreement entry from 389 DS.
>
> Thanks,
> Mark
>
> >
> > I'm able to do ldapsearch on Active directory but repl-winsync-agmt
> init-status command is giving the network error.
> >
> > ldapseach command:
> > ldapsearch -x -h 192.168.56.106 -p 389 -b
> "CN=Users,dc=training,dc=itadmin,dc=com" -D
> "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" -w "Test@123" dn
> >
> > repl-winsync-agmt create command used:
> >
> > sudo dsconf -D "cn=ldap1-infra1" -w "#CEEadmin123" ldap1
> repl-winsync-agmt create --suffix "dc=openstack,dc=org" --host
> 192.168.56.106 --port 389 --conn-protocol LDAPS --bind-dn
> "CN=darshan,CN=Users,DC=training,DC=itadmin,DC=com" --bind-passwd
> "Test@123" --win-subtree "CN=Users,DC=training,DC=itadmin,DC=com"
> --ds-subtree "dc=openstack,dc=org" --one-way-sync fromWindows
> --sync-users=on --sync-groups=on --move-action delete --win-domain "
> trainingitadmin.com" adsync_agreement
> >
> > Let me know what should be done to resolve this network error
> > ___
> > 389-users mailing list -- 389-users@lists.fedoraproject.org
> > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> > Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
> --
> Directory Server Development Team
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
--
--
389 Directory Server Development Team
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
