Red Hat Directory Server 8.0 Administrator's Guide

nsldapssl32v50.dll

libplc4.dll

nsldappr32v50.dll

nss3.dll

libnspr4.dll

ssl3.dll

libplds4.dll

softokn3.dll

Next, set up certificates that Password Sync will use to access the Directory Server over SSL:

NOTE

SSL is required for Password Sync to send password to Directory Server. The

service will not send the passwords except over SSL to protect the clear text

password sent from the Active Directory machine to the Directory Server

machine.

1. Download certutil.exe if it is not already installed on the machine. It is available from

ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/. See Chapter 11, Managing SSL for

more information on SSL.

2. Create a new cert8.db and key.db using certutil.exe on the Password Sync machine.

certutil.exe -d . -N

ln -s slapd-serverID-cert8.db cert8.db

ln -s slapd-serverID-key3.db key3.db

3. On the Directory Server, export the server certificate using pk12util.

pk12util -d . -o

servercert.pfx -n Server-Cert

4. Copy the exported certificate from the Directory Server to the Windows machine.

5. Import the server certificate from the Directory Server into the new certificate databases

using pk12util.exe.

pk12util.exe -d "C:\Program Files\Red Hat Directory Password

Synchronization" -i servercert.pfx

Step 4: Install and Configure the Password

523