Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.0
61626364656667686970
NOTE
There are two PassSync packages available, one for 32-bit Windows servers and one for
64-bit. Make sure to select the appropriate packages for your Windows platform.
2. Double-click on the PassSync.m si file to install it.
3. T he Password Sync Setup window appears. Hit Next to begin installing.
4. Fill in the Directory Server hostname, secure port number, user name (such as cn=sync
m anager,cn=config), the certificate token (password), and the search base (e.g.,
ou=People,dc=example,dc=com).
Hit Next, then Finish to install Password Sync.
5. Reboot the Windows machine to start Password Sync.
NOTE
The Windows machine must be rebooted. Without the rebooting, PasswordHook.dll is
not enabled, and password synchronization will not function.
The first attempt to synchronize passwords, which happened when the Password Sync
application is installed, will always fail because the SSL connection between the Directory Server
and Active Directory sync peers. T he tools to create the certificate and key databases is installed
with the .msi.
6. Next, set up certificates that Password Sync uses to access the Directory Server over SSL.
SSL is required for Password Sync to send passwords to Directory Server. The service will not
send the passwords except over SSL to protect the clear text password sent from the Active
Directory machine to the Directory Server machine. T his means that Password Sync will not work
until SSL is configured.
7. On the Directory Server, export the server certificate.
cd /etc/dirsrv/slapd-instance_name
certutil -d . -L -n "CA certificate" -a > dsca.crt
8. Copy the exported certificate from the Directory Server to the Windows machine.
9. Open a command prompt on the Windows machine, and open the Password Sync installation
directory.
cd "C:\Program Files\Red Hat Directory Password Synchronization"
10. Create new cert8.db and key.db databases on the Windows machine.
certutil.exe -d . -N
11. Import the server certificate from the Directory Server into the new certificate database.
certutil.exe -d . -A -n "DS CA cert" -t CT,, -a -i \path\to\dsca.crt
12. Verify that the CA certificate was correctly imported.
Red Hat Directory Server 8.2 Installation Guide
60