HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

391

392

393

394

395

396

397

398

399

400

Table 43 Installed Password Sync libraries (continued)

LibraryDirectory

nssutil3.dllC:\WINDOWS\system32key3.dbC:\Program Files\HP-UX

Directory Password

Synchronization

softtokn3.dllC:\WINDOWS\system32nsldap32v60.dllC:\Program Files\HP-UX

Directory Password

Synchronization

smime3.dllC:\WINDOWS\system32nsldappr32v60.dllC:\Program Files\HP-UX

Directory Password

Synchronization

freebl3.dllC:\WINDOWS\system32nsldapssl32v60.dllC:\Program Files\HP-UX

Directory Password

Synchronization

ssl3.dllC:\WINDOWS\system32nsldif32v60.dllC:\Program Files\HP-UX

Directory Password

Synchronization

libplc4.dllC:\WINDOWS\system32nssckbi.dllC:\Program Files\HP-UX

Directory Password

Synchronization

libplds4.dllC:\WINDOWS\system32passsync.exeC:\Program Files\HP-UX

Directory Password

Synchronization

passsync.logC:\Program Files\HP-UX

Directory Password

Synchronization

pk12util.exeC:\Program Files\HP-UX

Directory Password

Synchronization

secmod.dbC:\Program Files\HP-UX

Directory Password

Synchronization

9.2.5 Step 5: Configure the Password Sync service

Next, set up certificates that Password Sync uses to access the Directory Server over SSL:

NOTE:

SSL is required for Password Sync to send passwords to Directory Server. The service will not send

the passwords except over SSL to protect the clear text password sent from the Active Directory

machine to the Directory Server machine.

1. On the Directory Server, export the server certificate.

cd etc/opt/dirsrv/slapd-instance_name

certutil -d . -L -n "CA certificate" -a > dsca.crt

2. Copy the exported certificate from the Directory Server to the Windows machine.

3. Open the Password Sync installation directory.

cd "C:\Program Files\HP-UX Directory Password Synchronization"

4. Create new cert8.db and key.db databases on the Windows machine.

certutil.exe -d . -N

5. Import the server certificate from the Directory Server into the new certificate database.

certutil.exe -d . -A -n "DS CA cert" -t CT,, -a -i \path\to\dsca.crt

9.2 Configuring Windows Sync 399