<div dir="ltr">Hi Noriko,<div><br></div><div style>DS Base:389-Directory/<a href="http://1.3.1.3">1.3.1.3</a> B2013.189.1813</div><div style>389 DS + Win2008 (I use my windows as CA)</div><div style><br></div><div><br></div>

<div style>The error came out again, so I decide to investigate it.</div><div style><br></div><div style>The error:</div><div style><br></div><div style><div><div style="color:rgb(0,0,0);font-size:13px;line-height:15px;font-family:Consolas,&#39;Bitstream Vera Sans Mono&#39;,&#39;Courier New&#39;,Courier,monospace;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px 1em 0px 0em!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;white-space:pre!important">

[10/Jul/2013:10:52:23 -0300] NSMMReplicationPlugin - agmt=&quot;cn=AD-HMG1&quot; (hmg1:636): Trying secure slapi_ldap_init_ext<br>

[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin - agmt=&quot;cn=AD-HMG1&quot; (hmg1:636): binddn = CN=Conta de sincronizacao do AD com LDAP 389,OU=APLICACOES,DC=homolog,DC=rnp,  passwd = {DES}Zdi9SkO9E8Jpy/LJq528zg==<br>

[10/Jul/2013:10:52:25 -0300] slapi_ldap_bind - Error: could not send bind request for id [CN=Conta de sincronizacao do AD com LDAP 389,OU=APLICACOES,DC=homolog,DC=rnp] authentication mechanism [SIMPLE]: error -1 (Can&#39;t contact LDAP server), system error -5987 (Invalid function argument.), network error 115 (Operation now in progress, host &quot;hmg1.homolog.rnp&quot;)<br>

[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin - agmt=&quot;cn=AD-HMG1&quot; (hmg1:636): Replication bind with SIMPLE auth failed: LDAP error -1 (Can&#39;t contact LDAP server) ((unknown error code))<br></div><br></div>

<div><br></div><div style>The error starts when I set the option &quot;Check hostname against name in certifcate for outbound SSL connections&quot; in Configuration -&gt; Encryption tab.</div></div><div style><br></div><div style>

If I uncheck this options, everything works fine again. As far as I know, this option check if the CN of certificate is the same of the host in the connection. Am I right?</div><div style><br></div><div style>I don´t thinks that is something with my certs, because I have the same envoriment working fine with ds base &quot;389-Directory/<a href="http://1.2.10.12">1.2.10.12</a> B2012.210.1745&quot; with this options checked.</div>

<div style><br></div><div style>I also set nsslapd-errorlog-level to &quot;16384&quot;, but it didn´t give me anything else.</div><div style><br></div><div style>What could be? There´s anything else that I can provide to help to debug?</div>

<div style><div><br></div><div style>Thanks </div><div style>Alberto Viana</div></div><div style><br></div><div style><br></div><div style><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jul 8, 2013 at 5:38 PM, Noriko Hosoi <span dir="ltr">&lt;<a href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  <div text="#000000" bgcolor="#FFFFFF"><div class="im">

    <div>Alberto Viana wrote:<br>

    </div>

    <blockquote type="cite">

      <div dir="ltr">Hi,

        <div><br>

        </div>

        <div>I got it. Everything is working fine now, so it

          was something in the old branch (1.3.0.4)</div>

      </div>

    </blockquote></div>

    Glad to hear that.  Thanks so much for the report.  And please keep

    us updated...<span class="HOEnZb"><font color="#888888"><br>

    --noriko</font></span><div><div class="h5"><br>

    <blockquote type="cite">

      <div dir="ltr">

        <div><br>

        </div>

        <div>Alberto Viana</div>

      </div>

      <div class="gmail_extra"><br>

        <br>

        <div class="gmail_quote">On Mon, Jul 8, 2013 at 5:17 PM, Noriko

          Hosoi <span dir="ltr">&lt;<a href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>&gt;</span>

          wrote:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

            <div text="#000000" bgcolor="#FFFFFF">

              <div>

                <div>Alberto Viana wrote:<br>

                </div>

                <blockquote type="cite">

                  <div dir="ltr">Hi man,

                    <div><br>

                    </div>

                    <div>Where I can find the 1.3.1 source to download?

                      I tried <a href="http://directory.fedoraproject.org/wiki/Source#Directory_Server_Source_Code" target="_blank">http://directory.fedoraproject.org/wiki/Source#Directory_Server_Source_Code</a>,

                      but it´s not available over there.</div>

                  </div>

                </blockquote>

              </div>

              You can get it here:<br>

              A source tarball is available for download at <a href="http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2" title="http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2" rel="nofollow" target="_blank">http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2</a><br>

              Please see also:<br>

              <a href="http://directory.fedoraproject.org/wiki/Releases/1.3.1.3" target="_blank">http://directory.fedoraproject.org/wiki/Releases/1.3.1.3</a><br>

              Thanks,<br>

              --noriko

              <div>

                <div><br>

                  <blockquote type="cite">

                    <div dir="ltr">

                      <div><br>

                      </div>

                      <div>Alberto Viana</div>

                    </div>

                    <div class="gmail_extra"><br>

                      <br>

                      <div class="gmail_quote">On Fri, Jul 5, 2013 at

                        3:24 PM, Alberto Viana <span dir="ltr">&lt;<a href="mailto:albertocrj@gmail.com" target="_blank">albertocrj@gmail.com</a>&gt;</span>

                        wrote:<br>

                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

                          <div dir="ltr">No. It&#39;s a new server cert

                            (it&#39;s the same name, but i prefered to

                            revoke it and generate a new one).

                            <div> <br>

                            </div>

                            <div>Yes, for sure. I will try to rebuild

                              everything on this branch (and make new

                              certs just to ensure there is nothing

                              related with it), and if the error

                              persist, I will try this other branch and

                              let you know.</div>

                            <span><font color="#888888">

                                <div><br>

                                </div>

                                <div>Alberto Viana</div>

                              </font></span></div>

                          <div>

                            <div>

                              <div class="gmail_extra"><br>

                                <br>

                                <div class="gmail_quote">On Fri, Jul 5,

                                  2013 at 3:15 PM, Noriko Hosoi <span dir="ltr">&lt;<a href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>&gt;</span>

                                  wrote:<br>

                                  <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

                                    <div text="#000000" bgcolor="#FFFFFF">

                                      <div>

                                        <div>Alberto Viana wrote:<br>

                                        </div>

                                        <blockquote type="cite">

                                          <div dir="ltr">Norkio,

                                            <div><br>

                                            </div>

                                            <div>No, it&#39;s a new machine.

                                              I just rebuild everything.</div>

                                          </div>

                                        </blockquote>

                                      </div>

                                      When you switched to the new

                                      machine, you reuse the old server

                                      cert from the previous DS or

                                      renewed it?

                                      <div><br>

                                                Subject:

                                        &quot;CN=hmg2.homolog.rnp,OU=GTI,O=Rede

                                        Nacional de Ensino e

                                        Pesquisa,L=Rio de Janeiro,C=BR&quot;<br>

                                        <br>

                                      </div>

                                      And if you rebuild everything, do

                                      you have any chance to try the

                                      branch 389-ds-base-1.3.1 instead

                                      of 1.3.0? (although there should

                                      be no difference in the DS -&gt;

                                      AD bind)<span><font color="#888888"><br>

                                          --noriko</font></span>

                                      <div>

                                        <div><br>

                                          <blockquote type="cite">

                                            <div dir="ltr">

                                              <div><br>

                                              </div>

                                              <div>I&#39;m using Ubuntu

                                                12.04.2 LTS.</div>

                                              <div><br>

                                              </div>

                                              <div>Alberto Viana</div>

                                            </div>

                                            <div class="gmail_extra"><br>

                                              <br>

                                              <div class="gmail_quote">On

                                                Fri, Jul 5, 2013 at 2:50

                                                PM, Noriko Hosoi <span dir="ltr">&lt;<a href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>&gt;</span>

                                                wrote:<br>

                                                <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

                                                  <div>Alberto Viana

                                                    wrote:<br>

                                                    <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

                                                      I already imported

                                                      my certificates

                                                      into 389 ds and

                                                      windows 2008. I

                                                      use win2008 as CA.

                                                      Just to remeber

                                                      that the same

                                                      enviroment was<br>

                                                      working fine with

                                                      my previous 389DS

                                                      version.<br>

                                                    </blockquote>

                                                  </div>

                                                  You upgraded

                                                  389-ds-base from

                                                  1.2.10.12 to 1.3.0.4

                                                  using in-place

                                                  upgrade?  What is your

                                                  platform?<span><font color="#888888"><br>

                                                      --noriko</font></span>

                                                  <div>

                                                    <div><br>

                                                      --<br>

                                                      389 users mailing

                                                      list<br>

                                                      <a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>

                                                      <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></div>

                                                  </div>

                                                </blockquote>

                                              </div>

                                              <br>

                                            </div>

                                            <br>

                                            <fieldset></fieldset>

                                            <br>

                                            <pre>--

389 users mailing list

<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>

<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>

                                          </blockquote>

                                          <br>

                                        </div>

                                      </div>

                                    </div>

                                    <br>

                                    --<br>

                                    389 users mailing list<br>

                                    <a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>

                                    <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>

                                  </blockquote>

                                </div>

                                <br>

                              </div>

                            </div>

                          </div>

                        </blockquote>

                      </div>

                      <br>

                    </div>

                    <br>

                    <fieldset></fieldset>

                    <br>

                    <pre>--

389 users mailing list

<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>

<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>

                  </blockquote>

                  <br>

                </div>

              </div>

            </div>

            <br>

            --<br>

            389 users mailing list<br>

            <a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>

            <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>

          </blockquote>

        </div>

        <br>

      </div>

      <br>

      <fieldset></fieldset>

      <br>

      <pre>--

389 users mailing list

<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>

<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>

    </blockquote>

    <br>

  </div></div></div>

<br>--<br>

389 users mailing list<br>

<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>

<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br></blockquote></div><br></div>