<div dir="ltr">Hi Noriko,<div><br></div><div style>DS Base:389-Directory/<a href="http://1.3.1.3">1.3.1.3</a> B2013.189.1813</div><div style>389 DS + Win2008 (I use my windows as CA)</div><div style><br></div><div><br></div>
<div style>The error came out again, so I decide to investigate it.</div><div style><br></div><div style>The error:</div><div style><br></div><div style><div><div style="color:rgb(0,0,0);font-size:13px;line-height:15px;font-family:Consolas,'Bitstream Vera Sans Mono','Courier New',Courier,monospace;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px 1em 0px 0em!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;white-space:pre!important">
[10/Jul/2013:10:52:23 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): Trying secure slapi_ldap_init_ext<br>
[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): binddn = CN=Conta de sincronizacao do AD com LDAP 389,OU=APLICACOES,DC=homolog,DC=rnp, passwd = {DES}Zdi9SkO9E8Jpy/LJq528zg==<br>
[10/Jul/2013:10:52:25 -0300] slapi_ldap_bind - Error: could not send bind request for id [CN=Conta de sincronizacao do AD com LDAP 389,OU=APLICACOES,DC=homolog,DC=rnp] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5987 (Invalid function argument.), network error 115 (Operation now in progress, host "hmg1.homolog.rnp")<br>
[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ((unknown error code))<br></div><br></div>
<div><br></div><div style>The error starts when I set the option "Check hostname against name in certifcate for outbound SSL connections" in Configuration -> Encryption tab.</div></div><div style><br></div><div style>
If I uncheck this options, everything works fine again. As far as I know, this option check if the CN of certificate is the same of the host in the connection. Am I right?</div><div style><br></div><div style>I donīt thinks that is something with my certs, because I have the same envoriment working fine with ds base "389-Directory/<a href="http://1.2.10.12">1.2.10.12</a> B2012.210.1745" with this options checked.</div>
<div style><br></div><div style>I also set nsslapd-errorlog-level to "16384", but it didnīt give me anything else.</div><div style><br></div><div style>What could be? Thereīs anything else that I can provide to help to debug?</div>
<div style><div><br></div><div style>Thanks </div><div style>Alberto Viana</div></div><div style><br></div><div style><br></div><div style><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jul 8, 2013 at 5:38 PM, Noriko Hosoi <span dir="ltr"><<a href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div class="im">
<div>Alberto Viana wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I got it. Everything is working fine now, so it
was something in the old branch (1.3.0.4)</div>
</div>
</blockquote></div>
Glad to hear that. Thanks so much for the report. And please keep
us updated...<span class="HOEnZb"><font color="#888888"><br>
--noriko</font></span><div><div class="h5"><br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Alberto Viana</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Mon, Jul 8, 2013 at 5:17 PM, Noriko
Hosoi <span dir="ltr"><<a href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div>Alberto Viana wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi man,
<div><br>
</div>
<div>Where I can find the 1.3.1 source to download?
I tried <a href="http://directory.fedoraproject.org/wiki/Source#Directory_Server_Source_Code" target="_blank">http://directory.fedoraproject.org/wiki/Source#Directory_Server_Source_Code</a>,
but itīs not available over there.</div>
</div>
</blockquote>
</div>
You can get it here:<br>
A source tarball is available for download at <a href="http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2" title="http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2" rel="nofollow" target="_blank">http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2</a><br>
Please see also:<br>
<a href="http://directory.fedoraproject.org/wiki/Releases/1.3.1.3" target="_blank">http://directory.fedoraproject.org/wiki/Releases/1.3.1.3</a><br>
Thanks,<br>
--noriko
<div>
<div><br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Alberto Viana</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Jul 5, 2013 at
3:24 PM, Alberto Viana <span dir="ltr"><<a href="mailto:albertocrj@gmail.com" target="_blank">albertocrj@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">No. It's a new server cert
(it's the same name, but i prefered to
revoke it and generate a new one).
<div> <br>
</div>
<div>Yes, for sure. I will try to rebuild
everything on this branch (and make new
certs just to ensure there is nothing
related with it), and if the error
persist, I will try this other branch and
let you know.</div>
<span><font color="#888888">
<div><br>
</div>
<div>Alberto Viana</div>
</font></span></div>
<div>
<div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Jul 5,
2013 at 3:15 PM, Noriko Hosoi <span dir="ltr"><<a href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div>Alberto Viana wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Norkio,
<div><br>
</div>
<div>No, it's a new machine.
I just rebuild everything.</div>
</div>
</blockquote>
</div>
When you switched to the new
machine, you reuse the old server
cert from the previous DS or
renewed it?
<div><br>
Subject:
"CN=hmg2.homolog.rnp,OU=GTI,O=Rede
Nacional de Ensino e
Pesquisa,L=Rio de Janeiro,C=BR"<br>
<br>
</div>
And if you rebuild everything, do
you have any chance to try the
branch 389-ds-base-1.3.1 instead
of 1.3.0? (although there should
be no difference in the DS ->
AD bind)<span><font color="#888888"><br>
--noriko</font></span>
<div>
<div><br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>I'm using Ubuntu
12.04.2 LTS.</div>
<div><br>
</div>
<div>Alberto Viana</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On
Fri, Jul 5, 2013 at 2:50
PM, Noriko Hosoi <span dir="ltr"><<a href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>Alberto Viana
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I already imported
my certificates
into 389 ds and
windows 2008. I
use win2008 as CA.
Just to remeber
that the same
enviroment was<br>
working fine with
my previous 389DS
version.<br>
</blockquote>
</div>
You upgraded
389-ds-base from
1.2.10.12 to 1.3.0.4
using in-place
upgrade? What is your
platform?<span><font color="#888888"><br>
--noriko</font></span>
<div>
<div><br>
--<br>
389 users mailing
list<br>
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>--
389 users mailing list
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>--
389 users mailing list
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>--
389 users mailing list
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</div></div></div>
<br>--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br></blockquote></div><br></div>