<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 07/10/2013 12:16 PM, Alberto Viana
wrote:<br>
</div>
<blockquote
cite="mid:CAD5whWdBZkTbT4RxztVdbrMoJ2ZzLC62O9RY-u5wCJ8uFMJSDg@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Noriko,
<div><br>
</div>
<div style="">DS Base:389-Directory/<a moz-do-not-send="true"
href="http://1.3.1.3">1.3.1.3</a> B2013.189.1813</div>
<div style="">389 DS + Win2008 (I use my windows as CA)</div>
<div style=""><br>
</div>
<div><br>
</div>
<div style="">The error came out again, so I decide to
investigate it.</div>
<div style=""><br>
</div>
<div style="">The error:</div>
<div style=""><br>
</div>
<div style="">
<div>
<div
style="color:rgb(0,0,0);font-size:13px;line-height:15px;font-family:Consolas,'Bitstream
Vera Sans Mono','Courier
New',Courier,monospace;border-top-left-radius:0px!important;border-top-right-radius:0px!important;border-bottom-right-radius:0px!important;border-bottom-left-radius:0px!important;background-image:none!important;border:0px!important;float:none!important;height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px
1em 0px
0em!important;vertical-align:baseline!important;width:auto!important;min-height:inherit!important;white-space:pre!important">[10/Jul/2013:10:52:23
-0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1"
(hmg1:636): Trying secure slapi_ldap_init_ext<br>
[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin -
agmt="cn=AD-HMG1" (hmg1:636): binddn = CN=Conta de
sincronizacao do AD com LDAP
389,OU=APLICACOES,DC=homolog,DC=rnp, passwd =
{DES}Zdi9SkO9E8Jpy/LJq528zg==<br>
[10/Jul/2013:10:52:25 -0300] slapi_ldap_bind - Error:
could not send bind request for id [CN=Conta de
sincronizacao do AD com LDAP
389,OU=APLICACOES,DC=homolog,DC=rnp] authentication
mechanism [SIMPLE]: error -1 (Can't contact LDAP server),
system error -5987 (Invalid function argument.), network
error 115 (Operation now in progress, host
"hmg1.homolog.rnp")<br>
[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin -
agmt="cn=AD-HMG1" (hmg1:636): Replication bind with SIMPLE
auth failed: LDAP error -1 (Can't contact LDAP server)
((unknown error code))<br>
</div>
<br>
</div>
<div><br>
</div>
<div style="">The error starts when I set the option "Check
hostname against name in certifcate for outbound SSL
connections" in Configuration -> Encryption tab.</div>
</div>
<div style=""><br>
</div>
<div style="">
If I uncheck this options, everything works fine again. As far
as I know, this option check if the CN of certificate is the
same of the host in the connection. Am I right?</div>
</div>
</blockquote>
<br>
Right.<br>
<br>
<blockquote
cite="mid:CAD5whWdBZkTbT4RxztVdbrMoJ2ZzLC62O9RY-u5wCJ8uFMJSDg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div style=""><br>
</div>
<div style="">I don´t thinks that is something with my certs,
because I have the same envoriment working fine with ds base
"389-Directory/<a moz-do-not-send="true"
href="http://1.2.10.12">1.2.10.12</a> B2012.210.1745" with
this options checked.</div>
</div>
</blockquote>
<br>
Either it's something with your certs, or something with your
hostname lookups (/etc/hosts, DNS, NIS, etc.)<br>
<blockquote
cite="mid:CAD5whWdBZkTbT4RxztVdbrMoJ2ZzLC62O9RY-u5wCJ8uFMJSDg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div style=""><br>
</div>
<div style="">I also set nsslapd-errorlog-level to "16384", but
it didn´t give me anything else.</div>
<div style=""><br>
</div>
<div style="">What could be? There´s anything else that I can
provide to help to debug?</div>
<div style="">
<div><br>
</div>
<div style="">Thanks </div>
<div style="">Alberto Viana</div>
</div>
<div style=""><br>
</div>
<div style=""><br>
</div>
<div style=""><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Mon, Jul 8, 2013 at 5:38 PM, Noriko
Hosoi <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="im">
<div>Alberto Viana wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I got it. Everything is working fine now, so it
was something in the old branch (1.3.0.4)</div>
</div>
</blockquote>
</div>
Glad to hear that. Thanks so much for the report. And
please keep us updated...<span class="HOEnZb"><font
color="#888888"><br>
--noriko</font></span>
<div>
<div class="h5"><br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Alberto Viana</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Mon, Jul 8, 2013 at
5:17 PM, Noriko Hosoi <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:nhosoi@redhat.com"
target="_blank">nhosoi@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div>Alberto Viana wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi man,
<div><br>
</div>
<div>Where I can find the 1.3.1 source
to download? I tried <a
moz-do-not-send="true"
href="http://directory.fedoraproject.org/wiki/Source#Directory_Server_Source_Code"
target="_blank">http://directory.fedoraproject.org/wiki/Source#Directory_Server_Source_Code</a>,
but it´s not available over there.</div>
</div>
</blockquote>
</div>
You can get it here:<br>
A source tarball is available for download
at <a moz-do-not-send="true"
href="http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2"
title="http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2"
rel="nofollow" target="_blank">http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2</a><br>
Please see also:<br>
<a moz-do-not-send="true"
href="http://directory.fedoraproject.org/wiki/Releases/1.3.1.3"
target="_blank">http://directory.fedoraproject.org/wiki/Releases/1.3.1.3</a><br>
Thanks,<br>
--noriko
<div>
<div><br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Alberto Viana</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Jul
5, 2013 at 3:24 PM, Alberto Viana
<span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:albertocrj@gmail.com"
target="_blank">albertocrj@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">No. It's a new
server cert (it's the same
name, but i prefered to revoke
it and generate a new one).
<div> <br>
</div>
<div>Yes, for sure. I will try
to rebuild everything on
this branch (and make new
certs just to ensure there
is nothing related with it),
and if the error persist, I
will try this other branch
and let you know.</div>
<span><font color="#888888">
<div><br>
</div>
<div>Alberto Viana</div>
</font></span></div>
<div>
<div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On
Fri, Jul 5, 2013 at 3:15
PM, Noriko Hosoi <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div text="#000000"
bgcolor="#FFFFFF">
<div>
<div>Alberto Viana
wrote:<br>
</div>
<blockquote
type="cite">
<div dir="ltr">Norkio,
<div><br>
</div>
<div>No, it's
a new machine.
I just rebuild
everything.</div>
</div>
</blockquote>
</div>
When you switched to
the new machine, you
reuse the old server
cert from the
previous DS or
renewed it?
<div><br>
Subject:
"CN=hmg2.homolog.rnp,OU=GTI,O=Rede
Nacional de Ensino
e Pesquisa,L=Rio
de Janeiro,C=BR"<br>
<br>
</div>
And if you rebuild
everything, do you
have any chance to
try the branch
389-ds-base-1.3.1
instead of 1.3.0?
(although there
should be no
difference in the DS
-> AD bind)<span><font
color="#888888"><br>
--noriko</font></span>
<div>
<div><br>
<blockquote
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>I'm
using Ubuntu
12.04.2 LTS.</div>
<div><br>
</div>
<div>Alberto
Viana</div>
</div>
<div
class="gmail_extra"><br>
<br>
<div
class="gmail_quote">On
Fri, Jul 5,
2013 at 2:50
PM, Noriko
Hosoi <span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:nhosoi@redhat.com" target="_blank">nhosoi@redhat.com</a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div>Alberto
Viana wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
I already
imported my
certificates
into 389 ds
and windows
2008. I use
win2008 as CA.
Just to
remeber that
the same
enviroment was<br>
working fine
with my
previous 389DS
version.<br>
</blockquote>
</div>
You upgraded
389-ds-base
from 1.2.10.12
to 1.3.0.4
using in-place
upgrade? What
is your
platform?<span><font
color="#888888"><br>
--noriko</font></span>
<div>
<div><br>
--<br>
389 users
mailing list<br>
<a
moz-do-not-send="true"
href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>
<a
moz-do-not-send="true"
href="https://admin.fedoraproject.org/mailman/listinfo/389-users"
target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>--
389 users mailing list
<a moz-do-not-send="true" href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a moz-do-not-send="true" href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
--<br>
389 users mailing list<br>
<a
moz-do-not-send="true"
href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>
<a
moz-do-not-send="true"
href="https://admin.fedoraproject.org/mailman/listinfo/389-users"
target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>--
389 users mailing list
<a moz-do-not-send="true" href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a moz-do-not-send="true" href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
--<br>
389 users mailing list<br>
<a moz-do-not-send="true"
href="mailto:389-users@lists.fedoraproject.org"
target="_blank">389-users@lists.fedoraproject.org</a><br>
<a moz-do-not-send="true"
href="https://admin.fedoraproject.org/mailman/listinfo/389-users"
target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>--
389 users mailing list
<a moz-do-not-send="true" href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a moz-do-not-send="true" href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
--<br>
389 users mailing list<br>
<a moz-do-not-send="true"
href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a moz-do-not-send="true"
href="https://admin.fedoraproject.org/mailman/listinfo/389-users"
target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>