On Tue, 2005-12-20 at 12:14 -0600, Michael Montgomery wrote: > I was installing old netscape-communicator when I posted last, and the db's it created got me further: > > Dec 20 12:07:02 solarisldap nscd[2100]: libldap: CERT_VerifyCertName: cert server name 'server-cert' does not match 'ldapserver': SSL connection denied > Dec 20 12:07:02 solarisldap nscd[2100]: libsldap: Status: 85 Mesg: openConnection: simple bind failed - Timed out > Dec 20 12:07:02 solarisldap nscd[2100]: libsldap: Status: 7 Mesg: Session error no available conn. > > So at least I got here... I'll look around some more to try and disable this verifycertname crap, or re-create the cert correctly. > > Thanks again. I almost mentioned this in my last reply 8-) I have not seen a way to turn off the cert name verification. I fix this with a local entry on each Solaris client in /etc/hosts that lists the fqdn of the ldap server first (matches the cert name). If your internal dns has the correct name, make sure the hosts line in /etc/nsswitch.conf points to files and then dns (or which ever order you prefer). The key is to make sure the first name returned while looking up the ip addr of your ldap server matches the name on the cert. Jamie
