Hi Noriko,
DS Base:389-Directory/1.3.1.3 B2013.189.1813
389 DS + Win2008 (I use my windows as CA)
The error came out again, so I decide to investigate it.
The error:
[10/Jul/2013:10:52:23 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): Trying secure slapi_ldap_init_ext
[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): binddn = CN=Conta de sincronizacao do AD com LDAP 389,OU=APLICACOES,DC=homolog,DC=rnp, passwd = {DES}Zdi9SkO9E8Jpy/LJq528zg==
[10/Jul/2013:10:52:25 -0300] slapi_ldap_bind - Error: could not send bind request for id [CN=Conta de sincronizacao do AD com LDAP 389,OU=APLICACOES,DC=homolog,DC=rnp] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5987 (Invalid function argument.), network error 115 (Operation now in progress, host "hmg1.homolog.rnp")
[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ((unknown error code))
[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): binddn = CN=Conta de sincronizacao do AD com LDAP 389,OU=APLICACOES,DC=homolog,DC=rnp, passwd = {DES}Zdi9SkO9E8Jpy/LJq528zg==
[10/Jul/2013:10:52:25 -0300] slapi_ldap_bind - Error: could not send bind request for id [CN=Conta de sincronizacao do AD com LDAP 389,OU=APLICACOES,DC=homolog,DC=rnp] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5987 (Invalid function argument.), network error 115 (Operation now in progress, host "hmg1.homolog.rnp")
[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ((unknown error code))
The error starts when I set the option "Check hostname against name in certifcate for outbound SSL connections" in Configuration -> Encryption tab.
If I uncheck this options, everything works fine again. As far as I know, this option check if the CN of certificate is the same of the host in the connection. Am I right?
I don´t thinks that is something with my certs, because I have the same envoriment working fine with ds base "389-Directory/1.2.10.12 B2012.210.1745" with this options checked.
I also set nsslapd-errorlog-level to "16384", but it didn´t give me anything else.
What could be? There´s anything else that I can provide to help to debug?
Thanks
Alberto Viana
On Mon, Jul 8, 2013 at 5:38 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
Glad to hear that. Thanks so much for the report. And please keep us updated...Alberto Viana wrote:
Hi,
I got it. Everything is working fine now, so it was something in the old branch (1.3.0.4)
--noriko
Alberto Viana
On Mon, Jul 8, 2013 at 5:17 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
You can get it here:Alberto Viana wrote:
Hi man,
Where I can find the 1.3.1 source to download? I tried http://directory.fedoraproject.org/wiki/Source#Directory_Server_Source_Code, but it´s not available over there.
A source tarball is available for download at http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2
Please see also:
http://directory.fedoraproject.org/wiki/Releases/1.3.1.3
Thanks,
--noriko
Alberto Viana
On Fri, Jul 5, 2013 at 3:24 PM, Alberto Viana <albertocrj@xxxxxxxxx> wrote:
No. It's a new server cert (it's the same name, but i prefered to revoke it and generate a new one).
Yes, for sure. I will try to rebuild everything on this branch (and make new certs just to ensure there is nothing related with it), and if the error persist, I will try this other branch and let you know.
Alberto Viana
On Fri, Jul 5, 2013 at 3:15 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
When you switched to the new machine, you reuse the old server cert from the previous DS or renewed it?Alberto Viana wrote:
Norkio,
No, it's a new machine. I just rebuild everything.And if you rebuild everything, do you have any chance to try the branch 389-ds-base-1.3.1 instead of 1.3.0? (although there should be no difference in the DS -> AD bind)
Subject: "CN=hmg2.homolog.rnp,OU=GTI,O=Rede Nacional de Ensino e Pesquisa,L=Rio de Janeiro,C=BR"
--noriko
I'm using Ubuntu 12.04.2 LTS.
Alberto Viana
On Fri, Jul 5, 2013 at 2:50 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
Alberto Viana wrote:You upgraded 389-ds-base from 1.2.10.12 to 1.3.0.4 using in-place upgrade? What is your platform?
I already imported my certificates into 389 ds and windows 2008. I use win2008 as CA. Just to remeber that the same enviroment was
working fine with my previous 389DS version.
--noriko
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
