Re: Multi master replication problem (389 DS - AD)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/10/2013 12:16 PM, Alberto Viana wrote:
Hi Noriko,

DS Base:389-Directory/1.3.1.3 B2013.189.1813
389 DS + Win2008 (I use my windows as CA)


The error came out again, so I decide to investigate it.

The error:

[10/Jul/2013:10:52:23 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): Trying secure slapi_ldap_init_ext
[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): binddn = CN=Conta de sincronizacao do AD com LDAP 389,OU=APLICACOES,DC=homolog,DC=rnp,  passwd = {DES}Zdi9SkO9E8Jpy/LJq528zg==
[10/Jul/2013:10:52:25 -0300] slapi_ldap_bind - Error: could not send bind request for id [CN=Conta de sincronizacao do AD com LDAP 389,OU=APLICACOES,DC=homolog,DC=rnp] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5987 (Invalid function argument.), network error 115 (Operation now in progress, host "hmg1.homolog.rnp")
[10/Jul/2013:10:52:25 -0300] NSMMReplicationPlugin - agmt="cn=AD-HMG1" (hmg1:636): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ((unknown error code))


The error starts when I set the option "Check hostname against name in certifcate for outbound SSL connections" in Configuration -> Encryption tab.

If I uncheck this options, everything works fine again. As far as I know, this option check if the CN of certificate is the same of the host in the connection. Am I right?

Right.


I don´t thinks that is something with my certs, because I have the same envoriment working fine with ds base "389-Directory/1.2.10.12 B2012.210.1745" with this options checked.

Either it's something with your certs, or something with your hostname lookups (/etc/hosts, DNS, NIS, etc.)

I also set nsslapd-errorlog-level to "16384", but it didn´t give me anything else.

What could be? There´s anything else that I can provide to help to debug?

Thanks 
Alberto Viana





On Mon, Jul 8, 2013 at 5:38 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
Alberto Viana wrote:
Hi,

I got it. Everything is working fine now, so it was something in the old branch (1.3.0.4)
Glad to hear that.  Thanks so much for the report.  And please keep us updated...
--noriko


Alberto Viana


On Mon, Jul 8, 2013 at 5:17 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
Alberto Viana wrote:
Hi man,

Where I can find the 1.3.1 source to download? I tried http://directory.fedoraproject.org/wiki/Source#Directory_Server_Source_Code, but it´s not available over there.
You can get it here:
A source tarball is available for download at http://port389.org/sources/389-ds-base-1.3.1.3.tar.bz2
Please see also:
http://directory.fedoraproject.org/wiki/Releases/1.3.1.3
Thanks,
--noriko


Alberto Viana


On Fri, Jul 5, 2013 at 3:24 PM, Alberto Viana <albertocrj@xxxxxxxxx> wrote:
No. It's a new server cert (it's the same name, but i prefered to revoke it and generate a new one).

Yes, for sure. I will try to rebuild everything on this branch (and make new certs just to ensure there is nothing related with it), and if the error persist, I will try this other branch and let you know.

Alberto Viana


On Fri, Jul 5, 2013 at 3:15 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
Alberto Viana wrote:
Norkio,

No, it's a new machine. I just rebuild everything.
When you switched to the new machine, you reuse the old server cert from the previous DS or renewed it?

        Subject: "CN=hmg2.homolog.rnp,OU=GTI,O=Rede Nacional de Ensino e Pesquisa,L=Rio de Janeiro,C=BR"

And if you rebuild everything, do you have any chance to try the branch 389-ds-base-1.3.1 instead of 1.3.0? (although there should be no difference in the DS -> AD bind)
--noriko


I'm using Ubuntu 12.04.2 LTS.

Alberto Viana


On Fri, Jul 5, 2013 at 2:50 PM, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
Alberto Viana wrote:
I already imported my certificates into 389 ds and windows 2008. I use win2008 as CA. Just to remeber that the same enviroment was
working fine with my previous 389DS version.
You upgraded 389-ds-base from 1.2.10.12 to 1.3.0.4 using in-place upgrade?  What is your platform?
--noriko 



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users




--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux