I have 2 389 running (389-Directory/
1.3.2.6 and
389-Directory/
1.3.1.3)
with multiple master configuration.
When I set the option "check hostname against name in
certificate for outbound SSL connections" the agreement does
not work and shows me this error:
[05/Dec/2013:14:35:55 -0200] slapi_ldap_bind - Error: could
not send bind request for id [uid=app.389.w,cn=config]
authentication mechanism [SIMPLE]: error -1 (Can't contact
LDAP server), system error -5987 (Invalid function argument.),
network error 115 (Operation now in progress, host
"hmg2.homolog.rnp")
[05/Dec/2013:14:35:55 -0200] NSMMReplicationPlugin -
agmt="cn=389-HMG2" (hmg2:636): Replication bind with SIMPLE
auth failed: LDAP error -1 (Can't contact LDAP server)
((unknown error code))
When I unset the option, everything works as expected.
Here's the subject of my certificates:
Subject: C=BR, ST=Rio de Janeiro, L=Rio de Janeiro, O=Rede
Nacional de Ensino e Pesquisa, OU=GTI, CN=hmg3.homolog.rnp
Subject: C=BR, ST=Rio de Janeiro, L=Rio de Janeiro, O=Rede
Nacional de Ensino e Pesquisa, OU=GTI, CN=hmg2.homolog.rnp
My DNS is configured correctly (the reverse too).
In my production enviroment this options works fine, but
it's a little bit old (389-Directory/
1.2.10.12)