[Fedora-directory-users] Hostname does not match CN....
Alessandro Binarelli
magobin at gmail.com
Mon Apr 3 20:27:22 UTC 2006
2006/4/3, George Holbert <gholbert at broadcom.com>:
>
> >
> > [root at test]# ldapsearch -x -ZZ '(uid=testuser)'
> > ldap_start_tls: Connect error (-11)
> > additional info: TLS:hostname does not match CN in peer
> > certificate
> >
> >
> > How can I solve ?
>
> The server hostname you pass to ldapsearch must exactly match the CN in
> the certificate you signed for the server.
>
> So, if you signed the certificate with a fully-qualified domainname
> (e.g. ldaphost.example.com),
> use "-h ldaphost.example.com" instead of "-h ldaphost".
Sigh...I found the problem...so:
I set up Fedora DS in cluster scenario with two node..nodo1 and nodo2...with
their real ip address and I make a multimaster replication; taking advantage
of ldap protocol I set up an floating ip address and an entry to dns that
point to ldap.domain.example.com with that ip...therefore if I make a query
to ldap.domain.example.com, depending if floating ip is up on nodo1 or nodo2
the DS server answer to query taking advantage to multimaster
replication...this scenario works very well in clear mode....but I saw that
if I set up ssl encryption and try to verify it, the answer is:
[root at test]# ldapsearch -h ldap.domain.example.com -x -ZZ '(ObjectClass=*:)'
-d 1
-CUT-
TLS: hostname(ldap.domain.example.com) does not match common name in
certificate (nodo1.domain.example.com)
...now...how can I solve it??
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060403/785d3ad4/attachment.htm>
More information about the Fedora-directory-users
mailing list