2006/4/3, George Holbert <gholbert broadcom com
<mailto:gholbert broadcom com>>:
>
> [root test]# ldapsearch -x -ZZ '(uid=testuser)'
> ldap_start_tls: Connect error (-11)
> additional info: TLS:hostname does not match CN in peer
> certificate
>
>
> How can I solve ?
The server hostname you pass to ldapsearch must exactly match the
CN in
the certificate you signed for the server.
So, if you signed the certificate with a fully-qualified domainname
(e.g. ldaphost.example.com <http://ldaphost.example.com>),
use "-h ldaphost.example.com <http://ldaphost.example.com>"
instead of "-h ldaphost".
Sigh...I found the problem...so:
I set up Fedora DS in cluster scenario with two node..nodo1 and
nodo2...with their real ip address and I make a multimaster
replication; taking advantage of ldap protocol I set up an floating ip
address and an entry to dns that point to ldap.domain.example.com
<http://ldap.domain.example.com> with that ip...therefore if I make a
query to ldap.domain.example.com <http://ldap.domain.example.com>,
depending if floating ip is up on nodo1 or nodo2 the DS server answer
to query taking advantage to multimaster replication...this scenario
works very well in clear mode....but I saw that if I set up ssl
encryption and try to verify it, the answer is:
[root test]# ldapsearch -h ldap.domain.example.com
<http://ldap.domain.example.com> -x -ZZ '(ObjectClass=*:)' -d 1
-CUT-
TLS: hostname(ldap.domain.example.com
<http://ldap.domain.example.com>) does not match common name in
certificate (nodo1.domain.example.com <http://nodo1.domain.example.com>)
...now...how can I solve it??
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users redhat com
https://www.redhat.com/mailman/listinfo/fedora-directory-users