When you test using referrals (See here.) 'iso389.jcsinc.co.jp' and 'repository.secomtrust.net' should be added. For example we assume the IP addresses for the test suite server and the two virtual hosts are below.
196.168.1.101 196.168.1.102 196.168.1.103
192.168.1.101 ldap1 crca.moj.go.jp 192.168.1.102 iso389.jcsinc.co.jp 192.168.1.103 repository.secomtrust.net
192.168.1.101 ldap1 192.168.1.102 ldap2 crca.moj.go.jp 192.168.1.103 ldap3 repository.secomtrust.net
Please check whether the following URLs is accessible from certification path validation client host after all repositories were installed.
ldap://ldap1/ ldap://iso389.jcsinc.co.jp/ http://repository.secomtrust.net/cpki/testcase_jgpki2/repository.secomtrust.net/CRL.crl http://ldap1/cpki/testcase_jgpki2/repository.secomtrust.net/CRL.crl *ACCESS FORBIDDEN* http://crca.moj.go.jp/cgi-bin/cpki/ocsp/CR_EE_OK_2000691/simulator.cgi http://crca.moj.go.jp/cgi-bin/cpki/ocsp/CR_EE_RV_2000692/simulator.cgi http://crca.moj.go.jp/cgi-bin/cpki/ocsp/CR_EE_EX_2000693/simulator.cgi
We recommend to check the LDAP repository using 'LDAP Browser' which can be downloaded at the site http://www.iit.edu/~gawojar/ldap/. When you browse 'ldap1' LDAP server you'll see like this.