Hi,

I installed openldap 2.4.16 on my suse server but when running ldapsearch from openldap, it couldn't contact ldap server over port 636 but when running ldapsearch that came with the suse installation, i can do the same search over port 636 successfully. The error I receive when running ldap search from openldap is

Can't contact ldap server (-1).

Below is how openldap is configure

I install openssl with
./configure --prefix=/path/to/install/ssl/in

and openldap with
./configure --prefix=/path/to/install/ldap/in --enable-ldap --disable-slapd --with-tls

Is there something else i'm missing?

Thanks

I guess you have wrong settings in ldap.conf. According to your openldap installation, it should be in /path/to/install/ldap/in/etc/ldap.conf.
You might copy the working ldap.conf from Suse's openldap installation.

May I ask, why you have installed openldap from source since you have a working openldap package that came with your distro?

I install it because i'm running php with ldap but somehow I cannot install php with the ldap that came with the linux installation, so i have to install openldap.

I tried that with --with-ldap and --with-ldap=shared, but could'nt get that to work.

I'll give ur suggestion a try and let u know.

Thanks

tried your suggestion but it doesn't work.

I guess you miss openldap-devel package (or something like that) in order to install php with ldap support.

not sure what u mean by openldap-devel package?

If you want to compile php with ldap support you'll need the openldap header files and libraries that can be found in a different package, usually named by adding a "-devel" at the package name. Searching a little, it looks like Suse's package name is openldap2-devel. Find the one that's for your installed openldap package, install it and hopefully you will be able to compile php with ldap support.
Regarding ldapsearch, what is the exact command options you're using?

here is the command i use

ldapsearch -x -b 'o=abc' -H ldaps://xyz -D "cn=a,ou=b,o=c" '(id=123)' -W

You can test adding -d1 (for debugging) and -Z or -ZZ and see if you get any errors.

Regards

hi Bathory,

When running with -d1 option, it say
empty response
ldap_err2string
result: Can't contact LDAP server (-1)

and when running it with -Z or -ZZ, it gives the following message:

ldapsearch: not compiled with TLS support

I thought i compile ldap with TLS support when adding --with-tls. is there something else i'm missing?

Also tried recompiling with the same command and half way, i see this:

checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking for SSL_library_init in -lssl... no
checking for ssl3_accept in -lssl... no
checking gnutls/gnutls.h usability... no
checking gnutls/gnutls.h presence... no
checking gnutls/gnutls.h... no
Could not locate TLS/SSL Package
TLS data protection no supported!

That's because you have installed openssl in a not standard directory. You can run ./configure like this:
Before running ./configure, run "make distclean" or "make clean", to remove files created from previous tries.

Or you can try just to add the openssl-devel package using your package manager, so the openldap ./configure script will your distro's openssl, unless there is a good reason to use openssl compiled from source.

I already tried the command you give but that didn't work. same error. if i ran it without CPPFLAGS and LDFLAGS then all of the check above result in "no"

When you say same error, you mean: "ldapsearch: not compiled with TLS support".
You can try to use "--with-tls=openssl" in ./configure options, or you need to install gnutls.

BTW, are you sure you're using the correct TLS* directives in ldap.conf?

Bethory,

I got it to work, after using --with-tls=openssl and recompiling openssl with no-dso, it works.

Thanks