LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-12-2009, 01:53 PM   #1
thomas123
LQ Newbie
 
Registered: Nov 2009
Posts: 8

Rep: Reputation: 0
ldapsearch cannot contact ldap server.


Hi,

I installed openldap 2.4.16 on my suse server but when running ldapsearch from openldap, it couldn't contact ldap server over port 636 but when running ldapsearch that came with the suse installation, i can do the same search over port 636 successfully. The error I receive when running ldap search from openldap is

Can't contact ldap server (-1).

Below is how openldap is configure

I install openssl with
./configure --prefix=/path/to/install/ssl/in

and openldap with
./configure --prefix=/path/to/install/ldap/in --enable-ldap --disable-slapd --with-tls

Is there something else i'm missing?

Thanks

Last edited by thomas123; 11-12-2009 at 01:54 PM.
 
Old 11-12-2009, 04:44 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,924

Rep: Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327
I guess you have wrong settings in ldap.conf. According to your openldap installation, it should be in /path/to/install/ldap/in/etc/ldap.conf.
You might copy the working ldap.conf from Suse's openldap installation.

May I ask, why you have installed openldap from source since you have a working openldap package that came with your distro?
 
Old 11-12-2009, 04:58 PM   #3
thomas123
LQ Newbie
 
Registered: Nov 2009
Posts: 8

Original Poster
Rep: Reputation: 0
I install it because i'm running php with ldap but somehow I cannot install php with the ldap that came with the linux installation, so i have to install openldap.

I tried that with --with-ldap and --with-ldap=shared, but could'nt get that to work.

I'll give ur suggestion a try and let u know.

Thanks
 
Old 11-12-2009, 05:05 PM   #4
thomas123
LQ Newbie
 
Registered: Nov 2009
Posts: 8

Original Poster
Rep: Reputation: 0
tried your suggestion but it doesn't work.
 
Old 11-12-2009, 05:06 PM   #5
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,924

Rep: Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327
I guess you miss openldap-devel package (or something like that) in order to install php with ldap support.
 
Old 11-12-2009, 05:15 PM   #6
thomas123
LQ Newbie
 
Registered: Nov 2009
Posts: 8

Original Poster
Rep: Reputation: 0
not sure what u mean by openldap-devel package?
 
Old 11-12-2009, 05:26 PM   #7
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,924

Rep: Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327
If you want to compile php with ldap support you'll need the openldap header files and libraries that can be found in a different package, usually named by adding a "-devel" at the package name. Searching a little, it looks like Suse's package name is openldap2-devel. Find the one that's for your installed openldap package, install it and hopefully you will be able to compile php with ldap support.
Regarding ldapsearch, what is the exact command options you're using?
 
Old 11-12-2009, 05:50 PM   #8
thomas123
LQ Newbie
 
Registered: Nov 2009
Posts: 8

Original Poster
Rep: Reputation: 0
here is the command i use

ldapsearch -x -b 'o=abc' -H ldaps://xyz -D "cn=a,ou=b,o=c" '(id=123)' -W
 
Old 11-13-2009, 12:18 AM   #9
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,924

Rep: Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327
You can test adding -d1 (for debugging) and -Z or -ZZ and see if you get any errors.

Regards
 
Old 11-13-2009, 10:58 AM   #10
thomas123
LQ Newbie
 
Registered: Nov 2009
Posts: 8

Original Poster
Rep: Reputation: 0
hi Bathory,

When running with -d1 option, it say
empty response
ldap_err2string
result: Can't contact LDAP server (-1)

and when running it with -Z or -ZZ, it gives the following message:

ldapsearch: not compiled with TLS support

I thought i compile ldap with TLS support when adding --with-tls. is there something else i'm missing?

Also tried recompiling with the same command and half way, i see this:

checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking for SSL_library_init in -lssl... no
checking for ssl3_accept in -lssl... no
checking gnutls/gnutls.h usability... no
checking gnutls/gnutls.h presence... no
checking gnutls/gnutls.h... no
Could not locate TLS/SSL Package
TLS data protection no supported!

Last edited by thomas123; 11-13-2009 at 12:06 PM.
 
Old 11-13-2009, 03:01 PM   #11
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,924

Rep: Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327
That's because you have installed openssl in a not standard directory. You can run ./configure like this:
Code:
LDFLAGS="-L/path/to/install/ssl/in/lib" CPPFLAGS="-I/path/to/install/ssl/in/include" ./configure --prefix=/path/to/install/ldap/in --enable-ldap --disable-slapd --with-tls
Before running ./configure, run "make distclean" or "make clean", to remove files created from previous tries.

Or you can try just to add the openssl-devel package using your package manager, so the openldap ./configure script will your distro's openssl, unless there is a good reason to use openssl compiled from source.
 
Old 11-13-2009, 03:25 PM   #12
thomas123
LQ Newbie
 
Registered: Nov 2009
Posts: 8

Original Poster
Rep: Reputation: 0
I already tried the command you give but that didn't work. same error. if i ran it without CPPFLAGS and LDFLAGS then all of the check above result in "no"
 
Old 11-13-2009, 04:01 PM   #13
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,924

Rep: Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327Reputation: 1327
When you say same error, you mean: "ldapsearch: not compiled with TLS support".
You can try to use "--with-tls=openssl" in ./configure options, or you need to install gnutls.

BTW, are you sure you're using the correct TLS* directives in ldap.conf?
 
Old 11-13-2009, 04:37 PM   #14
thomas123
LQ Newbie
 
Registered: Nov 2009
Posts: 8

Original Poster
Rep: Reputation: 0
Bethory,

I got it to work, after using --with-tls=openssl and recompiling openssl with no-dso, it works.

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP: Can't contact master ldap server rulirahm Linux - Networking 2 07-14-2014 02:02 AM
unable to get ldap to bind to Active Directory server, but am able to ldapsearch kcorupe Linux - Server 2 08-03-2012 02:57 AM
Ubuntu Hardy (php-ldap):Can't contact LDAP server eantoranz Programming 7 12-02-2008 06:40 PM
What causes -> Cannot contact LDAP server? factos Linux - Newbie 4 11-15-2007 09:18 AM
Can't contact ldap server(-1) justsimran Linux - General 0 06-14-2007 06:22 AM


All times are GMT -5. The time now is 03:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration