ldap_bind Can't contact LDAP server
i installed openldap-stable-20051018.tar.gz and openssl-0.9.8a.tar.gz
i run the command: "ldapsearch -H ldap://mydomain.org/ -b dc=mydomain,dc=org -x" and it works but when i try to run it via SSL: "ldapsearch -H ldaps://mydomain.org/ -b dc=mydomain,dc=org -x" i got the following message: "ldap_bind: Can't contact LDAP server (-1)" the SSL certificate contains CN=mydomain.org can anyone help? thanks |
Try running the ldpasearch with a little more debugging info by adding "-d8" to the commandline.
It could be that your LDAP client will not accept a self-signed certificate in case you're using that. If you see this error: Code:
TLS certificate verification: Error, self signed certificate Code:
TLS_REQCERT allow Eric |
i added the -d8 at the end of the command line but no debugging info displayed!
still the same error "ldap_bind: Can't contact LDAP server (-1)" |
Did you configure LDAP over SSL at all? You should have at least defined something like these lines in slapd.conf :
Code:
TLSCertificateFile /usr/share/ssl/certs/slapd.pem Does anything listen at port 636 (ldaps)? Code:
netstat -plane |grep ":636" Also, you could try TLS instead of SSL, by running the query as Code:
ldapsearch -x -ZZ -h ldap://mydomain.org/ -b dc=mydomain,dc=org ..... |
thanks for ur reply, the slapd.conf contains two entries for TLS (TLSCertificateFile,TLSCertificateKeyFile)
ldapssl process is listing on port 636 now there is a strange problem, if i run slapd ldap works (non-secured) but when i run slapd -h "ldap:/// ldaps:///" nothing works!! i hope u can help me |
when i run :
"ldapsearch -H ldap://demo.archive.bibalex.org/ -b dc=demo,dc=archive,dc=bibalex,dc=org -x -d-1" the output is: *********************************************** wait4msg continue ld 0x9f97ef0 msgid 1 all 1 ** ld 0x9f97ef0 Connections: * host:mydomain.org port: 389 (default) refcnt: 2 status: Connected last used: Thu Nov 17 12:37:47 2005 ** ld 0x9f97ef0 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** ld 0x9f97ef0 Response Queue: Empty ldap_chkResponseList ld 0x9f97ef0 msgid 1 all 1 ldap_chkResponseList returns ld 0x9f97ef0 NULL ldap_int_select ************************************************ and then it hang! no response until i close it! when i run : "ldapsearch -H ldaps://demo.archive.bibalex.org/ -b dc=demo,dc=archive,dc=bibalex,dc=org -x -d-1" the output is: ************************************************ ldap_create ldap_url_parse_ext(ldaps://mydomain.org/) ldap_bind ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP mydomain.org:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 170.15.2.22:636 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_perror ldap_bind: Can't contact LDAP server (-1) ************************************************* i hope u can help! |
If you cannot find the cause of your problems by debugging the client connections, maybe you could look at what happens at the server level?
Stop the LDAP service (don't know what distro you're running so I don't know the exact command - you will probably know) and then run this in the console: Code:
slapd -d 256 -f /etc/openldap/slapd.conf Code:
slapd -u ldap -d 256 -f /etc/openldap/slapd.conf Maybe this helps you tagging the root of the problem. Try other debug levels if you want. "man slapd.conf" will tell you what the various loglevels are showing. Eric Code:
/usr/sbin/slapd -d 256 -t -f /etc/openldap/slapd.conf |
my machine name is server and i use Fedors 4
please see the following: [root@server libexec]# /usr/local/libexec/slapd -u ldap -d 256 $OpenLDAP: slapd 2.3.11 (Nov 17 2005 12:25:37) $ root@server:/0/openldap-2.3.11/servers/slapd bdb_db_open: alock package is unstable backend_startup_one: bi_db_open failed! (-1) slapd stopped. connections_destroy: nothing to destroy. i hope u can tell me what does it mean! |
My suspicion is that your database directory (in Fedora that would be /var/lib/ldap most probably) is not owned (anymore) by the ldap user. This is probably the effect of having run slapd manually without adding the "-u ldap" parameter.
What does Code:
ls -la /var/lib/ldap On Redhat servers I manage (Redhat 8, 9 and RHEL3 and 4) the directory /var/lib/ldap is owned by user ldap and group ldap. No one else but user ldap has access to that directory. If that is not the case for you, you should run this, after stopping the ldap server: Code:
cd /var/lib/ldap Code:
service ldap start A word of advice: your knowledge of LDAP is lacking a little bit. You really need to find and read documentation about services and how the ldap server works if you really want to use it. Your original problem by the way (SSL not working) is still not solved. There is not enough information in your posts to make a good guess at what is wrong. Eric |
thanks for ur advice, i read the Official OpenLdap manual, and i'm trying to configre the openldap using its steps, but i have a problem with ldif files
i run ldapadd -f ia.ldif -x and i get the error: ldap_add: Undefined attribute type (17) additional info: dn: attribute type undefined ************************************************************** here is my ldif file: ************************************************************** # Organization for Test dn:dc=mydomain,dc=org objectClass: dcObject objectClass: organization o:Test description: Test # Organizational Role for Directory Manager dn:cn=Head,dc=mydomain,dc=org objectClass: organizationalRole cn: Head name: my_name description: my Head *************************************************************** here is the include part of my slapd.conf: include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/openldap.schema *************************************************************** i hope u can help thanks |
Add a space behind dn: and also behind o:. The space is required as a separator. Use the -v parameter to ldapadd if you want to see more verbose messages.
Eric |
I am upto here
I have the same problem..
but i am stucked in generating certificates.. can you post the process here.. Quote:
|
Quote:
Then probably your ldap is not running, check with the following command: # service ldap status if status is not running, then run the following command: # service ldap start This should start ldap. Regards Prem |
Prem.
Your reply has nothing to do with the original topic which is about configuring secure LDAP connections. Also your suggestions are very Redhat specific, they will not work on many other distros. Eric |
Guys, I am also new to LDAP and am stuck at this step:-
Quote:
Quote:
Quote:
|
your host may not be finding route to the LDAP Server
I am not sure if this solves your problem but in my case the host I was issuing ldapsearch from could not lookup my LDAP server. nslookup gave this error: ** server can't find TEST.MYDOMAIN.LOCAL: NXDOMAIN"
I got over this issue by adding an entry in my local /etc/hosts file, something like this 172.168.12.41 TEST.MYDOMAIN.LOCAL Quote:
|
Ldapbind error
Getting the below error while running LDAPsearch
ldap_bind: Can't contact LDAP server (-1) unable to locate sldap.confi file....Please could you help me resolve this |
Posting to a year-old thread with your own new question is considered as going against forum policy.
Open your own NEW thread in the forum. Use the forum for YOUR your distribution and supply more detail than just "unable to locate sldap.confi file". Fix the typing errors in that filename too please. A file with that name does indeed not exist. Eric |
All times are GMT -5. The time now is 10:14 PM. |