-   Linux - Networking (
-   -   ldapsearch cannot contact ldap server. (

thomas123 11-12-2009 02:53 PM

ldapsearch cannot contact ldap server.

I installed openldap 2.4.16 on my suse server but when running ldapsearch from openldap, it couldn't contact ldap server over port 636 but when running ldapsearch that came with the suse installation, i can do the same search over port 636 successfully. The error I receive when running ldap search from openldap is

Can't contact ldap server (-1).

Below is how openldap is configure

I install openssl with
./configure --prefix=/path/to/install/ssl/in

and openldap with
./configure --prefix=/path/to/install/ldap/in --enable-ldap --disable-slapd --with-tls

Is there something else i'm missing?


bathory 11-12-2009 05:44 PM

I guess you have wrong settings in ldap.conf. According to your openldap installation, it should be in /path/to/install/ldap/in/etc/ldap.conf.
You might copy the working ldap.conf from Suse's openldap installation.

May I ask, why you have installed openldap from source since you have a working openldap package that came with your distro?

thomas123 11-12-2009 05:58 PM

I install it because i'm running php with ldap but somehow I cannot install php with the ldap that came with the linux installation, so i have to install openldap.

I tried that with --with-ldap and --with-ldap=shared, but could'nt get that to work.

I'll give ur suggestion a try and let u know.


thomas123 11-12-2009 06:05 PM

tried your suggestion but it doesn't work.

bathory 11-12-2009 06:06 PM

I guess you miss openldap-devel package (or something like that) in order to install php with ldap support.

thomas123 11-12-2009 06:15 PM

not sure what u mean by openldap-devel package?

bathory 11-12-2009 06:26 PM

If you want to compile php with ldap support you'll need the openldap header files and libraries that can be found in a different package, usually named by adding a "-devel" at the package name. Searching a little, it looks like Suse's package name is openldap2-devel. Find the one that's for your installed openldap package, install it and hopefully you will be able to compile php with ldap support.
Regarding ldapsearch, what is the exact command options you're using?

thomas123 11-12-2009 06:50 PM

here is the command i use

ldapsearch -x -b 'o=abc' -H ldaps://xyz -D "cn=a,ou=b,o=c" '(id=123)' -W

bathory 11-13-2009 01:18 AM

You can test adding -d1 (for debugging) and -Z or -ZZ and see if you get any errors.


thomas123 11-13-2009 11:58 AM

hi Bathory,

When running with -d1 option, it say
empty response
result: Can't contact LDAP server (-1)

and when running it with -Z or -ZZ, it gives the following message:

ldapsearch: not compiled with TLS support

I thought i compile ldap with TLS support when adding --with-tls. is there something else i'm missing?

Also tried recompiling with the same command and half way, i see this:

checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking for SSL_library_init in -lssl... no
checking for ssl3_accept in -lssl... no
checking gnutls/gnutls.h usability... no
checking gnutls/gnutls.h presence... no
checking gnutls/gnutls.h... no
Could not locate TLS/SSL Package
TLS data protection no supported!

bathory 11-13-2009 04:01 PM

That's because you have installed openssl in a not standard directory. You can run ./configure like this:

LDFLAGS="-L/path/to/install/ssl/in/lib" CPPFLAGS="-I/path/to/install/ssl/in/include" ./configure --prefix=/path/to/install/ldap/in --enable-ldap --disable-slapd --with-tls
Before running ./configure, run "make distclean" or "make clean", to remove files created from previous tries.

Or you can try just to add the openssl-devel package using your package manager, so the openldap ./configure script will your distro's openssl, unless there is a good reason to use openssl compiled from source.

thomas123 11-13-2009 04:25 PM

I already tried the command you give but that didn't work. same error. if i ran it without CPPFLAGS and LDFLAGS then all of the check above result in "no"

bathory 11-13-2009 05:01 PM

When you say same error, you mean: "ldapsearch: not compiled with TLS support".
You can try to use "--with-tls=openssl" in ./configure options, or you need to install gnutls.

BTW, are you sure you're using the correct TLS* directives in ldap.conf?

thomas123 11-13-2009 05:37 PM


I got it to work, after using --with-tls=openssl and recompiling openssl with no-dso, it works.


All times are GMT -5. The time now is 06:56 AM.