nss_ldap: could not search LDAP server - Server is unavailable
Hey all,
I have an OpenLDAP server that is all set up and running. From the client I can do a getent passwd uid and get good results. I can telnet to the IP and port 389 and get a good connection but here is where I get confused at. When I reboot the client I get the error message nss_ldap: could not search LDAP server - Server is unavailable on both the IP and the FQDN. From all the examples and books, as far as I can tell ldap.conf is correct. I even created a DNS server since a few places had said that might be an issue (we use the hosts file). It has made no difference at all. The /etc/ldap.conf on the client looks like this: base dc=prod,dc=example,dc=com ldap_version 3 binddn cn=admin,dc=prod,dc=example,dc=com bindpw secret port 389 scope sub timelimit 30 bind_timelimit 30 bind_policy soft idle_timelimit 3600 pam_filter objectclass=posixAccount pam_login_attribute uid pam_password exop nss_base_passwd ou=people,dc=prod,dc=example,dc=com?one nss_base_shadow ou=people,dc=prod,dc=example,dc=com?one nss_base_group ou=groups,dc=prod,dc=example,dc=com?one nss_base_hosts ou=hosts,dc=prod,dc=example,dc=com?one uri ldap://10.178.156.45/ ldap://oly-infra-ldap1.prod.example.com/ ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 Both the addresses point to the same server...as part of my troubleshooting efforts. Please let me know if you need anything else, and thanks in advance for any help you might be able to offer. |
What distro and openldap versions are you using?
A couple things to check for: ln -s /etc/ldap.conf /etc/libnss_ldap.conf Depending on distro and version this may or may not do anything, but may help. I have seen those errors on boot myself, but most times they are benign as it is services attempting to check against ldap users before network has begun, and then it falls through to system users. Sometimes you can quell those errors by simply changing your nsswitch.conf to: passwd: compat ldap group: compat ldap shadow: compat ldap That way it checks local first while firing up local services. |
I found numerous bug reports on RHEL/Fedora and nss_ldap. The recommendation was to go with SSSD which is what I have decided to do. I appreciate you taking the time to respond though.
|
All times are GMT -5. The time now is 06:36 AM. |