LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   nss_ldap: could not search LDAP server - Server is unavailable (https://www.linuxquestions.org/questions/linux-server-73/nss_ldap-could-not-search-ldap-server-server-is-unavailable-933076/)

trekgirl 03-06-2012 03:24 PM
nss_ldap: could not search LDAP server - Server is unavailable
 
Hey all,
I have an OpenLDAP server that is all set up and running. From the client I can do a getent passwd uid and get good results. I can telnet to the IP and port 389 and get a good connection but here is where I get confused at. When I reboot the client I get the error message nss_ldap: could not search LDAP server - Server is unavailable on both the IP and the FQDN. From all the examples and books, as far as I can tell ldap.conf is correct. I even created a DNS server since a few places had said that might be an issue (we use the hosts file). It has made no difference at all. The /etc/ldap.conf on the client looks like this:
base dc=prod,dc=example,dc=com
ldap_version 3
binddn cn=admin,dc=prod,dc=example,dc=com
bindpw secret
port 389
scope sub
timelimit 30
bind_timelimit 30
bind_policy soft
idle_timelimit 3600
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_password exop
nss_base_passwd ou=people,dc=prod,dc=example,dc=com?one
nss_base_shadow ou=people,dc=prod,dc=example,dc=com?one
nss_base_group ou=groups,dc=prod,dc=example,dc=com?one
nss_base_hosts ou=hosts,dc=prod,dc=example,dc=com?one
uri ldap://10.178.156.45/ ldap://oly-infra-ldap1.prod.example.com/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5


Both the addresses point to the same server...as part of my troubleshooting efforts. Please let me know if you need anything else, and thanks in advance for any help you might be able to offer.

jdrowe 03-06-2012 08:28 PM
What distro and openldap versions are you using?

A couple things to check for:

ln -s /etc/ldap.conf /etc/libnss_ldap.conf

Depending on distro and version this may or may not do anything, but may help.


I have seen those errors on boot myself, but most times they are benign as it is services attempting to check against ldap users before network has begun, and then it falls through to system users. Sometimes you can quell those errors by simply changing your nsswitch.conf to:
passwd: compat ldap
group: compat ldap
shadow: compat ldap

That way it checks local first while firing up local services.

trekgirl 03-07-2012 12:39 PM
I found numerous bug reports on RHEL/Fedora and nss_ldap. The recommendation was to go with SSSD which is what I have decided to do. I appreciate you taking the time to respond though.


All times are GMT -5. The time now is 06:36 AM.