Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 03-06-2012, 04:24 PM   #1
Registered: Feb 2009
Location: Bremerton, WA, USA
Distribution: Red Hat
Posts: 60

Rep: Reputation: 26
nss_ldap: could not search LDAP server - Server is unavailable

Hey all,
I have an OpenLDAP server that is all set up and running. From the client I can do a getent passwd uid and get good results. I can telnet to the IP and port 389 and get a good connection but here is where I get confused at. When I reboot the client I get the error message nss_ldap: could not search LDAP server - Server is unavailable on both the IP and the FQDN. From all the examples and books, as far as I can tell ldap.conf is correct. I even created a DNS server since a few places had said that might be an issue (we use the hosts file). It has made no difference at all. The /etc/ldap.conf on the client looks like this:
base dc=prod,dc=example,dc=com
ldap_version 3
binddn cn=admin,dc=prod,dc=example,dc=com
bindpw secret
port 389
scope sub
timelimit 30
bind_timelimit 30
bind_policy soft
idle_timelimit 3600
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_password exop
nss_base_passwd ou=people,dc=prod,dc=example,dc=com?one
nss_base_shadow ou=people,dc=prod,dc=example,dc=com?one
nss_base_group ou=groups,dc=prod,dc=example,dc=com?one
nss_base_hosts ou=hosts,dc=prod,dc=example,dc=com?one
uri ldap:// ldap://
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5

Both the addresses point to the same part of my troubleshooting efforts. Please let me know if you need anything else, and thanks in advance for any help you might be able to offer.
Old 03-06-2012, 09:28 PM   #2
LQ Newbie
Registered: Mar 2012
Location: Maryland
Distribution: Ubuntu
Posts: 2

Rep: Reputation: Disabled
What distro and openldap versions are you using?

A couple things to check for:

ln -s /etc/ldap.conf /etc/libnss_ldap.conf

Depending on distro and version this may or may not do anything, but may help.

I have seen those errors on boot myself, but most times they are benign as it is services attempting to check against ldap users before network has begun, and then it falls through to system users. Sometimes you can quell those errors by simply changing your nsswitch.conf to:
passwd: compat ldap
group: compat ldap
shadow: compat ldap

That way it checks local first while firing up local services.
Old 03-07-2012, 01:39 PM   #3
Registered: Feb 2009
Location: Bremerton, WA, USA
Distribution: Red Hat
Posts: 60

Original Poster
Rep: Reputation: 26
I found numerous bug reports on RHEL/Fedora and nss_ldap. The recommendation was to go with SSSD which is what I have decided to do. I appreciate you taking the time to respond though.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
nss_ldap: failed to bind to LDAP server pitccorp01 Linux - Newbie 4 12-14-2011 01:37 PM
nscd: nss_ldap: reconnected to LDAP server errors RHEL 5.4 smitsc05 Linux - Networking 2 12-03-2010 12:50 AM
nss_ldap hangs at failover of master LDAP server to slave linux=future Linux - Software 8 03-31-2010 11:27 AM
nss_ldap: reconnecting to LDAP server (sleeping 64 seconds) your_shadow03 Linux - Newbie 1 01-13-2010 01:59 PM
nss_ldap, can't contact LDAP server! mesh2005 Linux - Networking 3 12-06-2005 02:22 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:06 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration