Re: Can't contact Ldap server

[The Shell <samwun@hgcbroadband.com>]

I just added a line in the slapd.conf file to hope that it enable TLS 
service:
TSL_REQCERT allow
but it still getting the same error.

sam

The Shell wrote:

> Hi,
>
> I finally successfuly made the SASL workign with GSSAPI.
> The following command verified that GSSAPI is supported in Openldap:
> root@fbsd [2:02am] [/etc]# /usr/local/bin/ldapsearch -x -LLL -s "base" 
> -b "" supportedSASLMechanisms
> dn:
> supportedSASLMechanisms: GSSAPI
> supportedSASLMechanisms: OTP
> supportedSASLMechanisms: DIGEST-MD5
> supportedSASLMechanisms: CRAM-MD5
>
> Then I tried to test the ldapsearch command:
> root@fbsd [2:02am] [/etc]# /usr/local/bin/ldapsearch -Y GSSAPI -Z 
> '(uid=root)' ldap_start_tls: Connect error (-11)
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
> root@fbsd [2:02am] [/etc]#
>
> It seems that the Ldap server is not running, but I looked the scanned 
> result, the Sldap and Kerberos are running:
> 88/tcp     open        kerberos-sec           389/tcp    open        
> ldap                   636/tcp    open        ldapssl                
> 749/tcp    open        kerberos-adm   
> the log file shown the following message which I don't really understand:
> # tail -f /var/log/debug.log
> Jun  4 02:08:23 fbsd slapd[36921]: conn=7 fd=14 ACCEPT from IP=::1 
> 49160 (IP=:: 389)
> Jun  4 02:08:23 fbsd slapd[36921]: conn=7 fd=14 closed
>
> What might be wrong with this test?
> Thanks
> sam