On Fri, 2005-04-01 at 10:10, Bart McFarling wrote:
> On Fri, April 1, 2005 9:07 am, Samuel Tran said:
> > On Fri, 2005-04-01 at 09:39, Bart McFarling wrote:
> >> RPM install on Fedora Core 3
> >> Trying to get Open-xchange up and running.
> >> I get the following error message:
> >> ldap_bind: Can't contact LDAP server (-1)
> >>
> >> slapd -d99 or -d whatever doesnt have error errno in it anywhere in
> > it's
> >> output.
> >> any ldap* command gives this. Im sure its something small that im
> >> missing.
> >> Im not an openldap guru- this makes about the 5th time ive tried to
> > get
> >> an
> >> openldap server up and running unsucessfully.
> >>
> >> Any help is appreciated.
> >>
> >> maybe my problem is is that im installing using spanish instructions
> >> and i dont speak 3 words of spanish :)
> >>
> >> below are what i believe to be my relevant files ive messed with.
> >>
> >> [root@bartlap share]# ldapsearch -x -b 'dc=intermodalcartage,dc=com'
> >> '(objectclass=*)'
> >> ldap_bind: Can't contact LDAP server (-1)
> >>
> >> [root@bartlap share]# ps -eaf | egrep "slap|ldap"
> >> ldap 16435 1 0 17:27 ? 00:00:00 /usr/sbin/slapd -u
> > ldap
> >> -h
> >> ldap:///
> >> root 16441 3281 0 17:27 pts/1 00:00:00 egrep slap|ldap
> >> --
> >> [root@bartlap share]# nmap localhost
> >>
> >> Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-03-31
> > 17:28
> >> CST
> >> Interesting ports on localhost.localdomain (127.0.0.1):
> >> (The 1650 ports scanned but not shown below are in state: closed)
> >> PORT STATE SERVICE
> >> 22/tcp open ssh
> >> 25/tcp open smtp
> >> 80/tcp open http
> >> 110/tcp open pop3
> >> 111/tcp open rpcbind
> >> 143/tcp open imap
> >> 389/tcp open ldap
> >> --
> >> [root@bartlap share]# cat /etc/hosts.allow
> >> #
> >> # hosts.allow This file describes the names of the hosts which are
> >> # allowed to use the local INET services, as decided
> >> # by the '/usr/sbin/tcpd' server.
> >> #
> >> ALL:127.0.0.1
> >> slapd = 127.0.0.1
> >> --
> >> [root@bartlap share]# cat /etc/openldap/slapd.conf
> >> #
> >> # See slapd.conf(5) for details on configuration options.
> >> # This file should NOT be world readable.
> >> #
> >> include /etc/openldap/schema/core.schema
> >> include /etc/openldap/schema/cosine.schema
> >> include /etc/openldap/schema/inetorgperson.schema
> >> include /etc/openldap/schema/nis.schema
> >>
> >> # Allow LDAPv2 client connections. This is NOT the default.
> >> allow bind_v2
> >>
> >> # Do not enable referrals until AFTER you have a working directory
> >> # service AND an understanding of referrals.
> >> #referral ldap://root.openldap.org
> >>
> >> pidfile /var/run/slapd.pid
> >> argsfile /var/run/slapd.args
> >>
> >> # Load dynamic backend modules:
> >> # modulepath /usr/sbin/openldap
> >> # moduleload back_bdb.la
> >> # moduleload back_ldap.la
> >> # moduleload back_ldbm.la
> >> # moduleload back_passwd.la
> >> # moduleload back_shell.la
> >>
> >> # The next three lines allow use of TLS for encrypting connections
> > using
> >> a
> >> # dummy test certificate which you can generate by changing to
> >> # /usr/share/ssl/certs, running "make slapd.pem", and fixing
> > permissions
> >> on
> >> # slapd.pem so that the ldap user or group can read it. Your client
> >> software
> >> # may balk at self-signed certificates, however.
> >> # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
> >> # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> >> # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> >>
> >> # Sample security restrictions
> >> # Require integrity protection (prevent hijacking)
> >> # Require 112-bit (3DES or better) encryption for updates
> >> # Require 63-bit encryption for simple bind
> >> # security ssf=1 update_ssf=112 simple_bind=64
> >>
> >> # Sample access control policy:
> >> # Root DSE: allow anyone to read it
> >> # Subschema (sub)entry DSE: allow anyone to read it
> >> # Other DSEs:
> >> # Allow self write access
> >> # Allow authenticated users read access
> >> # Allow anonymous users to authenticate
> >> # Directives needed to implement policy:
> >> # access to dn.base="" by * read
> >> # access to dn.base="cn=Subschema" by * read
> >> # access to *
> >> # by self write
> >> # by users read
> >> # by anonymous auth
> >> #
> >> # if no access controls are present, the default policy
> >> # allows anyone and everyone to read anything but restricts
> >> # updates to rootdn. (e.g., "access to * by * read")
> >> #
> >> # rootdn can always read and write EVERYTHING!
> >>
> >>
> > #######################################################################
> >> # ldbm and/or bdb database definitions
> >>
> > #######################################################################
> >>
> >> database ldbm
> >> #suffix "dc=my-domain,dc=com"
> >> #rootdn "cn=Manager,dc=my-domain,dc=com"
> >> # Cleartext passwords, especially for the rootdn, should
> >> # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> >> # Use of strong authentication encouraged.
> >> # rootpw secret
> >> # rootpw {crypt}ijFYNcSNctBYg
> >>
> >> # The database directory MUST exist prior to running slapd AND
> >> # should only be accessible by the slapd and slap tools.
> >> # Mode 700 recommended.
> >> directory /var/lib/ldap
> >>
> >> # Indices to maintain for this database
> >> #index objectClass eq,pres
> >> #index ou,cn,mail,surname,givenname eq,pres,sub
> >> #index uidNumber,gidNumber,loginShell eq,pres
> >> #index uid,memberUid eq,pres,sub
> >> #index nisMapName,nisMapEntry eq,pres,sub
> >>
> >> # Replicas of this database
> >> #replogfile /var/lib/ldap/openldap-master-replog
> >> #replica host=ldap-1.example.com:389 starttls=critical
> >> # bindmethod=sasl saslmech=GSSAPI
> >> # authcId=host/ldap-master.example.com@EXAMPLE.COM
> >> include /usr/local/ox/share/openxchange.schema
> >>
> >> suffix "dc=intermodalcartage,dc=com"
> >> rootdn "cn=Manager,dc=intermodalcartage,dc=com"
> >> rootpw secret
> >>
> >> index
> >> uid,mailEnabled,cn,sn,givenname,lnetMailAccess,alias,loginDestination
> >> eq,sub
> >> ---
> >> [root@bartlap share]# cat /etc/openldap/ldap.conf
> >> #
> >> # LDAP Defaults
> >> #
> >>
> >> # See ldap.conf(5) for details
> >> # This file should be world readable but not world writable.
> >>
> >> #BASE dc=example, dc=com
> >> #URI ldap://localhost
> >>
> >> #SIZELIMIT 12
> >> #TIMELIMIT 15
> >> #DEREF never
> >> BASE dc=intermodalcartage,dc=com
> >> HOST localhost
> >> --
> >> [root@bartlap share]# ls -last /var/lib/ldap/
> >> total 156
> >> 8 drwx------ 2 ldap ldap 4096 Mar 31 16:49 .
> >> 12 -rw------- 1 ldap ldap 8192 Mar 31 16:49 alias.dbb
> >> 12 -rw------- 1 ldap ldap 8192 Mar 31 16:49 cn.dbb
> >> 20 -rw------- 1 ldap ldap 16384 Mar 31 16:49 dn2id.dbb
> >> 12 -rw------- 1 ldap ldap 8192 Mar 31 16:49 givenName.dbb
> >> 36 -rw------- 1 ldap ldap 32768 Mar 31 16:49 id2entry.dbb
> >> 12 -rw------- 1 ldap ldap 8192 Mar 31 16:49 mailEnabled.dbb
> >> 12 -rw------- 1 ldap ldap 8192 Mar 31 16:49 nextid.dbb
> >> 12 -rw------- 1 ldap ldap 8192 Mar 31 16:49 sn.dbb
> >> 12 -rw------- 1 ldap ldap 8192 Mar 31 16:49 uid.dbb
> >> 8 drwxr-xr-x 22 root root 4096 Mar 31 15:36 ..
> >> --
> >
> > Does a 'telnet localhost 389' give you a connection?
> >
> > Do you have iptables runing?
> >
> > Sam
> >
>
> yes i can telnet to 389 although i dont know any ldap commands so i cant
> get any output back from it, I just get the Escape character is ^] message
> and i can type garbage in there until it disconnects me with no output.
>
> iptables is not running.
>
So just try this:
ldapsearch -LLL -x -b 'dc=intermodalcartage,dc=com' -H ldap://localhost
Sam
Attachment:
signature.asc
Description: This is a digitally signed message part