[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (FIXED) localhost ldapsearch[Scanned]

I hope the following is enough

OS: Fedora Core 3 (with latest updates)
openldap: 2.2.13-2

changed openldap.spec in a few places to enable aci

export ac_cv_func_getaddrinfo=no

rpmbuild --ba /usr/src/redhat/SPECS/openldap.spec

rpm -ivh /usr/src/redhat/RPMS/i386/openldap-2.2.13-2.i386.rpm /usr/src/redhat/RPMS/i386/openldap-servers-2.2.13-2.i386.rpm /usr/src/redhat/RPMS/i386/openldap-clients-2.2.13-2.i386.rpm

edited /etc/openldap/ldap.conf to read:
--------------------------------------------------------
BASE    dc=ocf,dc=co,dc=uk
HOST    localhost
---------------------------------------------------------

edited /etc/openldap/slapd.conf to read:
---------------------------------------------------------
suffix          "dc=ocf,dc=co,dc=uk"
rootdn          "cn=Manager,dc=ocf,dc=co,dc=uk"
rootpw         secret
----------------------------------------------------------

added few things for my environment, such as importing an ldif file, and creating new entries for users for testing purposes

executed the following
---------------------------------------------------------
[root@mailserver-linux]$ ldapsearch -H ldap://localhost/ -w secret -x -D cn=manager,dc=ocf,dc=co,dc=uk '(uid=*)' uidNumber
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=*)
# requesting: uidNumber
#

# mailadmin, Users, OxObjects, ocf.co.uk
dn: uid=mailadmin,ou=Users,ou=OxObjects,dc=ocf,dc=co,dc=uk
uidNumber: 501

# john, Users, OxObjects, ocf.co.uk
dn: uid=john,ou=Users,ou=OxObjects,dc=ocf,dc=co,dc=uk
uidNumber: 502

# aali, Users, OxObjects, ocf.co.uk
dn: uid=aali,ou=Users,ou=OxObjects,dc=ocf,dc=co,dc=uk
uidNumber: 503

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3
-----------------------------------------------------------------

regards,
Arif

vadim wrote:

what was it? I believe it would be important info for others and
therefore it should be published on the list.

best regards, vadim tarassov.

On Wed, 2005-08-10 at 12:21 +0100, Arif Ali wrote:


thanks for that, I really appreciate it, it now works

vadim wrote:



Yeaaaahh, we have a problem ...

There are actually two possibilities that I see now: (i) implementation
of getaddrinfo() in your distro is buggy, or (ii) OL does not use
getaddrinfo() properly.

I personally would do following now to identify the problem:

Assuming that you are trying OL from a linux distro, I would get instead
sources from latest stable OL release and compile it myself. If problem
will be gone, I would send a polite email to that distro team. If
problem persists, I would look in www.openldap.org "Issue Tracking
System" or ITS if there is a known issue regarding getaddrinfo(). I have
found following there:

From: Kurt Zeilenga <openldap-its@OpenLDAP.org>
To: mehall@us.ibm.com
Subject: Re: OpenLDAP 2.2.13, 2.2.15 communication failure (ITS#3279)
Date: Fri Aug 27 20:43:31 2004
Based on various followups, I suggest setting
ac_cv_func_getaddrinfo to no before running ./configure.
That is,
env ac_cv_func_getaddrinfo=no ./configure ...

(seems AIX's getaddrinfo(3) doesn't conform to the latest IETF API
specifications, something you might want to report to AIX developers at IBM.)

Regards, Kurt

I assume you are not struggling with AIX, but it would be still interesting to tell configure,
that it does not have getaddrinfo() at all. I hope in this case you will get ldap your ldap things running.

I would also try to write a little test program calling getaddrinfo()
the way how OL does it, and report result to the list, and see what
happens.

Good luck, vadim tarassov.

On Wed, 2005-08-10 at 09:18 +0100, Arif Ali wrote:




This is what I get, not sure what this is suppose to mean, or what is wrong

ldap_create
ldap_url_parse_ext(ldap://localhost/)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_connect_to_host: getaddrinfo failed: invalid flags
ldap_perror
ldap_bind: Can't contact LDAP server (-1)

vadim wrote:





Can you try ldapsearch with -d -1?

On Tue, 2005-08-09 at 17:08 +0100, Arif Ali wrote:






I get nothing at all, when I issue the command

vadim wrote:







What is about "-d -1"? There is actually no point of sending log to me.
If slapd will write something meaningful you will notice it yourself.
Otherwise it must be something related to your particular linux box,
where I hardly can help you, because I don't have enough know-how in
this area. Sorry for this.

On Tue, 2005-08-09 at 16:50 +0100, Arif Ali wrote:








How detailed do you want them, I can restart it with "-d 255" and send the whole log to you if you want to see where the problem is, but I don't seem to see anything in the logs for this

vadim wrote:









Does slapd produces any log?

On Tue, 2005-08-09 at 16:40 +0100, Arif Ali wrote:










when I put in 0.0.0.0 into the ldap file in /etc/init.d, I get following

# netstat -ant | grep 389

tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN

tcp        0      0 127.0.0.1:52534             127.0.0.1:389               TIME_WAIT

tcp        1      0 127.0.0.1:52334             127.0.0.1:389               CLOSE_WAIT


and still get the same error message i.e.

ldap_bind: Can't contact LDAP server (-1)


when I leave the ldap file as is then I get

# netstat -ant | grep 389

tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN

tcp        1      0 127.0.0.1:52334             127.0.0.1:389               CLOSE_WAIT

tcp        0      0 :::389                      :::*                        LISTEN

any more ideas would be appreciated,

thanks
Arif

vadim wrote:











It looks like your slapd is not listening on 127.0.0.1! Somewhere
in /etc/init.d should be script executing slapd. What is value of the -h
command line option? Make sure that it is "0.0.0.0:389". In such case
slapd will listen on all ip addresses. Or I am totally wrong?

On Tue, 2005-08-09 at 16:15 +0100, Arif Ali wrote:












eeek sorry about that;

the error message is

ldap_bind: Can't contact LDAP server (-1)

I have tried the following; from the local machine with no success

ldapsearch -H ldap://localhost/ -w secret -x -b ou=Users,ou=OxObjects,dc=ocf,dc=co,dc=uk -D dc=ocf,dc=co,dc=uk uid=* uidNumber
ldapsearch -H ldap://127.0.0.1/ -w secret -x -b ou=Users,ou=OxObjects,dc=ocf,dc=co,dc=uk -D dc=ocf,dc=co,dc=uk uid=* uidNumber
ldapsearch -H ldap://mailserver-linux/ -w secret -x -b ou=Users,ou=OxObjects,dc=ocf,dc=co,dc=uk -D dc=ocf,dc=co,dc=uk uid=* uidNumber
ldapsearch -H ldap://195.62.2.26/ -w secret -x -b ou=Users,ou=OxObjects,dc=ocf,dc=co,dc=uk -D dc=ocf,dc=co,dc=uk uid=* uidNumber

if I do the following

ldapsearch -H localhost -w secret -x -b ou=Users,ou=OxObjects,dc=ocf,dc=co,dc=uk -D dc=ocf,dc=co,dc=uk uid=* uidNumber

I get

Could not create LDAP session handle (3): Time limit exceeded


thanks again
Arif

vadim wrote:













and what message do you get from ldapsearch when trying localhost?

On Tue, 2005-08-09 at 14:12 +0100, Arif Ali wrote:














Hi all,

I have been trying to install ldap on one of our servers to do various things, but with any install I am never able to to get a ldapsearch workin on localhost, but when I do a ldapsearch from a machione on the network pointing to the ip address of the server, I get a result. iptables is turned off, nothing in hosts.deny or hosts.allow, would there be anything else on FC3 which will not allow localhost ldap searches. I am able to view/edit the ldap tree structure using luma from localhost.

any help would be appreciated,

thanks

































--
Arif Ali
Software Engineer
OCF plc
Mob:    +44 (0)7970 148122
Office: +44 (0)114 2572200
Fax:    +44 (0)114 2570022
Web:    http://www.ocf.co.uk

This email including any attachments to it is confidential and intended solely for the use of the individual to whom it is addressed. Its contents may be protected by copyright. If you are not the intended recipient, please be advised that you have received this email in error and that you should delete it from your system and not copy its contents or disclose them to any other person. If you have received this email in error please notify OCF plc by telephone on 0845 702 3829

We do not accept responsibility for viruses; you must scan for these.























--
Arif Ali
Software Engineer
OCF plc
Mob:    +44 (0)7970 148122
Office: +44 (0)114 2572200
Fax:    +44 (0)114 2570022
Web:    http://www.ocf.co.uk

This email including any attachments to it is confidential and intended solely for the use of the individual to whom it is addressed. Its contents may be protected by copyright. If you are not the intended recipient, please be advised that you have received this email in error and that you should delete it from your system and not copy its contents or disclose them to any other person. If you have received this email in error please notify OCF plc by telephone on 0845 702 3829

We do not accept responsibility for viruses; you must scan for these.