[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind: Can't contact LDAP server (-1)



On Fri, April 1, 2005 9:07 am, Samuel Tran said:
> On Fri, 2005-04-01 at 09:39, Bart McFarling wrote:
>> RPM install on Fedora Core 3
>> Trying to get Open-xchange up and running.
>> I get the following error message:
>> ldap_bind: Can't contact LDAP server (-1)
>>
>> slapd -d99 or -d whatever doesnt have error errno in it anywhere in
> it's
>> output.
>> any ldap* command gives this. Im sure its something small that im
>> missing.
>> Im not an openldap guru- this makes about the 5th time ive tried to
> get
>> an
>> openldap server up and running unsucessfully.
>>
>> Any help is appreciated.
>>
>> maybe my problem is is that im installing using spanish instructions
>> and i dont speak 3 words of spanish :)
>>
>> below are what i believe to be my relevant files ive messed with.
>>
>> [root@bartlap share]# ldapsearch -x -b 'dc=intermodalcartage,dc=com'
>> '(objectclass=*)'
>> ldap_bind: Can't contact LDAP server (-1)
>>
>> [root@bartlap share]# ps -eaf | egrep "slap|ldap"
>> ldap     16435     1  0 17:27 ?        00:00:00 /usr/sbin/slapd -u
> ldap
>> -h
>> ldap:///
>> root     16441  3281  0 17:27 pts/1    00:00:00 egrep slap|ldap
>> --
>> [root@bartlap share]# nmap localhost
>>
>> Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-03-31
> 17:28
>> CST
>> Interesting ports on localhost.localdomain (127.0.0.1):
>> (The 1650 ports scanned but not shown below are in state: closed)
>> PORT     STATE SERVICE
>> 22/tcp   open  ssh
>> 25/tcp   open  smtp
>> 80/tcp   open  http
>> 110/tcp  open  pop3
>> 111/tcp  open  rpcbind
>> 143/tcp  open  imap
>> 389/tcp  open  ldap
>> --
>> [root@bartlap share]# cat /etc/hosts.allow
>> #
>> # hosts.allow   This file describes the names of the hosts which are
>> #               allowed to use the local INET services, as decided
>> #               by the '/usr/sbin/tcpd' server.
>> #
>> ALL:127.0.0.1
>> slapd = 127.0.0.1
>> --
>> [root@bartlap share]# cat /etc/openldap/slapd.conf
>> #
>> # See slapd.conf(5) for details on configuration options.
>> # This file should NOT be world readable.
>> #
>> include         /etc/openldap/schema/core.schema
>> include         /etc/openldap/schema/cosine.schema
>> include         /etc/openldap/schema/inetorgperson.schema
>> include         /etc/openldap/schema/nis.schema
>>
>> # Allow LDAPv2 client connections.  This is NOT the default.
>> allow bind_v2
>>
>> # Do not enable referrals until AFTER you have a working directory
>> # service AND an understanding of referrals.
>> #referral       ldap://root.openldap.org
>>
>> pidfile         /var/run/slapd.pid
>> argsfile        /var/run/slapd.args
>>
>> # Load dynamic backend modules:
>> # modulepath    /usr/sbin/openldap
>> # moduleload    back_bdb.la
>> # moduleload    back_ldap.la
>> # moduleload    back_ldbm.la
>> # moduleload    back_passwd.la
>> # moduleload    back_shell.la
>>
>> # The next three lines allow use of TLS for encrypting connections
> using
>> a
>> # dummy test certificate which you can generate by changing to
>> # /usr/share/ssl/certs, running "make slapd.pem", and fixing
> permissions
>> on
>> # slapd.pem so that the ldap user or group can read it.  Your client
>> software
>> # may balk at self-signed certificates, however.
>> # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
>> # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
>> # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
>>
>> # Sample security restrictions
>> #       Require integrity protection (prevent hijacking)
>> #       Require 112-bit (3DES or better) encryption for updates
>> #       Require 63-bit encryption for simple bind
>> # security ssf=1 update_ssf=112 simple_bind=64
>>
>> # Sample access control policy:
>> #       Root DSE: allow anyone to read it
>> #       Subschema (sub)entry DSE: allow anyone to read it
>> #       Other DSEs:
>> #               Allow self write access
>> #               Allow authenticated users read access
>> #               Allow anonymous users to authenticate
>> #       Directives needed to implement policy:
>> # access to dn.base="" by * read
>> # access to dn.base="cn=Subschema" by * read
>> # access to *
>> #       by self write
>> #       by users read
>> #       by anonymous auth
>> #
>> # if no access controls are present, the default policy
>> # allows anyone and everyone to read anything but restricts
>> # updates to rootdn.  (e.g., "access to * by * read")
>> #
>> # rootdn can always read and write EVERYTHING!
>>
>>
> #######################################################################
>> # ldbm and/or bdb database definitions
>>
> #######################################################################
>>
>> database        ldbm
>> #suffix         "dc=my-domain,dc=com"
>> #rootdn         "cn=Manager,dc=my-domain,dc=com"
>> # Cleartext passwords, especially for the rootdn, should
>> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
>> # Use of strong authentication encouraged.
>> # rootpw                secret
>> # rootpw                {crypt}ijFYNcSNctBYg
>>
>> # The database directory MUST exist prior to running slapd AND
>> # should only be accessible by the slapd and slap tools.
>> # Mode 700 recommended.
>> directory       /var/lib/ldap
>>
>> # Indices to maintain for this database
>> #index objectClass                       eq,pres
>> #index ou,cn,mail,surname,givenname      eq,pres,sub
>> #index uidNumber,gidNumber,loginShell    eq,pres
>> #index uid,memberUid                     eq,pres,sub
>> #index nisMapName,nisMapEntry            eq,pres,sub
>>
>> # Replicas of this database
>> #replogfile /var/lib/ldap/openldap-master-replog
>> #replica host=ldap-1.example.com:389 starttls=critical
>> #     bindmethod=sasl saslmech=GSSAPI
>> #     authcId=host/ldap-master.example.com@EXAMPLE.COM
>> include /usr/local/ox/share/openxchange.schema
>>
>> suffix "dc=intermodalcartage,dc=com"
>> rootdn "cn=Manager,dc=intermodalcartage,dc=com"
>> rootpw secret
>>
>> index
>> uid,mailEnabled,cn,sn,givenname,lnetMailAccess,alias,loginDestination
>> eq,sub
>> ---
>> [root@bartlap share]# cat /etc/openldap/ldap.conf
>> #
>> # LDAP Defaults
>> #
>>
>> # See ldap.conf(5) for details
>> # This file should be world readable but not world writable.
>>
>> #BASE   dc=example, dc=com
>> #URI    ldap://localhost
>>
>> #SIZELIMIT      12
>> #TIMELIMIT      15
>> #DEREF          never
>> BASE dc=intermodalcartage,dc=com
>> HOST localhost
>> --
>> [root@bartlap share]# ls -last /var/lib/ldap/
>> total 156
>>  8 drwx------   2 ldap ldap  4096 Mar 31 16:49 .
>> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 alias.dbb
>> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 cn.dbb
>> 20 -rw-------   1 ldap ldap 16384 Mar 31 16:49 dn2id.dbb
>> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 givenName.dbb
>> 36 -rw-------   1 ldap ldap 32768 Mar 31 16:49 id2entry.dbb
>> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 mailEnabled.dbb
>> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 nextid.dbb
>> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 sn.dbb
>> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 uid.dbb
>>  8 drwxr-xr-x  22 root root  4096 Mar 31 15:36 ..
>> --
>
> Does a 'telnet localhost 389' give you a connection?
>
> Do you have iptables runing?
>
> Sam
>

yes i can telnet to 389 although i dont know any ldap commands so i cant
get any output back from it, I just get the Escape character is ^] message
and i can type garbage in there until it disconnects me with no output.

iptables is not running.

Bart