[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind: Can't contact LDAP server (-1)



On Fri, April 1, 2005 9:15 am, Samuel Tran said:
> On Fri, 2005-04-01 at 10:10, Bart McFarling wrote:
>> On Fri, April 1, 2005 9:07 am, Samuel Tran said:
>> > On Fri, 2005-04-01 at 09:39, Bart McFarling wrote:
>> >> RPM install on Fedora Core 3
>> >> Trying to get Open-xchange up and running.
>> >> I get the following error message:
>> >> ldap_bind: Can't contact LDAP server (-1)
>> >>
>> >> slapd -d99 or -d whatever doesnt have error errno in it anywhere in
>> > it's
>> >> output.
>> >> any ldap* command gives this. Im sure its something small that im
>> >> missing.
>> >> Im not an openldap guru- this makes about the 5th time ive tried to
>> > get
>> >> an
>> >> openldap server up and running unsucessfully.
>> >>
>> >> Any help is appreciated.
>> >>
>> >> maybe my problem is is that im installing using spanish
> instructions
>> >> and i dont speak 3 words of spanish :)
>> >>
>> >> below are what i believe to be my relevant files ive messed with.
>> >>
>> >> [root@bartlap share]# ldapsearch -x -b
> 'dc=intermodalcartage,dc=com'
>> >> '(objectclass=*)'
>> >> ldap_bind: Can't contact LDAP server (-1)
>> >>
>> >> [root@bartlap share]# ps -eaf | egrep "slap|ldap"
>> >> ldap     16435     1  0 17:27 ?        00:00:00 /usr/sbin/slapd -u
>> > ldap
>> >> -h
>> >> ldap:///
>> >> root     16441  3281  0 17:27 pts/1    00:00:00 egrep slap|ldap
>> >> --
>> >> [root@bartlap share]# nmap localhost
>> >>
>> >> Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-03-31
>> > 17:28
>> >> CST
>> >> Interesting ports on localhost.localdomain (127.0.0.1):
>> >> (The 1650 ports scanned but not shown below are in state: closed)
>> >> PORT     STATE SERVICE
>> >> 22/tcp   open  ssh
>> >> 25/tcp   open  smtp
>> >> 80/tcp   open  http
>> >> 110/tcp  open  pop3
>> >> 111/tcp  open  rpcbind
>> >> 143/tcp  open  imap
>> >> 389/tcp  open  ldap
>> >> --
>> >> [root@bartlap share]# cat /etc/hosts.allow
>> >> #
>> >> # hosts.allow   This file describes the names of the hosts which
> are
>> >> #               allowed to use the local INET services, as decided
>> >> #               by the '/usr/sbin/tcpd' server.
>> >> #
>> >> ALL:127.0.0.1
>> >> slapd = 127.0.0.1
>> >> --
>> >> [root@bartlap share]# cat /etc/openldap/slapd.conf
>> >> #
>> >> # See slapd.conf(5) for details on configuration options.
>> >> # This file should NOT be world readable.
>> >> #
>> >> include         /etc/openldap/schema/core.schema
>> >> include         /etc/openldap/schema/cosine.schema
>> >> include         /etc/openldap/schema/inetorgperson.schema
>> >> include         /etc/openldap/schema/nis.schema
>> >>
>> >> # Allow LDAPv2 client connections.  This is NOT the default.
>> >> allow bind_v2
>> >>
>> >> # Do not enable referrals until AFTER you have a working directory
>> >> # service AND an understanding of referrals.
>> >> #referral       ldap://root.openldap.org
>> >>
>> >> pidfile         /var/run/slapd.pid
>> >> argsfile        /var/run/slapd.args
>> >>
>> >> # Load dynamic backend modules:
>> >> # modulepath    /usr/sbin/openldap
>> >> # moduleload    back_bdb.la
>> >> # moduleload    back_ldap.la
>> >> # moduleload    back_ldbm.la
>> >> # moduleload    back_passwd.la
>> >> # moduleload    back_shell.la
>> >>
>> >> # The next three lines allow use of TLS for encrypting connections
>> > using
>> >> a
>> >> # dummy test certificate which you can generate by changing to
>> >> # /usr/share/ssl/certs, running "make slapd.pem", and fixing
>> > permissions
>> >> on
>> >> # slapd.pem so that the ldap user or group can read it.  Your
> client
>> >> software
>> >> # may balk at self-signed certificates, however.
>> >> # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
>> >> # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
>> >> # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
>> >>
>> >> # Sample security restrictions
>> >> #       Require integrity protection (prevent hijacking)
>> >> #       Require 112-bit (3DES or better) encryption for updates
>> >> #       Require 63-bit encryption for simple bind
>> >> # security ssf=1 update_ssf=112 simple_bind=64
>> >>
>> >> # Sample access control policy:
>> >> #       Root DSE: allow anyone to read it
>> >> #       Subschema (sub)entry DSE: allow anyone to read it
>> >> #       Other DSEs:
>> >> #               Allow self write access
>> >> #               Allow authenticated users read access
>> >> #               Allow anonymous users to authenticate
>> >> #       Directives needed to implement policy:
>> >> # access to dn.base="" by * read
>> >> # access to dn.base="cn=Subschema" by * read
>> >> # access to *
>> >> #       by self write
>> >> #       by users read
>> >> #       by anonymous auth
>> >> #
>> >> # if no access controls are present, the default policy
>> >> # allows anyone and everyone to read anything but restricts
>> >> # updates to rootdn.  (e.g., "access to * by * read")
>> >> #
>> >> # rootdn can always read and write EVERYTHING!
>> >>
>> >>
>> >
> #######################################################################
>> >> # ldbm and/or bdb database definitions
>> >>
>> >
> #######################################################################
>> >>
>> >> database        ldbm
>> >> #suffix         "dc=my-domain,dc=com"
>> >> #rootdn         "cn=Manager,dc=my-domain,dc=com"
>> >> # Cleartext passwords, especially for the rootdn, should
>> >> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
>> >> # Use of strong authentication encouraged.
>> >> # rootpw                secret
>> >> # rootpw                {crypt}ijFYNcSNctBYg
>> >>
>> >> # The database directory MUST exist prior to running slapd AND
>> >> # should only be accessible by the slapd and slap tools.
>> >> # Mode 700 recommended.
>> >> directory       /var/lib/ldap
>> >>
>> >> # Indices to maintain for this database
>> >> #index objectClass                       eq,pres
>> >> #index ou,cn,mail,surname,givenname      eq,pres,sub
>> >> #index uidNumber,gidNumber,loginShell    eq,pres
>> >> #index uid,memberUid                     eq,pres,sub
>> >> #index nisMapName,nisMapEntry            eq,pres,sub
>> >>
>> >> # Replicas of this database
>> >> #replogfile /var/lib/ldap/openldap-master-replog
>> >> #replica host=ldap-1.example.com:389 starttls=critical
>> >> #     bindmethod=sasl saslmech=GSSAPI
>> >> #     authcId=host/ldap-master.example.com@EXAMPLE.COM
>> >> include /usr/local/ox/share/openxchange.schema
>> >>
>> >> suffix "dc=intermodalcartage,dc=com"
>> >> rootdn "cn=Manager,dc=intermodalcartage,dc=com"
>> >> rootpw secret
>> >>
>> >> index
>> >>
> uid,mailEnabled,cn,sn,givenname,lnetMailAccess,alias,loginDestination
>> >> eq,sub
>> >> ---
>> >> [root@bartlap share]# cat /etc/openldap/ldap.conf
>> >> #
>> >> # LDAP Defaults
>> >> #
>> >>
>> >> # See ldap.conf(5) for details
>> >> # This file should be world readable but not world writable.
>> >>
>> >> #BASE   dc=example, dc=com
>> >> #URI    ldap://localhost
>> >>
>> >> #SIZELIMIT      12
>> >> #TIMELIMIT      15
>> >> #DEREF          never
>> >> BASE dc=intermodalcartage,dc=com
>> >> HOST localhost
>> >> --
>> >> [root@bartlap share]# ls -last /var/lib/ldap/
>> >> total 156
>> >>  8 drwx------   2 ldap ldap  4096 Mar 31 16:49 .
>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 alias.dbb
>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 cn.dbb
>> >> 20 -rw-------   1 ldap ldap 16384 Mar 31 16:49 dn2id.dbb
>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 givenName.dbb
>> >> 36 -rw-------   1 ldap ldap 32768 Mar 31 16:49 id2entry.dbb
>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 mailEnabled.dbb
>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 nextid.dbb
>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 sn.dbb
>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 uid.dbb
>> >>  8 drwxr-xr-x  22 root root  4096 Mar 31 15:36 ..
>> >> --
>> >
>> > Does a 'telnet localhost 389' give you a connection?
>> >
>> > Do you have iptables runing?
>> >
>> > Sam
>> >
>>
>> yes i can telnet to 389 although i dont know any ldap commands so i
> cant
>> get any output back from it, I just get the Escape character is ^]
> message
>> and i can type garbage in there until it disconnects me with no
> output.
>>
>> iptables is not running.
>>
>
> So just try this:
> ldapsearch -LLL -x -b 'dc=intermodalcartage,dc=com' -H ldap://localhost
>
> Sam
>
Ive tried pretty much all -H options -H bartlap -H
bartlap.intermodalcartage.com etc...
Ive also tried slapd -h option as suggested in some forums with no luck

ldapsearch -LLL -x -b 'dc=intermodalcartage,dc=com' -H ldap://localhost
ldap_bind: Can't contact LDAP server (-1)