[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind: Can't contact LDAP server (-1)



Get this it works as long as im not using the local machine???

Bart

On Fri, April 1, 2005 9:31 am, Bart McFarling said:
> On Fri, April 1, 2005 9:15 am, Samuel Tran said:
>> On Fri, 2005-04-01 at 10:10, Bart McFarling wrote:
>>> On Fri, April 1, 2005 9:07 am, Samuel Tran said:
>>> > On Fri, 2005-04-01 at 09:39, Bart McFarling wrote:
>>> >> RPM install on Fedora Core 3
>>> >> Trying to get Open-xchange up and running.
>>> >> I get the following error message:
>>> >> ldap_bind: Can't contact LDAP server (-1)
>>> >>
>>> >> slapd -d99 or -d whatever doesnt have error errno in it anywhere in
>>> > it's
>>> >> output.
>>> >> any ldap* command gives this. Im sure its something small that im
>>> >> missing.
>>> >> Im not an openldap guru- this makes about the 5th time ive tried to
>>> > get
>>> >> an
>>> >> openldap server up and running unsucessfully.
>>> >>
>>> >> Any help is appreciated.
>>> >>
>>> >> maybe my problem is is that im installing using spanish
>> instructions
>>> >> and i dont speak 3 words of spanish :)
>>> >>
>>> >> below are what i believe to be my relevant files ive messed with.
>>> >>
>>> >> [root@bartlap share]# ldapsearch -x -b
>> 'dc=intermodalcartage,dc=com'
>>> >> '(objectclass=*)'
>>> >> ldap_bind: Can't contact LDAP server (-1)
>>> >>
>>> >> [root@bartlap share]# ps -eaf | egrep "slap|ldap"
>>> >> ldap     16435     1  0 17:27 ?        00:00:00 /usr/sbin/slapd -u
>>> > ldap
>>> >> -h
>>> >> ldap:///
>>> >> root     16441  3281  0 17:27 pts/1    00:00:00 egrep slap|ldap
>>> >> --
>>> >> [root@bartlap share]# nmap localhost
>>> >>
>>> >> Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-03-31
>>> > 17:28
>>> >> CST
>>> >> Interesting ports on localhost.localdomain (127.0.0.1):
>>> >> (The 1650 ports scanned but not shown below are in state: closed)
>>> >> PORT     STATE SERVICE
>>> >> 22/tcp   open  ssh
>>> >> 25/tcp   open  smtp
>>> >> 80/tcp   open  http
>>> >> 110/tcp  open  pop3
>>> >> 111/tcp  open  rpcbind
>>> >> 143/tcp  open  imap
>>> >> 389/tcp  open  ldap
>>> >> --
>>> >> [root@bartlap share]# cat /etc/hosts.allow
>>> >> #
>>> >> # hosts.allow   This file describes the names of the hosts which
>> are
>>> >> #               allowed to use the local INET services, as decided
>>> >> #               by the '/usr/sbin/tcpd' server.
>>> >> #
>>> >> ALL:127.0.0.1
>>> >> slapd = 127.0.0.1
>>> >> --
>>> >> [root@bartlap share]# cat /etc/openldap/slapd.conf
>>> >> #
>>> >> # See slapd.conf(5) for details on configuration options.
>>> >> # This file should NOT be world readable.
>>> >> #
>>> >> include         /etc/openldap/schema/core.schema
>>> >> include         /etc/openldap/schema/cosine.schema
>>> >> include         /etc/openldap/schema/inetorgperson.schema
>>> >> include         /etc/openldap/schema/nis.schema
>>> >>
>>> >> # Allow LDAPv2 client connections.  This is NOT the default.
>>> >> allow bind_v2
>>> >>
>>> >> # Do not enable referrals until AFTER you have a working directory
>>> >> # service AND an understanding of referrals.
>>> >> #referral       ldap://root.openldap.org
>>> >>
>>> >> pidfile         /var/run/slapd.pid
>>> >> argsfile        /var/run/slapd.args
>>> >>
>>> >> # Load dynamic backend modules:
>>> >> # modulepath    /usr/sbin/openldap
>>> >> # moduleload    back_bdb.la
>>> >> # moduleload    back_ldap.la
>>> >> # moduleload    back_ldbm.la
>>> >> # moduleload    back_passwd.la
>>> >> # moduleload    back_shell.la
>>> >>
>>> >> # The next three lines allow use of TLS for encrypting connections
>>> > using
>>> >> a
>>> >> # dummy test certificate which you can generate by changing to
>>> >> # /usr/share/ssl/certs, running "make slapd.pem", and fixing
>>> > permissions
>>> >> on
>>> >> # slapd.pem so that the ldap user or group can read it.  Your
>> client
>>> >> software
>>> >> # may balk at self-signed certificates, however.
>>> >> # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
>>> >> # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
>>> >> # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
>>> >>
>>> >> # Sample security restrictions
>>> >> #       Require integrity protection (prevent hijacking)
>>> >> #       Require 112-bit (3DES or better) encryption for updates
>>> >> #       Require 63-bit encryption for simple bind
>>> >> # security ssf=1 update_ssf=112 simple_bind=64
>>> >>
>>> >> # Sample access control policy:
>>> >> #       Root DSE: allow anyone to read it
>>> >> #       Subschema (sub)entry DSE: allow anyone to read it
>>> >> #       Other DSEs:
>>> >> #               Allow self write access
>>> >> #               Allow authenticated users read access
>>> >> #               Allow anonymous users to authenticate
>>> >> #       Directives needed to implement policy:
>>> >> # access to dn.base="" by * read
>>> >> # access to dn.base="cn=Subschema" by * read
>>> >> # access to *
>>> >> #       by self write
>>> >> #       by users read
>>> >> #       by anonymous auth
>>> >> #
>>> >> # if no access controls are present, the default policy
>>> >> # allows anyone and everyone to read anything but restricts
>>> >> # updates to rootdn.  (e.g., "access to * by * read")
>>> >> #
>>> >> # rootdn can always read and write EVERYTHING!
>>> >>
>>> >>
>>> >
>> #######################################################################
>>> >> # ldbm and/or bdb database definitions
>>> >>
>>> >
>> #######################################################################
>>> >>
>>> >> database        ldbm
>>> >> #suffix         "dc=my-domain,dc=com"
>>> >> #rootdn         "cn=Manager,dc=my-domain,dc=com"
>>> >> # Cleartext passwords, especially for the rootdn, should
>>> >> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
>>> >> # Use of strong authentication encouraged.
>>> >> # rootpw                secret
>>> >> # rootpw                {crypt}ijFYNcSNctBYg
>>> >>
>>> >> # The database directory MUST exist prior to running slapd AND
>>> >> # should only be accessible by the slapd and slap tools.
>>> >> # Mode 700 recommended.
>>> >> directory       /var/lib/ldap
>>> >>
>>> >> # Indices to maintain for this database
>>> >> #index objectClass                       eq,pres
>>> >> #index ou,cn,mail,surname,givenname      eq,pres,sub
>>> >> #index uidNumber,gidNumber,loginShell    eq,pres
>>> >> #index uid,memberUid                     eq,pres,sub
>>> >> #index nisMapName,nisMapEntry            eq,pres,sub
>>> >>
>>> >> # Replicas of this database
>>> >> #replogfile /var/lib/ldap/openldap-master-replog
>>> >> #replica host=ldap-1.example.com:389 starttls=critical
>>> >> #     bindmethod=sasl saslmech=GSSAPI
>>> >> #     authcId=host/ldap-master.example.com@EXAMPLE.COM
>>> >> include /usr/local/ox/share/openxchange.schema
>>> >>
>>> >> suffix "dc=intermodalcartage,dc=com"
>>> >> rootdn "cn=Manager,dc=intermodalcartage,dc=com"
>>> >> rootpw secret
>>> >>
>>> >> index
>>> >>
>> uid,mailEnabled,cn,sn,givenname,lnetMailAccess,alias,loginDestination
>>> >> eq,sub
>>> >> ---
>>> >> [root@bartlap share]# cat /etc/openldap/ldap.conf
>>> >> #
>>> >> # LDAP Defaults
>>> >> #
>>> >>
>>> >> # See ldap.conf(5) for details
>>> >> # This file should be world readable but not world writable.
>>> >>
>>> >> #BASE   dc=example, dc=com
>>> >> #URI    ldap://localhost
>>> >>
>>> >> #SIZELIMIT      12
>>> >> #TIMELIMIT      15
>>> >> #DEREF          never
>>> >> BASE dc=intermodalcartage,dc=com
>>> >> HOST localhost
>>> >> --
>>> >> [root@bartlap share]# ls -last /var/lib/ldap/
>>> >> total 156
>>> >>  8 drwx------   2 ldap ldap  4096 Mar 31 16:49 .
>>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 alias.dbb
>>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 cn.dbb
>>> >> 20 -rw-------   1 ldap ldap 16384 Mar 31 16:49 dn2id.dbb
>>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 givenName.dbb
>>> >> 36 -rw-------   1 ldap ldap 32768 Mar 31 16:49 id2entry.dbb
>>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 mailEnabled.dbb
>>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 nextid.dbb
>>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 sn.dbb
>>> >> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 uid.dbb
>>> >>  8 drwxr-xr-x  22 root root  4096 Mar 31 15:36 ..
>>> >> --
>>> >
>>> > Does a 'telnet localhost 389' give you a connection?
>>> >
>>> > Do you have iptables runing?
>>> >
>>> > Sam
>>> >
>>>
>>> yes i can telnet to 389 although i dont know any ldap commands so i
>> cant
>>> get any output back from it, I just get the Escape character is ^]
>> message
>>> and i can type garbage in there until it disconnects me with no
>> output.
>>>
>>> iptables is not running.
>>>
>>
>> So just try this:
>> ldapsearch -LLL -x -b 'dc=intermodalcartage,dc=com' -H ldap://localhost
>>
>> Sam
>>
> Ive tried pretty much all -H options -H bartlap -H
> bartlap.intermodalcartage.com etc...
> Ive also tried slapd -h option as suggested in some forums with no luck
>
> ldapsearch -LLL -x -b 'dc=intermodalcartage,dc=com' -H ldap://localhost
> ldap_bind: Can't contact LDAP server (-1)
>
>