[Date Prev][Date Next] [Chronological] [Thread] [Top]

could not hard reconnect to LDAP server - Server is unavailable



"As it quite unlikely that issues raised in your message could not be
discussed without talking about the particulars of nss_ldap, your
message is more appropriately directed to the openldap-technical list."

So, take two. :)  Starting openldap takes about five minutes to come up due to all the timeouts indicated in /var/log/messages. I've been googling without success, and openldap-software is not the appropriate venue for discussion of my problem. Hopefully this is, since I'm running out of options on where to look. 

Thank you for any assistance, or pointers toward the right direction.

Gar
-------- Original Message --------
Subject: could not hard reconnect to LDAP server - Server is unavailable
Date: Fri, 30 May 2008 15:17:32 -0600
From: Gar Nelson <gar.nelson@noaa.gov>
Organization: National Weather Service
To: openldap-software@openldap.org


I'm currently using openldap-2.2.13-8.el4_6.4 on RHEL 4 and for the most 
part, it appears to be working.  I can use ldap to log in on another 
machine, and on a different workstation, the Apache directory browser 
connects and browses (and edits) just fine.

However, when watching /var/log/messages, all is not calm under the 
surface. A shortened snippet of the log is as follows;

May 30 14:55:46 ggw-s-bdc runuser: nss_ldap: failed to bind to LDAP 
server ldap://127.0.0.1/: Can't contact LDAP server
May 30 14:55:46 ggw-s-bdc runuser: nss_ldap: reconnecting to LDAP server...
May 30 14:55:46 ggw-s-bdc runuser: nss_ldap: failed to bind to LDAP 
server ldap://127.0.0.1/: Can't contact LDAP server
May 30 14:55:46 ggw-s-bdc runuser: nss_ldap: reconnecting to LDAP server...
[...]
May 30 14:57:46 ggw-s-bdc runuser: nss_ldap: could not hard reconnect to 
LDAP server - Server is unavailable
May 30 14:57:46 ggw-s-bdc slaptest: sql_select option missing
May 30 14:57:46 ggw-s-bdc slaptest: auxpropfunc error no mechanism available
May 30 14:57:46 ggw-s-bdc runuser: config file testing succeeded
May 30 14:57:46 ggw-s-bdc ldap: Checking configuration files for slapd:  
succeeded
May 30 14:57:46 ggw-s-bdc slapd[16932]: nss_ldap: failed to bind to LDAP 
server ldap://127.0.0.1/: Can't contact LDAP server
May 30 14:57:46 ggw-s-bdc slapd[16932]: nss_ldap: reconnecting to LDAP 
server...
May 30 14:57:46 ggw-s-bdc slapd[16932]: nss_ldap: failed to bind to LDAP 
server ldap://127.0.0.1/: Can't contact LDAP server
May 30 14:57:46 ggw-s-bdc slapd[16932]: nss_ldap: reconnecting to LDAP 
server...
[...]
May 30 14:59:46 ggw-s-bdc slapd[16932]: nss_ldap: could not hard 
reconnect to LDAP server - Server is unavailable
May 30 14:59:46 ggw-s-bdc slapd[16932]: sql_select option missing
May 30 14:59:46 ggw-s-bdc slapd[16932]: auxpropfunc error no mechanism 
available
May 30 14:59:46 ggw-s-bdc ldap: slapd startup succeeded

It takes around five minutes for ldap to come up waiting for all the 
bind timeouts.

I've tried googling without success, I've tried changing from host to 
uri, and from the local 127 address to the machine's outside IP without 
success.

SELinux is disabled.  IPTables is not running. nmap localhost reports 
port 389 is open, along with an nmap to it's outside ip address. I'm at 
a loss as to how to get "nss-ldap" to bind.

ldap.conf is as follows;
# @(#)$Id: ldap.conf,v 1.34 2004/09/16 23:32:02 lukeh Exp $
#
# PADL Software
# http://www.padl.com
#

debug 256
logdir /var/log/ldap.log

#host 127.0.0.1
base dc=ggw,dc=nws,dc=noaa
uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator

binddn cn=Manager,dc=ggw,dc=nws,dc=noaa
bindpw [correct ldap password]

port 389

timelimit 50
bind_timelimit 50
bind_policy hard
idle_timelimit 3600

pam_password exop

nss_base_passwd         ou=People,dc=ggw,dc=nws,dc=noaa?one
nss_base_passwd         ou=Computers,dc=ggw,dc=nws,dc=noaa?one
nss_base_shadow         ou=People,dc=ggw,dc=nws,dc=noaa?one
nss_base_group          ou=Groups,dc=ggw,dc=nws,dc=noaa?one
#nss_base_hosts         ou=Hosts,dc=ggw,dc=nws,dc=noaa?one
#nss_base_services      ou=Services,dc=ggw,dc=nws,dc=noaa?one
#nss_base_networks      ou=Networks,dc=ggw,dc=nws,dc=noaa?one
#nss_base_protocols     ou=Protocols,dc=ggw,dc=nws,dc=noaa?one
#nss_base_rpc           ou=Rpc,dc=ggw,dc=nws,dc=noaa?one
#nss_base_ethers        ou=Ethers,dc=ggw,dc=nws,dc=noaa?one
#nss_base_netmasks      ou=Networks,dc=ggw,dc=nws,dc=noaa?one
#nss_base_bootparams    ou=Ethers,dc=ggw,dc=nws,dc=noaa?one
#nss_base_aliases       ou=Aliases,dc=ggw,dc=nws,dc=noaa?one
#nss_base_netgroup      ou=Netgroup,dc=ggw,dc=nws,dc=noaa?one

ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5



begin:vcard
fn:Gar Nelson
n:Nelson;Gar
org:;WFO Glasgow Montana
adr;dom:;;101 Airport Rd;Glasgow;Mt;59230
title:GGW ITO
tel;work:406-228-2850
tel;fax:406-228-9627
url:http://www.weather.gov/ggw
version:2.1
end:vcard