[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client says Can't contact LDAP server, but it can!

To: "John Oliver" <joliver@john-oliver.net>
Subject: Re: Client says Can't contact LDAP server, but it can!
From: "Sean Burford" <unix.gurus@gmail.com>
Date: Wed, 23 Jul 2008 20:46:57 -0700
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <20080721153002.GA12884@ns.sdsitehosting.net>
References: <20080721153002.GA12884@ns.sdsitehosting.net>

On Mon, Jul 21, 2008 at 8:30 AM, John Oliver <joliver@john-oliver.net> wrote:
> What can I do to troubleshoot this?  OpenLDAP client says
> ldap_simple_bind Can't contact LDAP server but it can resolve the name,
> ping the server, connect to port 636... and I have no details as to why
> it thinks it cannot contact the server.  Many other clients authenticate
> to the same server, and I'm using the same ldap.conf, nsswitch.conf, and
> pam.d/system-auth files.

Apart from seeing configurations and command lines, I have found the
full output of the openssl client to be useful for diagnosing my own
ldaps issues:
echo | openssl s_client -debug -showcerts -connect SERVER:636 2>&1 |
tee /tmp/ssl.log

The openssl client connects to the server and negotiates SSL.  Along
the way it verifies the certificate path.  If it encounters an error,
it usually gives a useful error message.

-- 
Thanks,
Sean Burford

Follow-Ups:
- Re: Client says Can't contact LDAP server, but it can!
  - From: Howard Chu <hyc@symas.com>

References:
- Client says Can't contact LDAP server, but it can!
  - From: John Oliver <joliver@john-oliver.net>

Prev by Date: Re: Single master/multislave and passwords
Next by Date: Setting up syncrepl, replicated LDAP doesn't work
Index(es):
- Chronological
- Thread