[Date Prev][Date Next]
Re: Client says Can't contact LDAP server, but it can!
Sean Burford wrote:
On Mon, Jul 21, 2008 at 8:30 AM, John Oliver<firstname.lastname@example.org> wrote:
What can I do to troubleshoot this? OpenLDAP client says
ldap_simple_bind Can't contact LDAP server but it can resolve the name,
ping the server, connect to port 636... and I have no details as to why
it thinks it cannot contact the server. Many other clients authenticate
to the same server, and I'm using the same ldap.conf, nsswitch.conf, and
Apart from seeing configurations and command lines, I have found the
full output of the openssl client to be useful for diagnosing my own
echo | openssl s_client -debug -showcerts -connect SERVER:636 2>&1 |
The openssl client connects to the server and negotiates SSL. Along
the way it verifies the certificate path. If it encounters an error,
it usually gives a useful error message.
Just use -d1 on ldapsearch and you'll get the OpenSSL diagnostic messages.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/