[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

To: Clément OUDOT <clement.oudot@savoirfairelinux.com>
Subject: Re: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Mon, 14 Sep 2015 12:43:03 +0100
Cc: "Varadi, Louis - 0442 - MITLL" <Louis.Varadi@ll.mit.edu>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <55F2D1F4.5020107@savoirfairelinux.com>
References: <B82E55EE6E327347B210FCEAE0E547020E9E3E75@LLE2K10-MBX02.mitll.ad.local> <55F263A6.9050500@savoirfairelinux.com> <B82E55EE6E327347B210FCEAE0E547020E9E3F0F@LLE2K10-MBX02.mitll.ad.local> <55F2D1F4.5020107@savoirfairelinux.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On Fri, Sep 11, 2015 at 03:07:00PM +0200, Clément OUDOT wrote:

> Le 11/09/2015 14:54, Varadi, Louis - 0442 - MITLL a écrit :

>     slapd: [INFO] Listening to services ldap://*:389 ldaps://*:636

>     I ran the command tail –f /var/log/openldap.log

> Maybe you are using the ldapsearch command from the distro, which may not work
> with LTB package. Try /usr/local/openldap/bin/ldapsearch
> 
> Check also your selinux configuration and your iptables.

It is worth trying ldapsearch with the debug option to see where
it is trying to connect:

	ldapsearch -x -d 1

The first few lines of output should look something like this:

ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.example.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 2001:479:1f45:20::201 389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request

Using the same command on a machine that does not have an LDAP server
configured looks like this:

ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect: 
connect errno: 111
ldap_close_socket: 3
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect: 
connect errno: 111
ldap_close_socket: 3
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Look particularly at the ldap_connect_to_host: lines.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
  - From: "Varadi, Louis - 0442 - MITLL" <Louis.Varadi@ll.mit.edu>
- Re: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
  - From: Clément OUDOT <clement.oudot@savoirfairelinux.com>
- RE: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
  - From: "Varadi, Louis - 0442 - MITLL" <Louis.Varadi@ll.mit.edu>
- Re: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
  - From: Clément OUDOT <clement.oudot@savoirfairelinux.com>

Prev by Date: Re: uniqueness unique_uri specification help
Next by Date: Re: ldapmodrdn accented characters with windows client
Index(es):
- Chronological
- Thread