(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Common Errors : (Answer) ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Using SASL, when a client contacts LDAP server, the slapd service dies immediately and client gets an error :
SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Then check the slapd service, it stoped.
This may come from incompatible of using different versions of BerkeleyDB for installing of SASL and installing of OpenLDAP. The problem arises in case of using multiple version of BerkeleyDB. Solution: - Check which version of BerkeleyDB when install Cyrus SASL. - Reinstall OpenLDAP with the version of BerkeleyDB above.
It was my case and that was the solution I did and it worked :) Hope this gives you some information.
-- Le Trung Kien
Another possible reason for this error (took me a lot of time): when establishing an SSL/TLS-connection, the client has to verify the certificate. When ldap.conf contains e.g. "TLS_CACERTDIR /etc/ssl/certs", the client will scan all certificates in /etc/ssl/certs for one matching the provided server certificate.
In my /etc/ssl/certs there have been "real certificate files" and a lot of symbolic links to certificate files. One of these links has been broken, i.e. the references file did not exist.
When the clients finds this broken link it aborts the search for a matching certificate with an error!
So when a matching certificate is found BEFORE the broken link, everything is ok. But if the broken link is found before a matching certificate, you will get this error.
Another possible reason for this error, is not having proper permissions on /etc/resolv.conf file (read by slapd user), not allowing slapd to do a proper name resolution for the connection.

This happens also if You don't have enough rights e.g. by using `ldapmodify` as normal user.
shailu
[Append to This Answer]
aloneattack@gmail.com, openldap@kapott.org, daniel.almeida@ist.utl.pt, co@zzeroo.com, shailendra.chauhan@innverse.com
Previous: (Answer) ldap_*: Internal (implementation specific) error (80) - additional info: entry index delete failed
Next: (Answer) New Item
This document is: http://www.openldap.org/faq/index.cgi?file=1432
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org