[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP Server listener issue

To: "'openldap-software@OpenLDAP.org'" <openldap-software@OpenLDAP.org>
Subject: LDAP Server listener issue
From: Yet Chang <ychang@rci.rogers.com>
Date: Fri, 19 Apr 2002 11:59:10 -0400
Importance: low

Much appreciated if someone may give us some advice on
this ldap listener problem ! 

(This is an update from yesterday email entitled "slapd listener/bind
error",
we apparently solve the slapd stopped problem - due to running slapd twice
)

We've a ldap client and server machines connected direclty
with hub with openldap 2.0 & Redhat linux 7.x installed.
Both machine can ping & telnet to each other. Our problem is 
that the ldap clinent can't perform and lapdsearch/ldapadd 
towards the Server machine. The error message says "ldap_bind error :
can't connect to server". The following is the trace
results :

We did the trace with both "slapd -d " and ethereal,
we see the "slap -d" command genetates the following 
messages :

>daemon : init : listen on ldap :///
>daemon : init : 1 listeners to open
>ldap_url_parse_ext( ldap :///)
>daemon : socket() failed errno=97 (Address family not supported by
protocol)
>daemon : initialized ldap:///
>daemon_init : 1 listeners opened
>slapd init : initiated server
>slap_sasl_iniot : initialize

For ethereal monitor, when we type :"lapdsearch..." in Client machine,
the Server machine's ethereal shows the following trace :

	Source Address  Destination Adddress    Scr Port   Dest port

>TCP  192.168.1.3		192.168.1.2			1124
389

>ICMP 192.168.1.2		192.168.1.3	 (Type : 3 destination
unreachable, 
	`					  Code : 3 Port Unreachable
) 		


Performing a "netstat -a" yields :

proto		rec-q	send-q	local adr	foreign adr
state
tcp 		0 	0 		*:ldap  	*:*
listen
tcp		0	0		*:telnet	*:*
listen


Our etc/services file does have "ldap 389/tcp" and "ldap 389/udp" defined. 

Is the slapd listening on port 389 ? If so, why the ICMP packets is
generated by the Server in response to a ldap client's "lapsearch" ?


(By the way, we can use the "ldapsearch" or "ldapadd" on the server 
machine to do ldap operations via loopback address 127.0.0.1. AS we turn on 
debug by "slapd -d", we see a lot of trace when we perform such localhost
query.
However, when remote client performs "ldapsearch", no trace is produced by
the server's slapd - this sounds like the slapd is not receiving the query.
) 

Thanks.

regards,

Yet Chang

Follow-Ups:
- real life email with ldap.
  - From: Adam Grochowski <adam.grochowski@mail.tju.edu>

Prev by Date: RE: openldap + DIGEST-MD5 + PAM
Next by Date: Re: Samba+LDAP - must change password flag doesn't reset
Index(es):
- Chronological
- Thread