Re: Client reports "Can't Contact LDAP server"

[Jim C <jcllings@tsunamicomm.net>]

You know I would like to try and apply this idea to my problems but I 
keep getting failed dependencies from the rpms.
I know what your thinking and that is that I should try compileing my 
own BUT... theoretically if I cannot get the
rpms to install it indicates that I am missing something.  In this case 
some kind of crypto library (i.e. libcrypto.so.2 and also 
libcap.so.0.6.2).  I've searched
the rpm database for my distro and there is no such file for my distro.

The only other decent packet sniffer I've found so far is something 
called karpski and it is usually a race to see if
I can get a good sample of the stuff being traded over the network 
before it crashes.

Tony Earnshaw wrote:

> søn, 2002-08-25 kl. 15:18 skrev Stephen Torri:
>
> > On Sat, 2002-08-24 at 23:09, Kurt D. Zeilenga wrote:
> >
> > > You might try enabling some debugging output...
> > > Most likely the problem is TLS certificate related.
> > > And likely unrelated to Kerberos.
>
> If, as Kurt has pointed out, this is a certificate-related problem
> (which in my own experience mostly similar problems are), the you won't
> yet have enough knowledge to know what the slapd debugging output means.
> The best choice for this is '-d 5', but all you'll see is that there is
> no ldapbind, not why.
>
> To see exactly what is going on, you can best compile, run and learn
> Ethereal: This is a packet sniffer, with which you can see the exact
> content of each packet exchanged, both with and without ecncryption.
> Though again, you'd have to know what to expect of the contents of an IP
> packet.
>
> The best thing you can do is to make sure that your signed
> certificate(s) is/are declared in both slapd.conf (man slapd.conf) and
> ldap.conf (man ldap.conf) are readable by whichever user is running
> ldapsearch.
>
> See Peter A. Savitch's posting of 10th August last for a complete HOWTO
> on this last point.
>
> Best,
>
> Tony