[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind: Can't contact LDAP server (-1)

To: Bart McFarling <bartm@imcg.com>
Subject: Re: ldap_bind: Can't contact LDAP server (-1)
From: Samuel Tran <stran@amnh.org>
Date: Fri, 01 Apr 2005 10:07:12 -0500
Cc: openldap <openldap-software@OpenLDAP.org>
In-reply-to: <1112366342.20038.131.camel@memis05.imcg.com>
References: <1112366342.20038.131.camel@memis05.imcg.com>

On Fri, 2005-04-01 at 09:39, Bart McFarling wrote:
> RPM install on Fedora Core 3
> Trying to get Open-xchange up and running.
> I get the following error message:
> ldap_bind: Can't contact LDAP server (-1)
> 
> slapd -d99 or -d whatever doesnt have error errno in it anywhere in it's
> output.
> any ldap* command gives this. Im sure its something small that im
> missing.
> Im not an openldap guru- this makes about the 5th time ive tried to get
> an
> openldap server up and running unsucessfully.
> 
> Any help is appreciated.
> 
> maybe my problem is is that im installing using spanish instructions
> and i dont speak 3 words of spanish :)
> 
> below are what i believe to be my relevant files ive messed with.
> 
> [root@bartlap share]# ldapsearch -x -b 'dc=intermodalcartage,dc=com'
> '(objectclass=*)'
> ldap_bind: Can't contact LDAP server (-1)
> 
> [root@bartlap share]# ps -eaf | egrep "slap|ldap"
> ldap     16435     1  0 17:27 ?        00:00:00 /usr/sbin/slapd -u ldap
> -h
> ldap:///
> root     16441  3281  0 17:27 pts/1    00:00:00 egrep slap|ldap
> --
> [root@bartlap share]# nmap localhost
> 
> Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-03-31 17:28
> CST
> Interesting ports on localhost.localdomain (127.0.0.1):
> (The 1650 ports scanned but not shown below are in state: closed)
> PORT     STATE SERVICE
> 22/tcp   open  ssh
> 25/tcp   open  smtp
> 80/tcp   open  http
> 110/tcp  open  pop3
> 111/tcp  open  rpcbind
> 143/tcp  open  imap
> 389/tcp  open  ldap
> --
> [root@bartlap share]# cat /etc/hosts.allow
> #
> # hosts.allow   This file describes the names of the hosts which are
> #               allowed to use the local INET services, as decided
> #               by the '/usr/sbin/tcpd' server.
> #
> ALL:127.0.0.1
> slapd = 127.0.0.1
> --
> [root@bartlap share]# cat /etc/openldap/slapd.conf
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> 
> # Allow LDAPv2 client connections.  This is NOT the default.
> allow bind_v2
> 
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral       ldap://root.openldap.org
> 
> pidfile         /var/run/slapd.pid
> argsfile        /var/run/slapd.args
> 
> # Load dynamic backend modules:
> # modulepath    /usr/sbin/openldap
> # moduleload    back_bdb.la
> # moduleload    back_ldap.la
> # moduleload    back_ldbm.la
> # moduleload    back_passwd.la
> # moduleload    back_shell.la
> 
> # The next three lines allow use of TLS for encrypting connections using
> a
> # dummy test certificate which you can generate by changing to
> # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions
> on
> # slapd.pem so that the ldap user or group can read it.  Your client
> software
> # may balk at self-signed certificates, however.
> # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
> # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> 
> # Sample security restrictions
> #       Require integrity protection (prevent hijacking)
> #       Require 112-bit (3DES or better) encryption for updates
> #       Require 63-bit encryption for simple bind
> # security ssf=1 update_ssf=112 simple_bind=64
> 
> # Sample access control policy:
> #       Root DSE: allow anyone to read it
> #       Subschema (sub)entry DSE: allow anyone to read it
> #       Other DSEs:
> #               Allow self write access
> #               Allow authenticated users read access
> #               Allow anonymous users to authenticate
> #       Directives needed to implement policy:
> # access to dn.base="" by * read
> # access to dn.base="cn=Subschema" by * read
> # access to *
> #       by self write
> #       by users read
> #       by anonymous auth
> #
> # if no access controls are present, the default policy
> # allows anyone and everyone to read anything but restricts
> # updates to rootdn.  (e.g., "access to * by * read")
> #
> # rootdn can always read and write EVERYTHING!
> 
> #######################################################################
> # ldbm and/or bdb database definitions
> #######################################################################
> 
> database        ldbm
> #suffix         "dc=my-domain,dc=com"
> #rootdn         "cn=Manager,dc=my-domain,dc=com"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> # rootpw                secret
> # rootpw                {crypt}ijFYNcSNctBYg
> 
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory       /var/lib/ldap
> 
> # Indices to maintain for this database
> #index objectClass                       eq,pres
> #index ou,cn,mail,surname,givenname      eq,pres,sub
> #index uidNumber,gidNumber,loginShell    eq,pres
> #index uid,memberUid                     eq,pres,sub
> #index nisMapName,nisMapEntry            eq,pres,sub
> 
> # Replicas of this database
> #replogfile /var/lib/ldap/openldap-master-replog
> #replica host=ldap-1.example.com:389 starttls=critical
> #     bindmethod=sasl saslmech=GSSAPI
> #     authcId=host/ldap-master.example.com@EXAMPLE.COM
> include /usr/local/ox/share/openxchange.schema
> 
> suffix "dc=intermodalcartage,dc=com"
> rootdn "cn=Manager,dc=intermodalcartage,dc=com"
> rootpw secret
> 
> index
> uid,mailEnabled,cn,sn,givenname,lnetMailAccess,alias,loginDestination
> eq,sub
> ---
> [root@bartlap share]# cat /etc/openldap/ldap.conf
> #
> # LDAP Defaults
> #
> 
> # See ldap.conf(5) for details
> # This file should be world readable but not world writable.
> 
> #BASE   dc=example, dc=com
> #URI    ldap://localhost
> 
> #SIZELIMIT      12
> #TIMELIMIT      15
> #DEREF          never
> BASE dc=intermodalcartage,dc=com
> HOST localhost
> --
> [root@bartlap share]# ls -last /var/lib/ldap/
> total 156
>  8 drwx------   2 ldap ldap  4096 Mar 31 16:49 .
> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 alias.dbb
> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 cn.dbb
> 20 -rw-------   1 ldap ldap 16384 Mar 31 16:49 dn2id.dbb
> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 givenName.dbb
> 36 -rw-------   1 ldap ldap 32768 Mar 31 16:49 id2entry.dbb
> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 mailEnabled.dbb
> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 nextid.dbb
> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 sn.dbb
> 12 -rw-------   1 ldap ldap  8192 Mar 31 16:49 uid.dbb
>  8 drwxr-xr-x  22 root root  4096 Mar 31 15:36 ..
> --

Does a 'telnet localhost 389' give you a connection?

Do you have iptables runing?

Sam

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: ldap_bind: Can't contact LDAP server (-1)
  - From: "Bart McFarling" <bartm@imcg.com>

References:
- ldap_bind: Can't contact LDAP server (-1)
  - From: Bart McFarling <bartm@imcg.com>

Prev by Date: Re: OpenLDAP make errors on Mac OS X 10.2
Next by Date: Re: ldap_bind: Can't contact LDAP server (-1)
Index(es):
- Chronological
- Thread