[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)



If you haven't done so already, you should verify that:
        s_client -> s_server
works, then if
        s_client -> slapd(8)
works.  In both cases, be sure to use appropriate s_client
flags to enable server certificate verification.  (If you
have questions about how to use s_client or s_server, see
the OpenSSL docs, use OpenSSL support lists.)  And then,
if you still have problems, I suggest you enable both client
and server side debugging, rerun your simple authentication
(or just anonymous) bind, and then examine the output for hints.

And you might try 2.2.13 as, IIRC, some of ldapsearch(1)'s
error reporting was improved (though I don't recall if it
would make a difference here).

Kurt

At 01:00 AM 11/27/2005, Amir Saad wrote:
>i use  Fedora 4 , Heimdal Kerberos , Cyrus-SASL 2.1.19 , OpenSSL , OpenLdap 2.3.11
> 
>i want to use SSL with Ldap but i got the following errors:
>**********************************************************************
>ldapsearch -H ldaps://localhost/ -b cn=BA,dc=demo,dc=mydomain,dc=org
>ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
> 
>*also i tried the following: (Simple Auth)
>
>ldapsearch -H ldaps://localhost/ -b cn=BA,dc=demo,dc=mydomain,dc=org -x
>ldap_bind: Can't contact LDAP server (-1)
>**********************************************************************
> 
>the slapd is started using:
>    /usr/local/libexec/slapd   -u root -f /usr/local/etc/openldap/slapd.conf -h "ldap:/// ldaps:///"
> 
>i tried to connect to ldap instead of ldaps and it worked but i need to use TLS/SSL .
> 
>here is nmap localhost:
>***********************************************************************************************
>PORT     STATE SERVICE
>22/tcp   open  ssh
>25/tcp   open  smtp
>80/tcp   open  http
>88/tcp   open  kerberos-sec
>111/tcp  open  rpcbind
>389/tcp  open  ldap
>543/tcp  open  klogin
>631/tcp  open  ipp
>636/tcp  open  ldapssl
>749/tcp  open  kerberos-adm
>750/tcp  open  kerberos
>838/tcp  open  unknown
>913/tcp  open  unknown
>923/tcp  open  unknown
>2049/tcp open  nfs
>***********************************************************************************************
> 
>i added the following two directives to the slapd.conf:
>TLSCertificateFile /0/CA/newcert.pem
>TLSCertificateKeyFile /0/CA/newcert.pem
>
>i added the following directives to the /etc/openldap/ldap.conf:
>TLS_CACERTDIR /etc/openldap/cacerts
>TLS_CACERT /etc/openldap/newcert.pem
>TLS_REQCERT allow
>
>i hope u can help!
>thanks for ur time!
>
>Amir Saad
>Software Engineer
>
>