[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)



 
thanks for your reply
i tried the s_server and s_client and both worked together, then i tried to connect slapd on port 636:
openssl s_client -connect localhost:636 -cert /etc/openldap/ca.crt -key /etc/openldap/ca.key
and this worked too, the s_client got response from the connection...
after this test, i think OpenSSL works fine,  LDAP works fine without SSL
now the question is, why i can't use ldaps ? 
i hope u can answer me 
thanks alot for your time....
 
Amir Saad
Junior Software Engineer

________________________________

From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Mon 11/28/2005 11:30 PM
To: Amir Saad
Cc: OpenLDAP-software@OpenLDAP.org
Subject: Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)



If you haven't done so already, you should verify that:
        s_client -> s_server
works, then if
        s_client -> slapd(8)
works.  In both cases, be sure to use appropriate s_client
flags to enable server certificate verification.  (If you
have questions about how to use s_client or s_server, see
the OpenSSL docs, use OpenSSL support lists.)  And then,
if you still have problems, I suggest you enable both client
and server side debugging, rerun your simple authentication
(or just anonymous) bind, and then examine the output for hints.

And you might try 2.2.13 as, IIRC, some of ldapsearch(1)'s
error reporting was improved (though I don't recall if it
would make a difference here).

Kurt

At 01:00 AM 11/27/2005, Amir Saad wrote:
>i use  Fedora 4 , Heimdal Kerberos , Cyrus-SASL 2.1.19 , OpenSSL , OpenLdap 2.3.11
>
>i want to use SSL with Ldap but i got the following errors:
>**********************************************************************
>ldapsearch -H ldaps://localhost/ -b cn=BA,dc=demo,dc=mydomain,dc=org
>ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
>
>*also i tried the following: (Simple Auth)
>
>ldapsearch -H ldaps://localhost/ -b cn=BA,dc=demo,dc=mydomain,dc=org -x
>ldap_bind: Can't contact LDAP server (-1)
>**********************************************************************
>
>the slapd is started using:
>    /usr/local/libexec/slapd   -u root -f /usr/local/etc/openldap/slapd.conf -h "ldap:/// ldaps:///"
>
>i tried to connect to ldap instead of ldaps and it worked but i need to use TLS/SSL .
>
>here is nmap localhost:
>***********************************************************************************************
>PORT     STATE SERVICE
>22/tcp   open  ssh
>25/tcp   open  smtp
>80/tcp   open  http
>88/tcp   open  kerberos-sec
>111/tcp  open  rpcbind
>389/tcp  open  ldap
>543/tcp  open  klogin
>631/tcp  open  ipp
>636/tcp  open  ldapssl
>749/tcp  open  kerberos-adm
>750/tcp  open  kerberos
>838/tcp  open  unknown
>913/tcp  open  unknown
>923/tcp  open  unknown
>2049/tcp open  nfs
>***********************************************************************************************
>
>i added the following two directives to the slapd.conf:
>TLSCertificateFile /0/CA/newcert.pem
>TLSCertificateKeyFile /0/CA/newcert.pem
>
>i added the following directives to the /etc/openldap/ldap.conf:
>TLS_CACERTDIR /etc/openldap/cacerts
>TLS_CACERT /etc/openldap/newcert.pem
>TLS_REQCERT allow
>
>i hope u can help!
>thanks for ur time!
>
>Amir Saad
>Software Engineer
>
>