[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_bind: Can't contact LDAP server (-1)

Greetings,

Any pointers about this question will be greatly appreciated. Thanks
in advanced.
I've searched all over and tried all suggestions I found so far without success.

I've setup a VMWare virtual machine. It's CentOS 5.4 with a static ip
address --HostOnly.
My initial setup was with default, no TLS. This worked cleanly. I
could login with a configured LDAP account.
Then I configured TLS and I cannot login with any regular user
account, be it LDAP account or local user account. I can only login as
root.

The /var/log/messages says:

Jul  2 17:55:53 ldapServer xfs: nss_ldap: failed to bind to LDAP
server ldaps://192.168.150.133/: Can't contact LDAP server
Jul  2 17:55:53 ldapServer xfs: nss_ldap: could not search LDAP server
- Server is unavailable

A QUICK TEST AT THE CLI SAYS:

[root@ldapServer]# ldapsearch -x
ldap_bind: Can't contact LDAP server (-1)

[root@ldapServer]# slapindex
bdb_db_open: database already in use
backend_startup_one: bi_db_open failed! (-1)
slap_startup failed

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
I DID A SERVICE AND CONFIGURATION CHECK

[root@ldapServer]# chkconfig --list | grep ldap
ldap            0:off   1:off   2:off   3:on    4:off   5:on    6:off

[root@ldapServer]# /etc/init.d/ldap stop
Stopping slapd:                                           [  OK  ]

[root@ldapServer openldap]# /etc/init.d/ldap start
Checking configuration files for slapd:  config file testing succeeded
                                                                 [  OK  ]
Starting slapd:                                            [  OK  ]


[root@ldapServerp]# /usr/sbin/slaptest -v -f /etc/openldap/slapd.conf -u
config file testing succeeded

[root@ldapServer]#  service ldap configtest
Checking configuration files for slapd:  config file testing succeeded
                                                           [  OK  ]

THE SERVICE IS RUNNING

[root@ldapServer]# ps -ef | grep ldap
ldap      7027     1  0 17:12 ?        00:00:00 /usr/sbin/slapd -h
ldaps:/// -u ldap

THE REQUIRED PORT 636 IS LISTENING.

[root@ldapServer]# fuser -n tcp  636
636/tcp:              7027

[root@ldapServer ~]# telnet localhost 636
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
Connection closed by foreign host.

[root@ldapServer ~]# netstat -a | grep ldap
tcp        0      0 *:ldaps                     *:*
     LISTEN
tcp        0      0 *:ldaps                     *:*
     LISTEN


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
THE CONFIG FILES

[root@ldapServer]# cat /etc/openldap/ldap.conf
HOST 127.0.0.1
BASE dc=ldapServer,dc=lan
URI ldap://127.0.0.1/
TLS_CACERTDIR /etc/openldap/cacerts

[root@ldapServer]# cat /etc/openldap/slapd.conf
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

allow bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

TLSCACertificateFile    /etc/openldap/cacerts/server.pem
TLSCertificateFile      /etc/openldap/cacerts/server.pem
TLSCertificateKeyFile   /etc/openldap/cacerts/server.pem


database        bdb
suffix          "dc=ldapServer,dc=lan"
rootdn          "cn=Manager,dc=ldapServer,dc=lan"
rootpw                  xxxxxxxxxxxxxxxxxxxxxxxx

directory       /var/lib/ldap
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

~af