[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Ldap Connection Issue

All,

 

I resolved my own issue.  It’s amazing what you come up with when you walk away for a few.  I had created a link between /etc/openldap and the /usr/local/openldap/etc/openldap.  When I discovered that someone at some point before I got here had downloaded every CentOS/RedHat LDAP rpm to this machine, I cleaned it up to where only the 2.4.38 rpm remained.  Well, it removed my link which I had created, which was causing the errors below.

 

 

 

From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Borresen, John - 0442 - MITLL
Sent: Friday, January 24, 2014 2:45 PM
To: openldap-technical@openldap.org
Subject: Ldap Connection Issue

 

All,

 

Very similar issue that Warron was/is having. 

 

Server1: # ldapsearch -W -x -ZZ -b cn=config -v -D cn=admin,cn=config

Server1: # ldapsearch -W -x -ZZ -H ldap://server2.example.ldap -b cn=config -v -D cn=admin,cn=config

 

These commands work (they returns the dbase as expect & desired), both servers are clients to themselves and the other server (using self-signed wildcard certificates)

Both ldap.confs are identical, the one on server1 was used on server2.  The URI directive looks like:

 

uri ldap://server1.example.ldap ldap://server1.<FQDN> ldap://server2.example.ldap ldap://server2.<FQDN>

 

Server2:

a)      # ldapsearch -W -x -ZZ -b cn=config -v -D cn=admin,cn=config

      Fails with:

      ldap_initialize( <DEFAULT> )

             ldap_start_tls: Connect error (-11)

 

b)      # ldapsearch -W -x -ZZ -H ldap://server2.example.ldap -b cn=config -v -D cn=admin,cn=config

ldap_initialize( ldap://server2.example.ldap:389/??base )

ldap_start_tls: Connect error (-11)

 

c)       # ldapsearch -W -x -ZZ -h ldap://server1.example.ldap -b cn=config -v -D cn=admin,cn=config

d)      ldap_initialize( ldap://ldap:%2F%2Fserver1.example.ldap)

e)      Could not create LDAP session handle for URI=ldap://ldap:%2F%2Fgp42-admin4.llan.ll.mit.edu (-9): Bad parameter to an ldap routine

 

There is one other client that like server1 can search the dbase(s) on both servers (it too is a client of both servers).

 

Any ideas at what to look for?

 

thanks in advance

 

 

John D. Borresen (Dave)

Linux/Unix Systems Administrator

MIT  Lincoln Laboratory

Surveillance Systems Group

244 Wood St

Lexington, MA  02420

Ph: (781) 981-1609

Email: john.borresen@ll.mit.edu