Detlev Habicht wrote: > Hello, > > i need a simple, plain LDAP bind for authentication for a host, > which is not part of my IPA domain. > > Something like this is working in the domain: > > ldapsearch -vx -H ldaps://xxx.yyy.intern -b "cn=accounts,dc=yyy,dc=intern" > > My problem is, it is only working with the hostname xxx.yyy.intern which > is part of my domain yyy.intern. But outside of the domain i have to > use the IP address or something like xxx.yyy.zzz.de > <http://xxx.yyy.zzz.de> . > > But than i have this error message: > > ldap_initialize( ldaps://xxx.yyy.zzz.de:636/??base ) > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > > Any idea what i can do? > > Thank you! > > Detlev > > P.S.: I have the same problem in the domain, when i am not using > xxx.yyy.intern. IP address for example is also not working.
I'd slap a -d 255 onto that command. It will give you a lot more information on what is going on. It could be rejecting the request because the requested name (IP address) doesn't match anything in the cert. The 389-ds access log will also confirm whether you are making a connection or not (to rule out firewall, etc). Note that this log is buffered so you need to be patient, tail -f won't show connections immediately. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project