--- On Wed, 8/9/10, Marc Patermann <[email protected]> wrote:
> From: Marc Patermann <[email protected]> > Subject: Re: cannot bind to ldap other user as root > To: "Sandor Szalina" <[email protected]> > Cc: [email protected] > Date: Wednesday, 8 September, 2010, 13:36 > Sandor, > > Sandor Szalina schrieb am 08.09.2010 12:16 Uhr: > > > I have installed the openldap 2.2.13 with rpm on Red > Hat Enterprise > > Linux ES release 4 (Nahant Update 8) I have set the > TLS setting too. > Man, 2.2.13 is ancient: > http://www.openldap.org/lists/openldap-announce/200406/msg00002.html > You really should try a /newer/ release. > > > With the user root I can start the ldapsearch and I > receive the > > result successfully, the ldap client can connect to > the ldap server. > > However if I login with another user I receive > the following > > message: ldap_bind: Can't contact LDAP server (-1) > > > > What can be the problem? Thanks for the help in > advance, > You did not provide any details > - on how to uses ldapsearch and > - about the server and client side config > > > Marc > Hi! Thanks for your mail. Here is the information: The running slapd process is: ldap 21697 1 0 07:14 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldaps://*:8108 -f /etc/openldap/slapd.conf The slapd.conf is: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/local.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /etc/openldap/cacerts/cacert.pem TLSCertificateFile /etc/openldap/servercrt.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem database bdb suffix "dc=test" rootdn "cn=Admin,dc=test" rootpw mypasswd directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub The port 8108 is opened in the firewall. On the client side there is .ldaprc in the home directory with the following content: TLS_REQCERT allow I am running the following ldapsearch command from the same machine: ldapsearch -H ldaps://localhost:8108 -x -D "cn=Admin,dc=test" -W -b "dc=test" -s sub "objectclass=*" as root I receive the content and at the end: # search result search: 2 result: 0 Success # numResponses: 7 # numEntries: 6 If I am login with another user eg. testuser and I start the same ldapsearch I receive ldap_bind: Can't contact LDAP server (-1) bye Sandor
