Re: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
On Fri, Sep 11, 2015 at 03:07:00PM +0200, Clément OUDOT wrote: > Le 11/09/2015 14:54, Varadi, Louis - 0442 - MITLL a écrit : > slapd: [INFO] Listening to services ldap://*:389 ldaps://*:636 > I ran the command tail –f /var/log/openldap.log > Maybe you are using the ldapsearch command from the distro, which may not work > with LTB package. Try /usr/local/openldap/bin/ldapsearch > > Check also your selinux configuration and your iptables. It is worth trying ldapsearch with the debug option to see where it is trying to connect: ldapsearch -x -d 1 The first few lines of output should look something like this: ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.example.com:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 2001:479:1f45:20::201 389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request Using the same command on a machine that does not have an LDAP server configured looks like this: ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 111 ldap_close_socket: 3 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 111 ldap_close_socket: 3 ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Look particularly at the ldap_connect_to_host: lines. Andrew -- --- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/+44 1628 782565 | ---
RE: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Hello, thank you for your reply. Here are the answers to your questions Yes the process is running. /etc/init.d/slapd status slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] LDAP Tool Box OpenLDAP init script version 2.1 slapd: [INFO] Process OpenLDAP is not running slapd: [INFO] Detected suffix: dc=group44,dc=ldap [root@lenldap ~]# /etc/init.d/slapd status slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] LDAP Tool Box OpenLDAP init script version 2.1 slapd: [INFO] Process OpenLDAP is running (PID 1814) slapd: [INFO] Listening to services ldap://*:389 ldaps://*:636 slapd: [INFO] Process usage: 0.1% CPU / 0.4% MEM slapd: [INFO] Detected suffix: dc=group44,dc=ldap This is the OpenLDAP process running. Sep 11 08:34:41 lenldap slapd[1826]: [INFO] Using /etc/default/slapd for configuration Sep 11 08:34:41 lenldap slapd[1831]: [INFO] LDAP Tool Box OpenLDAP init script version 2.1 Sep 11 08:34:41 lenldap slapd[1834]: [INFO] Process OpenLDAP is running (PID 1814) Sep 11 08:34:41 lenldap slapd[1835]: [INFO] Listening to services ldap://*:389 ldaps://*:636 Sep 11 08:34:41 lenldap slapd[1838]: [INFO] Process usage: 0.1% CPU / 0.4% MEM Sep 11 08:34:41 lenldap slapd[1859]: [INFO] Detected suffix: dc=group44,dc=ldap ___ I ran the command tail f /var/log/openldap.log In another terminal I ran the ldapsearch x command. I did not see any output to the openldap.log. I am still getting the Cant contact LDAP server error after the command. ldapsearch -x ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) ___ I ran the command. /etc/init.d/slapd debug In another window I ran the command ldapsearch x Again, no output to debug. Again - getting the Cant contact LDAP server error ldapsearch -x ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Thoughts? Thank you From: openldap-technical [mailto:openldap-technical-boun...@openldap.org] On Behalf Of Clément OUDOT Sent: Friday, September 11, 2015 1:16 AM To: openldap-technical@openldap.org Subject: Re: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Le 11/09/2015 00:23, Varadi, Louis - 0442 - MITLL a écrit : Hello, I am new to OpenLDAP and could please use your help. I just created a brand new install of the latest OpenLDAP server - openldap-ltb.x86_64 0:2.4.42-1.el6 on Centos 6.7 There are no entries in the bdb database as this is a new install. I am getting the error when running to following command. ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) # ldapsearch -x -d 1 -LLL ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 111 ldap_close_socket: 3 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 110 ldap_close_socket: 3 ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Any help would be greatly appreciated. I came up very short with my google searches. Could you check that the service is up wih: # /etc/init.d/slapd status You can also check logs on /var/log/openldap.log Or run OpenLDAP with logs in console : # /etc/init.d/slapd debug -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 87, rue de Turbigo - 75003 PARIS smime.p7s Description: S/MIME cryptographic signature
Re: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Le 11/09/2015 14:54, Varadi, Louis - 0442 - MITLL a écrit : Hello, thank you for your reply. Here are the answers to your questions Yes the process is running. /etc/init.d/slapd status slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] LDAP Tool Box OpenLDAP init script version 2.1 slapd: [INFO] Process OpenLDAP is not running slapd: [INFO] Detected suffix: dc=group44,dc=ldap [root@lenldap ~]# /etc/init.d/slapd status slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] LDAP Tool Box OpenLDAP init script version 2.1 slapd: [INFO] Process OpenLDAP is running (PID 1814) slapd: [INFO] Listening to services ldap://*:389 ldaps://*:636 slapd: [INFO] Process usage: 0.1% CPU / 0.4% MEM slapd: [INFO] Detected suffix: dc=group44,dc=ldap This is the OpenLDAP process running. Sep 11 08:34:41 lenldap slapd[1826]: [INFO] Using /etc/default/slapd for configuration Sep 11 08:34:41 lenldap slapd[1831]: [INFO] LDAP Tool Box OpenLDAP init script version 2.1 Sep 11 08:34:41 lenldap slapd[1834]: [INFO] Process OpenLDAP is running (PID 1814) Sep 11 08:34:41 lenldap slapd[1835]: [INFO] Listening to services ldap://*:389 ldaps://*:636 Sep 11 08:34:41 lenldap slapd[1838]: [INFO] Process usage: 0.1% CPU / 0.4% MEM Sep 11 08:34:41 lenldap slapd[1859]: [INFO] Detected suffix: dc=group44,dc=ldap ___ I ran the command tail –f /var/log/openldap.log In another terminal I ran the ldapsearch –x command. I did not see any output to the openldap.log. I am still getting the Can’t contact LDAP server error after the command. ldapsearch -x ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) ___ I ran the command. /etc/init.d/slapd debug In another window I ran the command ldapsearch –x Again, no output to debug. Again - getting the Can’t contact LDAP server error ldapsearch -x ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Thoughts? Maybe you are using the ldapsearch command from the distro, which may not work with LTB package. Try /usr/local/openldap/bin/ldapsearch Check also your selinux configuration and your iptables. -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux
OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Hello, I am new to OpenLDAP and could please use your help. I just created a brand new install of the latest OpenLDAP server - openldap-ltb.x86_64 0:2.4.42-1.el6 on Centos 6.7 There are no entries in the bdb database as this is a new install. I am getting the error when running to following command. ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) # ldapsearch -x -d 1 -LLL ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 111 ldap_close_socket: 3 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 110 ldap_close_socket: 3 ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Any help would be greatly appreciated. I came up very short with my google searches. Thank you - Lou smime.p7s Description: S/MIME cryptographic signature
Re: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Le 11/09/2015 00:23, Varadi, Louis - 0442 - MITLL a écrit : Hello, I am new to OpenLDAP and could please use your help. I just created a brand new install of the latest OpenLDAP server - openldap-ltb.x86_64 0:2.4.42-1.el6 on Centos 6.7 There are no entries in the bdb database as this is a new install. I am getting the error when running to following command. *ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)* # ldapsearch -x -d 1 -LLL ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 111 ldap_close_socket: 3 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 110 ldap_close_socket: 3 ldap_err2string *ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)* Any help would be greatly appreciated. I came up very short with my google searches. Could you check that the service is up wih: # /etc/init.d/slapd status You can also check logs on /var/log/openldap.log Or run OpenLDAP with logs in console : # /etc/init.d/slapd debug -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 87, rue de Turbigo - 75003 PARIS
