On Fri, Feb 9, 2024 at 1:07 PM chilimili1@outlook.de wrote:
Problem: When attempting to use the ldapi:// URI to interact with the OpenLDAP server using commands like ldapmodify or ldapsearch, an error is encountered: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1).
Process is running # ps -aux |grep ldap ldap 9 0.0 0.4 42232968 79472 ? Sl Jan23 0:10 /usr/libexec/slapd -u ldap -h ldap:/// ldapi:/// ldaps:/// -F /etc/openldap/slapd.d -d 256
Troubleshooting Steps Taken:
Verified the ldapi URI configuration. Inspected the OpenLDAP configuration using slapd.conf or cn=config. Examined ACLs and access control rules.
Additional Information:
OpenLDAP is running as a Docker container on RHEL 9 Basis OS Docker Compose configuration includes port mappings for LDAP (3269:389) and LDAPS (3268:636). The whole configuration was migrated from a working RHEL7 Server with Openladp 2.4.5. the new version in place is 2.5.13
The ldapi listener is a unix domain socket ( https://en.wikipedia.org/wiki/Unix_domain_socket), effectively a special file on the server that you can only talk to *from* the server. If you're running inside a docker container, the only processes that could talk to the ldapi socket would be inside the docker container itself. You can map the TCP ports to the docker host, but that doesn't apply to a unix domain socket.
Ben