On 01/29/13 10:22 +0200, Chris wrote:
I am running Openldap 2.4.23 on RHEL6. I can telnet to the server on both 389 636 ports. I can do a ldapsearch and ldapadd without any errors. I get this error when I start the slapd daemon.
/ldap_start_tls_s() failed: Can't contact LDAP server: Transport endpoint is not connected (uri="ldap://ldapserver")// //failed to bind to LDAP server ldap://ldapserver: Can't contact LDAP server: Transport endpoint is not connected/
I don't understand why you are receiving this error while starting slapd. Where are you seeing this error?
What command line options are you starting slapd with?
When I do a ldapsearch -x -d1 -Z -b 'dc=flamengro,dc=co,dc=za'
I get the following error
/TLS: certificate [//CA certificate details omitted here...] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..// //TLS: error: connect - force handshake failure: errno 0 - moznss error -8172// //TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user..// //ldap_err2string// //ldap_start_tls: Connect error (-11)// // additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user/
You have a certificate trust issue. In your above command, you are not specifying a hostname, which means that you're apparently using the hostname specified in your ldap.conf. Verify that's actually a hostname, and not an IP address. Check that the hostname matches the contents of your certificate, and that the certificate's signer is trusted by your moznss library (on your client).
Any help will be appreciated.
This is my slapd.conf file
include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCipherSuite HIGH TLSCertificateFile /etc/pki/tls/certs/slapdcert.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapdkey.pem TLSVerifyClient never database bdb suffix "dc=flamengro,dc=co,dc=za" checkpoint 1024 15 rootdn "cn=Manager,dc=flamengro,dc=co,dc=za" rootpw secret directory /var/lib/ldap/flamengro index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub database monitor # allow only rootdn to read the monitor access to * by dn.exact="cn=Manager,dc=flamengro,dc=co,dc=za" read by * none access to attrs=userPassword,shadowLastChange by anonymous auth by self write by * none