Hi all,
I'm playing with a redhat enterprise 4 that uses ldap, since a few days i've notice that the slapd daemon is not able to bind to the default port 389, i'm very new to this server so i could being doing something of very stupid!
[root@ myserver etc]# netstat -tuan | grep 389 [root@ myserver etc]#
i was wondering if a run time file of the server hasn't been properly removed due to a brutal restart, and now the process isn't able to bind to any port, does that make sense? which files should i look for?
[root@ myserver etc]# ls /var/run/openldap/ [root@ myserver etc]# ls /var/lock/ dmraid lvm rpm subsys [root@ myserver etc]#
i've tried to reinstall/downgrade various packages but nothing:
[root@ myserver etc]# rpm -q openldap openldap-2.2.13-12.el4_8.2 [root@ myserver etc]# rpm -q openldap-servers openldap-servers-2.2.13-12.el4_8.2 [root@ myserver etc]# rpm -q openldap-clients openldap-clients-2.2.13-12.el4_8.2 [root@ myserver etc]# rpm -q nss_ldap nss_ldap-253-7.el4 [root@ myserver etc]#
Mar 1 08:03:24 myserver su[5988]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:03:24 myserver su[5988]: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:03:24 myserver su[5988]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:03:24 myserver su[5988]: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:03:46 myserver netstat: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:03:46 myserver netstat: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:03:46 myserver netstat: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:03:46 myserver netstat: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:11:32 myserver runuser: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:11:32 myserver runuser: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:11:32 myserver runuser: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:11:32 myserver runuser: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:11:32 myserver runuser: config file testing succeeded
Mar 1 08:11:32 myserver slapd[6476]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:11:32 myserver slapd[6476]: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:11:32 myserver slapd[6476]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:11:32 myserver slapd[6476]: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:13:23 myserver saslauthd[5038]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:13:23 myserver saslauthd[5038]: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:13:23 myserver saslauthd[5038]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:13:23 myserver saslauthd[5038]: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:13:23 myserver smtp(pam_unix)[5038]: check pass; user unknown
Mar 1 08:13:23 myserver smtp(pam_unix)[5038]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Mar 1 08:13:23 myserver saslauthd[5038]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Mar 1 08:13:26 myserver saslauthd[5038]: do_auth : auth failure: [user=user] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 1 08:13:29 myserver netstat: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:13:29 myserver netstat: nss_ldap: could not search LDAP server - Server is unavailable
Mar 1 08:13:29 myserver netstat: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Mar 1 08:13:29 myserver netstat: nss_ldap: could not search LDAP server - Server is unavailable
configuration files:
/etc/ldap.conf
# @(#)$Id: ldap.conf,v 1.34 2004/09/16 23:32:02 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
#
host 127.0.0.1
dc=tfis,dc=domain,dc=org
# The port.
# Optional: default is 389.
port 389
timelimit 20
bind_timelimit 20
bind_policy soft
idle_timelimit 3600
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
base dc=tfis,dc=domain,dc=org
/etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=tfis,dc=domain,dc=org
HOST 127.0.0.1
TLS_CACERTDIR /etc/openldap/cacerts
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
/etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=tfis, dc=domain, dc=org"
rootdn "cn=Manager,dc=tfis,dc=domain,dc=org"
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
thank you very much for some help!! i don't know where too look anymore, i've installed the same package on another redhat enterprise 4 and it correctly binds the default port, i'm thinking to move temporarily the ldap database on the other server which should be:
1) cp /usr/lib/ldap
2) cp configuration files
3) configure web application to use the new slapd server
am i missing something ? thanks ! kocisky
p.s. i've been googling around and there is something but no results : (