Greetings,
Any pointers about this question will be greatly appreciated. Thanks in advanced. I've searched all over and tried all suggestions I found so far without success.
I've setup a VMWare virtual machine. It's CentOS 5.4 with a static ip address --HostOnly. My initial setup was with default, no TLS. This worked cleanly. I could login with a configured LDAP account. Then I configured TLS and I cannot login with any regular user account, be it LDAP account or local user account. I can only login as root.
The /var/log/messages says:
Jul 2 17:55:53 ldapServer xfs: nss_ldap: failed to bind to LDAP server ldaps://192.168.150.133/: Can't contact LDAP server Jul 2 17:55:53 ldapServer xfs: nss_ldap: could not search LDAP server - Server is unavailable
A QUICK TEST AT THE CLI SAYS:
[root@ldapServer]# ldapsearch -x ldap_bind: Can't contact LDAP server (-1)
[root@ldapServer]# slapindex bdb_db_open: database already in use backend_startup_one: bi_db_open failed! (-1) slap_startup failed
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- I DID A SERVICE AND CONFIGURATION CHECK
[root@ldapServer]# chkconfig --list | grep ldap ldap 0:off 1:off 2:off 3:on 4:off 5:on 6:off
[root@ldapServer]# /etc/init.d/ldap stop Stopping slapd: [ OK ]
[root@ldapServer openldap]# /etc/init.d/ldap start Checking configuration files for slapd: config file testing succeeded [ OK ] Starting slapd: [ OK ]
[root@ldapServerp]# /usr/sbin/slaptest -v -f /etc/openldap/slapd.conf -u config file testing succeeded
[root@ldapServer]# service ldap configtest Checking configuration files for slapd: config file testing succeeded [ OK ]
THE SERVICE IS RUNNING
[root@ldapServer]# ps -ef | grep ldap ldap 7027 1 0 17:12 ? 00:00:00 /usr/sbin/slapd -h ldaps:/// -u ldap
THE REQUIRED PORT 636 IS LISTENING.
[root@ldapServer]# fuser -n tcp 636 636/tcp: 7027
[root@ldapServer ~]# telnet localhost 636 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. Connection closed by foreign host.
[root@ldapServer ~]# netstat -a | grep ldap tcp 0 0 *:ldaps *:* LISTEN tcp 0 0 *:ldaps *:* LISTEN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- THE CONFIG FILES
[root@ldapServer]# cat /etc/openldap/ldap.conf HOST 127.0.0.1 BASE dc=ldapServer,dc=lan URI ldap://127.0.0.1/ TLS_CACERTDIR /etc/openldap/cacerts
[root@ldapServer]# cat /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/openldap/cacerts/server.pem TLSCertificateFile /etc/openldap/cacerts/server.pem TLSCertificateKeyFile /etc/openldap/cacerts/server.pem
database bdb suffix "dc=ldapServer,dc=lan" rootdn "cn=Manager,dc=ldapServer,dc=lan" rootpw xxxxxxxxxxxxxxxxxxxxxxxx
directory /var/lib/ldap =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
~af