"As it quite unlikely that issues raised in your message could not be discussed without talking about the particulars of nss_ldap, your message is more appropriately directed to the openldap-technical list."
So, take two. :) Starting openldap takes about five minutes to come up due to all the timeouts indicated in /var/log/messages. I've been googling without success, and openldap-software is not the appropriate venue for discussion of my problem. Hopefully this is, since I'm running out of options on where to look.
Thank you for any assistance, or pointers toward the right direction.
Gar
-------- Original Message -------- Subject: could not hard reconnect to LDAP server - Server is unavailable Date: Fri, 30 May 2008 15:17:32 -0600 From: Gar Nelson gar.nelson@noaa.gov Organization: National Weather Service To: openldap-software@openldap.org
I'm currently using openldap-2.2.13-8.el4_6.4 on RHEL 4 and for the most part, it appears to be working. I can use ldap to log in on another machine, and on a different workstation, the Apache directory browser connects and browses (and edits) just fine.
However, when watching /var/log/messages, all is not calm under the surface. A shortened snippet of the log is as follows;
May 30 14:55:46 ggw-s-bdc runuser: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server May 30 14:55:46 ggw-s-bdc runuser: nss_ldap: reconnecting to LDAP server... May 30 14:55:46 ggw-s-bdc runuser: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server May 30 14:55:46 ggw-s-bdc runuser: nss_ldap: reconnecting to LDAP server... [...] May 30 14:57:46 ggw-s-bdc runuser: nss_ldap: could not hard reconnect to LDAP server - Server is unavailable May 30 14:57:46 ggw-s-bdc slaptest: sql_select option missing May 30 14:57:46 ggw-s-bdc slaptest: auxpropfunc error no mechanism available May 30 14:57:46 ggw-s-bdc runuser: config file testing succeeded May 30 14:57:46 ggw-s-bdc ldap: Checking configuration files for slapd: succeeded May 30 14:57:46 ggw-s-bdc slapd[16932]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server May 30 14:57:46 ggw-s-bdc slapd[16932]: nss_ldap: reconnecting to LDAP server... May 30 14:57:46 ggw-s-bdc slapd[16932]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server May 30 14:57:46 ggw-s-bdc slapd[16932]: nss_ldap: reconnecting to LDAP server... [...] May 30 14:59:46 ggw-s-bdc slapd[16932]: nss_ldap: could not hard reconnect to LDAP server - Server is unavailable May 30 14:59:46 ggw-s-bdc slapd[16932]: sql_select option missing May 30 14:59:46 ggw-s-bdc slapd[16932]: auxpropfunc error no mechanism available May 30 14:59:46 ggw-s-bdc ldap: slapd startup succeeded
It takes around five minutes for ldap to come up waiting for all the bind timeouts.
I've tried googling without success, I've tried changing from host to uri, and from the local 127 address to the machine's outside IP without success.
SELinux is disabled. IPTables is not running. nmap localhost reports port 389 is open, along with an nmap to it's outside ip address. I'm at a loss as to how to get "nss-ldap" to bind.
ldap.conf is as follows; # @(#)$Id: ldap.conf,v 1.34 2004/09/16 23:32:02 lukeh Exp $ # # PADL Software # http://www.padl.com #
debug 256 logdir /var/log/ldap.log
#host 127.0.0.1 base dc=ggw,dc=nws,dc=noaa uri ldap://127.0.0.1/ #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator
binddn cn=Manager,dc=ggw,dc=nws,dc=noaa bindpw [correct ldap password]
port 389
timelimit 50 bind_timelimit 50 bind_policy hard idle_timelimit 3600
pam_password exop
nss_base_passwd ou=People,dc=ggw,dc=nws,dc=noaa?one nss_base_passwd ou=Computers,dc=ggw,dc=nws,dc=noaa?one nss_base_shadow ou=People,dc=ggw,dc=nws,dc=noaa?one nss_base_group ou=Groups,dc=ggw,dc=nws,dc=noaa?one #nss_base_hosts ou=Hosts,dc=ggw,dc=nws,dc=noaa?one #nss_base_services ou=Services,dc=ggw,dc=nws,dc=noaa?one #nss_base_networks ou=Networks,dc=ggw,dc=nws,dc=noaa?one #nss_base_protocols ou=Protocols,dc=ggw,dc=nws,dc=noaa?one #nss_base_rpc ou=Rpc,dc=ggw,dc=nws,dc=noaa?one #nss_base_ethers ou=Ethers,dc=ggw,dc=nws,dc=noaa?one #nss_base_netmasks ou=Networks,dc=ggw,dc=nws,dc=noaa?one #nss_base_bootparams ou=Ethers,dc=ggw,dc=nws,dc=noaa?one #nss_base_aliases ou=Aliases,dc=ggw,dc=nws,dc=noaa?one #nss_base_netgroup ou=Netgroup,dc=ggw,dc=nws,dc=noaa?one
ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5