Hi!
I have installed the openldap 2.2.13 with rpm on Red Hat Enterprise Linux ES release 4 (Nahant Update 8) I have set the TLS setting too.
With the user root I can start the ldapsearch and I receive the result successfully, the ldap client can connect to the ldap server. However if I login with another user I receive the following message: ldap_bind: Can't contact LDAP server (-1)
What can be the problem? Thanks for the help in advance,
Sandor
Sandor,
Sandor Szalina schrieb am 08.09.2010 12:16 Uhr:
I have installed the openldap 2.2.13 with rpm on Red Hat Enterprise Linux ES release 4 (Nahant Update 8) I have set the TLS setting too.
Man, 2.2.13 is ancient: http://www.openldap.org/lists/openldap-announce/200406/msg00002.html You really should try a /newer/ release.
With the user root I can start the ldapsearch and I receive the result successfully, the ldap client can connect to the ldap server. However if I login with another user I receive the following message: ldap_bind: Can't contact LDAP server (-1)
What can be the problem? Thanks for the help in advance,
You did not provide any details - on how to uses ldapsearch and - about the server and client side config
Marc
--- On Wed, 8/9/10, Marc Patermann hans.moser@ofd-z.niedersachsen.de wrote:
From: Marc Patermann hans.moser@ofd-z.niedersachsen.de Subject: Re: cannot bind to ldap other user as root To: "Sandor Szalina" sszalina@yahoo.com Cc: openldap-technical@openldap.org Date: Wednesday, 8 September, 2010, 13:36 Sandor,
Sandor Szalina schrieb am 08.09.2010 12:16 Uhr:
I have installed the openldap 2.2.13 with rpm on Red
Hat Enterprise
Linux ES release 4 (Nahant Update 8) I have set the
TLS setting too. Man, 2.2.13 is ancient: http://www.openldap.org/lists/openldap-announce/200406/msg00002.html You really should try a /newer/ release.
With the user root I can start the ldapsearch and I
receive the
result successfully, the ldap client can connect to
the ldap server.
However if I login with another user I receive
the following
message: ldap_bind: Can't contact LDAP server (-1)
What can be the problem? Thanks for the help in
advance, You did not provide any details
- on how to uses ldapsearch and
- about the server and client side config
Marc
Hi!
Thanks for your mail. Here is the information:
The running slapd process is: ldap 21697 1 0 07:14 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldaps://*:8108 -f /etc/openldap/slapd.conf
The slapd.conf is:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/local.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /etc/openldap/cacerts/cacert.pem TLSCertificateFile /etc/openldap/servercrt.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem
database bdb suffix "dc=test" rootdn "cn=Admin,dc=test"
rootpw mypasswd
directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
The port 8108 is opened in the firewall.
On the client side there is .ldaprc in the home directory with the following content:
TLS_REQCERT allow
I am running the following ldapsearch command from the same machine: ldapsearch -H ldaps://localhost:8108 -x -D "cn=Admin,dc=test" -W -b "dc=test" -s sub "objectclass=*"
as root I receive the content and at the end: # search result search: 2 result: 0 Success
# numResponses: 7 # numEntries: 6
If I am login with another user eg. testuser and I start the same ldapsearch I receive ldap_bind: Can't contact LDAP server (-1)
bye
Sandor
Sandor Szalina sszalina@yahoo.com writes:
--- On Wed, 8/9/10, Marc Patermann hans.moser@ofd-z.niedersachsen.de wrote:
From: Marc Patermann hans.moser@ofd-z.niedersachsen.de
[...]
Sandor Szalina schrieb am 08.09.2010 12:16 Uhr:
I have installed the openldap 2.2.13 with rpm on Red
Hat Enterprise
Linux ES release 4 (Nahant Update 8) I have set the
TLS setting too. Man, 2.2.13 is ancient: http://www.openldap.org/lists/openldap-announce/200406/msg00002.html You really should try a /newer/ release.
With the user root I can start the ldapsearch and I
receive the
result successfully, the ldap client can connect to
the ldap server.
However if I login with another user I receive
the following
message: ldap_bind: Can't contact LDAP server (-1)
What can be the problem? Thanks for the help in
advance, You did not provide any details
- on how to uses ldapsearch and
- about the server and client side config
Thanks for your mail. Here is the information:
The running slapd process is: ldap 21697 1 0 07:14 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldaps://*:8108 -f /etc/openldap/slapd.conf
The slapd.conf is:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/local.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /etc/openldap/cacerts/cacert.pem TLSCertificateFile /etc/openldap/servercrt.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem
database bdb suffix "dc=test" rootdn "cn=Admin,dc=test"
rootpw mypasswd
directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
The port 8108 is opened in the firewall.
On the client side there is .ldaprc in the home directory with the following content:
TLS_REQCERT allow
The client needs to have knowledge of the certificate authority in order to verify the server certificate, thus specify TLS_CACERT or let the client not have to verify the server certificate, which is not advisable.
-Dieter
openldap-technical@openldap.org
-
Dieter Kluenter -
Marc Patermann -
Sandor Szalina