Hello, I am new to OpenLDAP and could please use your help.
I just created a brand new install of the latest OpenLDAP server - openldap-ltb.x86_64 0:2.4.42-1.el6
on Centos 6.7
There are no entries in the bdb database as this is a new install.
I am getting the error when running to following command.
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
# ldapsearch -x -d 1 -LLL
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect errno: 111
ldap_close_socket: 3
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect errno: 110
ldap_close_socket: 3
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Any help would be greatly appreciated. I came up very short with my google searches.
Thank you - Lou
Le 11/09/2015 00:23, Varadi, Louis - 0442 - MITLL a écrit :
Hello, I am new to OpenLDAP and could please use your help.
I just created a brand new install of the latest OpenLDAP server - openldap-ltb.x86_64 0:2.4.42-1.el6
on Centos 6.7
There are no entries in the bdb database as this is a new install.
I am getting the error when running to following command.
*ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)*
# ldapsearch -x -d 1 -LLL
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect errno: 111
ldap_close_socket: 3
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect errno: 110
ldap_close_socket: 3
ldap_err2string
*ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)*
Any help would be greatly appreciated. I came up very short with my google searches.
Could you check that the service is up wih: # /etc/init.d/slapd status
You can also check logs on /var/log/openldap.log
Or run OpenLDAP with logs in console : # /etc/init.d/slapd debug
Hello, thank you for your reply. Here are the answers to your questions
Yes the process is running.
/etc/init.d/slapd status
slapd: [INFO] Using /etc/default/slapd for configuration
slapd: [INFO] LDAP Tool Box OpenLDAP init script version 2.1
slapd: [INFO] Process OpenLDAP is not running
slapd: [INFO] Detected suffix: dc=group44,dc=ldap
[root@lenldap ~]# /etc/init.d/slapd status
slapd: [INFO] Using /etc/default/slapd for configuration
slapd: [INFO] LDAP Tool Box OpenLDAP init script version 2.1
slapd: [INFO] Process OpenLDAP is running (PID 1814)
slapd: [INFO] Listening to services ldap://*:389 ldaps://*:636
slapd: [INFO] Process usage: 0.1% CPU / 0.4% MEM
slapd: [INFO] Detected suffix: dc=group44,dc=ldap
This is the OpenLDAP process running.
Sep 11 08:34:41 lenldap slapd[1826]: [INFO] Using /etc/default/slapd for configuration
Sep 11 08:34:41 lenldap slapd[1831]: [INFO] LDAP Tool Box OpenLDAP init script version 2.1
Sep 11 08:34:41 lenldap slapd[1834]: [INFO] Process OpenLDAP is running (PID 1814)
Sep 11 08:34:41 lenldap slapd[1835]: [INFO] Listening to services ldap://*:389 ldaps://*:636
Sep 11 08:34:41 lenldap slapd[1838]: [INFO] Process usage: 0.1% CPU / 0.4% MEM
Sep 11 08:34:41 lenldap slapd[1859]: [INFO] Detected suffix: dc=group44,dc=ldap
_______________
I ran the command tail f /var/log/openldap.log
In another terminal I ran the ldapsearch x command.
I did not see any output to the openldap.log.
I am still getting the Cant contact LDAP server error after the command.
ldapsearch -x
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
_______________
I ran the command.
/etc/init.d/slapd debug
In another window I ran the command ldapsearch x
Again, no output to debug.
Again - getting the Cant contact LDAP server error
ldapsearch -x
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Thoughts?
Thank you
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Clément OUDOT Sent: Friday, September 11, 2015 1:16 AM To: openldap-technical@openldap.org Subject: Re: OpenLDAP error - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Le 11/09/2015 00:23, Varadi, Louis - 0442 - MITLL a écrit :
Hello, I am new to OpenLDAP and could please use your help.
I just created a brand new install of the latest OpenLDAP server - openldap-ltb.x86_64 0:2.4.42-1.el6
on Centos 6.7
There are no entries in the bdb database as this is a new install.
I am getting the error when running to following command.
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
# ldapsearch -x -d 1 -LLL
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect errno: 111
ldap_close_socket: 3
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect errno: 110
ldap_close_socket: 3
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Any help would be greatly appreciated. I came up very short with my google searches.
Could you check that the service is up wih: # /etc/init.d/slapd status
You can also check logs on /var/log/openldap.log
Or run OpenLDAP with logs in console : # /etc/init.d/slapd debug
Le 11/09/2015 14:54, Varadi, Louis - 0442 - MITLL a écrit :
Hello, thank you for your reply. Here are the answers to your questions
Yes the process is running.
/etc/init.d/slapd status
slapd: [INFO] Using /etc/default/slapd for configuration
slapd: [INFO] LDAP Tool Box OpenLDAP init script version 2.1
slapd: [INFO] Process OpenLDAP is not running
slapd: [INFO] Detected suffix: dc=group44,dc=ldap
[root@lenldap ~]# /etc/init.d/slapd status
slapd: [INFO] Using /etc/default/slapd for configuration
slapd: [INFO] LDAP Tool Box OpenLDAP init script version 2.1
slapd: [INFO] Process OpenLDAP is running (PID 1814)
slapd: [INFO] Listening to services ldap://*:389 ldaps://*:636
slapd: [INFO] Process usage: 0.1% CPU / 0.4% MEM
slapd: [INFO] Detected suffix: dc=group44,dc=ldap
This is the OpenLDAP process running.
Sep 11 08:34:41 lenldap slapd[1826]: [INFO] Using /etc/default/slapd for configuration
Sep 11 08:34:41 lenldap slapd[1831]: [INFO] LDAP Tool Box OpenLDAP init script version 2.1
Sep 11 08:34:41 lenldap slapd[1834]: [INFO] Process OpenLDAP is running (PID 1814)
Sep 11 08:34:41 lenldap slapd[1835]: [INFO] Listening to services ldap://*:389 ldaps://*:636
Sep 11 08:34:41 lenldap slapd[1838]: [INFO] Process usage: 0.1% CPU / 0.4% MEM
Sep 11 08:34:41 lenldap slapd[1859]: [INFO] Detected suffix: dc=group44,dc=ldap
I ran the command tail –f /var/log/openldap.log
In another terminal I ran the ldapsearch –x command.
I did not see any output to the openldap.log.
I am still getting the Can’t contact LDAP server error after the command.
ldapsearch -x
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
I ran the command.
/etc/init.d/slapd debug
In another window I ran the command ldapsearch –x
Again, no output to debug.
Again - getting the Can’t contact LDAP server error
ldapsearch -x
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Thoughts?
Maybe you are using the ldapsearch command from the distro, which may not work with LTB package. Try /usr/local/openldap/bin/ldapsearch
Check also your selinux configuration and your iptables.
On Fri, Sep 11, 2015 at 03:07:00PM +0200, Clément OUDOT wrote:
Le 11/09/2015 14:54, Varadi, Louis - 0442 - MITLL a écrit :
slapd: [INFO] Listening to services ldap://*:389 ldaps://*:636
I ran the command tail –f /var/log/openldap.log
Maybe you are using the ldapsearch command from the distro, which may not work with LTB package. Try /usr/local/openldap/bin/ldapsearch
Check also your selinux configuration and your iptables.
It is worth trying ldapsearch with the debug option to see where it is trying to connect:
ldapsearch -x -d 1
The first few lines of output should look something like this:
ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.example.com:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 2001:479:1f45:20::201 389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request
Using the same command on a machine that does not have an LDAP server configured looks like this:
ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 111 ldap_close_socket: 3 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 111 ldap_close_socket: 3 ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Look particularly at the ldap_connect_to_host: lines.
Andrew
openldap-technical@openldap.org
-
Andrew Findlay -
Clément OUDOT -
Varadi, Louis - 0442 - MITLL