Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
nss_ldap: failed to bind to LDAP server
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jiojio74
n00b
n00b


Joined: 12 Jan 2007
Posts: 24

PostPosted: Fri Jan 12, 2007 7:15 pm    Post subject: nss_ldap: failed to bind to LDAP server Reply with quote

I followed this guide: http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC but...
Code:
Jan 12 17:35:50 michael slapd[12741]: @(#) $OpenLDAP: slapd 2.3.30 (Jan 12 2007
16:45:26) $     root@michael:/var/tmp/portage/openldap-2.3.30-r2/work/openldap-2
.3.30/servers/slapd
Jan 12 17:35:50 michael slapd[12741]: nss_ldap: failed to bind to LDAP server ld
ap://127.0.0.1: Can't contact LDAP server
...

...
Jan 12 17:36:20 michael slapd[12741]: nss_ldap: failed to bind to LDAP server ld
ap://127.0.0.1: Can't contact LDAP server
Jan 12 17:36:20 michael slapd[12741]: nss_ldap: could not search LDAP server - S
erver is unavailable


LDAP seem to work I can access from LDAP admin from another PC as anonim

This is my config:
Code:
host 127.0.0.1
base dc=ANGELS,dc=HOME
port 389
nss_reconnect_tries 4                   # number of times to double the sleep time
nss_reconnect_sleeptime 1               # initial sleep value
nss_reconnect_maxsleeptime 16   # max sleep value to cap at
nss_reconnect_maxconntries 2    # how many tries before sleeping
nss_base_passwd ou=Computers,dc=ANGELS,dc=HOME?sub
nss_base_passwd ou=Users,dc=ANGELS,dc=HOME?sub
nss_base_shadow ou=Users,dc=ANGELS,dc=HOME?sub
nss_base_group  ou=Groups,dc=ANGELS,dc=HOME?one
debug 0
logdir /var/log/nss_ldap
ssl no
pam_password md5
bind_policy = soft


/etc/openldap/slapd.conf
Code:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
database        bdb
suffix          "dc=ANGELS ,dc=HOME"
rootdn          "cn=Manager,dc=ANGELS,dc=HOME"
checkpoint      32      30 # <kbyte> <min>
rootpw          {MD5}*******==
directory       /var/lib/openldap-data
index    sambaSID    eq
index    sambaPrimaryGroupSID    eq
index    sambaDomainName    eq
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname   eq,subinitial
loglevel 0


/etc/openldap/ldap.conf
Code:
HOST    127.0.0.1
BASE    dc=ANGELS, dc=HOME


/etc/nsswitch.conf
Code:
passwd:      files ldap compat
shadow:      files ldap compat
group:       files ldap compat
hosts:       files nis dns
networks:    files nis dns
services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files
automount:   files
aliases:     files


/etc/nsswitch.ldap
Code:
passwd:         files ldap
group:          files ldap
hosts:          files dns ldap
services:   ldap [NOTFOUND=return] files
networks:   ldap [NOTFOUND=return] files
protocols:  ldap [NOTFOUND=return] files
rpc:        ldap [NOTFOUND=return] files
ethers:     ldap [NOTFOUND=return] files
netmasks:   files
bootparams: files
publickey:  files
automount:  files
aliases:    files
sendmailvars:   files
netgroup:   ldap [NOTFOUND=return] files


/etc/conf.d/slapd
Code:
OPTS="-h 'ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"


Some hint?
Back to top
View user's profile Send private message
bensimons
n00b
n00b


Joined: 20 Feb 2014
Posts: 13

PostPosted: Thu Mar 13, 2014 6:12 am    Post subject: Reply with quote

I'd been seeing this error (this only occurs on the LDAP server, when it acts as a client, serving itself).

Looking carefully in the logs it appeared there was a connection trying ldap:// and then ldaps://
even though only the "uri" for ldaps:// was specified in /etc/ldap.conf

The firewall (iptables) was blocking the ldap:// connection (on port 389) but why was
it happening? the "uri" only specifies "ldaps" not "ldap". I even tried setting "port 636"
in /etc/ldap.conf but the bind error can't contact LDAP server kept appearing in the logs.

A careful reading of the manual for nss_ldap indicates you should not set
both "host" and "uri" in /etc/ldap.conf - the manual says "uri" takes precedence
over "host". That's actually not quite right, because for it to take precedence
would mean it's ok for the host setting to be there (it just will be ignored).
Actually it's not ignored. it's what is causing the "ldap" connection. The manual
says "its not possible to combine the two" whereas it really ought to say
specify one or the other, not both. imho.

Commenting-out the "host" setting in /etc/ldap.conf fixed it.

ie. The solution is to ONLY specify "uri" in /etc/ldap.conf
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum