| View previous topic :: View next topic |
| Author |
Message |
Zidge
Tux's lil' helper
Joined: 20 Aug 2003
Posts: 86
|
 Posted: Wed Dec 10, 2003 6:30 pm Post subject: [administration] openldap configuration |
 |
|
Hi,
I have a little problem with my slapd conf, when I start it manually
| Code: | | /usr/lib/openldap/slapd |
it starts ok, and is accessible (via phpldapadmin for example)
but when I launch it using the rc script, I can't reach it by phpldapadmin or even by an ldapsearch
I always get (with -d 255) a
| Code: | ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_is_socket_ready: error on socket 3: errno: 111 (Connection refused)
ldap_close_socket: 3
ldap_perror
ldap_bind: Can't contact LDAP server
|
logically, it would use the exact same config, so why is there a problem ?
thank for your advice |
|
| Back to top |
|
 |
Koon
Retired Dev
Joined: 10 Dec 2002
Posts: 518
|
| Posted: Thu Dec 11, 2003 11:12 am Post subject: |
|
|
On my setup, here's what the rc-script does :
| Code: | | /usr/lib/openldap/slapd -- -u ldap -g ldap |
So the difference in running just "/usr/lib/openldap/slapd" would be user/group settings. Try the above command directly to confirm that the problem lies in the user/group. Then crosscheck everything, like /etc/passwd and /etc/group contain ldap, etc...
-K |
|
| Back to top |
|
|
Gentoobie
n00b
Joined: 20 Nov 2003
Posts: 13
Location: Calgary, Canada
|
| Posted: Tue Dec 23, 2003 2:19 am Post subject: ldap socket 3 error |
|
|
I have the exact same problem.
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 68.145.101.173:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_is_socket_ready: error on socket 3: errno: 113 (No route to host)
ldap_close_socket: 3
ldap_perror
ldap_bind: Can't contact LDAP server
I checked the passwd and group and ldap exists. |
|
| Back to top |
|
|
Koon
Retired Dev
Joined: 10 Dec 2002
Posts: 518
|
| Posted: Tue Dec 23, 2003 9:24 am Post subject: Re: ldap socket 3 error |
|
|
| Gentoobie wrote: | | I have the exact same problem. |
No it's not. You get a "No route to host" while contacting what appears to be a distant host (68.148.101.173) while the poster above gets a "connection refused" while contacting localhost.
In your case, it's probably a network configuration problem (try pinging 68.148.101.173, it should not work either) or a ldap.conf problem (incorrect host setting).
-K |
|
| Back to top |
|
|
Gentoobie
n00b
Joined: 20 Nov 2003
Posts: 13
Location: Calgary, Canada
|
| Posted: Wed Dec 24, 2003 12:23 am Post subject: |
|
|
Thanks, you right. I changed my slapd.conf to read suffix dc=localhost? Now I get this error
ldap_create
Enter LDAP Password:
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: localhost
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
TLS trace: SSL_connect:before/connect initialization
tls_write: want=130, written=130
0000: 80 80 01 03 01 00 57 00 00 00 20 00 00 16 00 00 ......W... .....
0010: 13 00 00 0a 07 00 c0 00 00 66 00 00 07 00 00 05 .........f......
0020: 00 00 04 05 00 80 03 00 80 01 00 80 08 00 80 00 ................
0030: 00 65 00 00 64 00 00 63 00 00 62 00 00 61 00 00 .e..d..c..b..a..
0040: 60 00 00 15 00 00 12 00 00 09 06 00 40 00 00 14 `...........@...
0050: 00 00 11 00 00 08 00 00 06 00 00 03 04 00 80 02 ................
0060: 00 80 e7 e6 21 d7 5f 0e ec b7 1b e8 6a 42 64 4b ....!._.....jBdK
0070: 2d 10 bd d6 21 73 12 3f 7e 87 23 42 35 fb cb 77 -...!s.?~.#B5..w
0080: 1c 60 .`
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
0000: 15 03 01 00 02 02 28 ......(
TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:error in SSLv2/v3 read server hello A
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server
additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
The only thing I changed from gentoo's sample slapd.conf was that I commented out the TLSCertificates because the server won't start unless I do. It says there optional. Everything else I left the same.
This is just to learn I'm trying to get the simplest config as possible and build from there. Thanks again. |
|
| Back to top |
|
|
|
Networking & Security
