[opensuse] ldap - Can't bind to server - will on one 10.0 box won't on another??
Listmates, I have lost a great amount of hair trying to determine why I cannot connect to/add anything to ldap on a 10.0 server, where the exact same setup works fine on another 10.0 server. Something a simple as a search fails to bind with or without a password. Here as the symptoms and errors: root@nemesis:/home/david # ldapsearch -x -b dc=3111skyline,dc=com "(objectClass=*)" ldap_bind: Can't contact LDAP server (-1) root@nemesis:/home/david # ldapsearch -W -b dc=3111skyline,dc=com -D cn=admin,dc=3111skyline,dc=com "(objectClass=*)" Enter LDAP Password: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) The same errors occur with ldapadd as well. The only way I can get data into the directory is by shutting down the server and using slapadd, which works fine, but it is not optimal. slapcat correctly dumps the directory back to ldif. But when the server is running, I cannot seem to connect no matter what. The strange problem is that I have another SuSE 10.0 server, configured the same way, that everything works fine on. So much for consistency. Permissions and ownership of /var/lib/ldap are fine: root@nemesis:/home/david # l /var/lib/ldap total 799 drwx------ 2 ldap ldap 328 2007-11-19 01:00 ./ drwxr-xr-x 50 root root 1312 2007-11-18 11:06 ../ -rw------- 1 ldap ldap 24576 2007-11-19 01:00 __db.001 -rw------- 1 ldap ldap 18759680 2007-11-19 01:00 __db.002 -rw------- 1 ldap ldap 2162688 2007-11-19 01:00 __db.003 -rw------- 1 ldap ldap 450560 2007-11-19 01:00 __db.004 -rw------- 1 ldap ldap 24576 2007-11-19 01:00 __db.005 -rw-r--r-- 1 ldap ldap 48 2006-07-28 12:18 DB_CONFIG -rw------- 1 ldap ldap 8192 2007-11-19 01:37 dn2id.bdb -rw------- 1 ldap ldap 32768 2007-11-19 01:37 id2entry.bdb -rw------- 1 ldap ldap 10485760 2007-11-19 01:37 log.0000000001 -rw------- 1 ldap ldap 8192 2007-11-19 01:37 objectClass.bdb Here is the very basic setup with very little modification from the original (standard comments removed): root@nemesis:/home/david # cat /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/yast.schema argsfile /var/run/slapd/slapd.args modulepath /usr/lib/openldap/modules loglevel -1 access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to attr=userPassword,userPKCS12 by self write by * auth access to attr=shadowLastChange by self write by * read access to * by self write by * read database bdb checkpoint 1024 5 cachesize 10000 suffix "dc=3111skyline,dc=com" rootdn "cn=admin,dc=3111skyline,dc=com" rootpw {SSHA}<password removed> directory /var/lib/ldap index objectClass eq The startup log looks fine as far as I can tell: http://www.3111skyline.com/download/ldapstartup I'm really stumped on this one. It has to be a setting somewhere, but where and what is the question. This also may be a forest for the trees issue that I just can't see yet. Does anyone have a guess what could be preventing me from being able to connect to the server. I'm working from localhost, so this isn't even a remote connection issue. As always, any help will be appreciated. Thanks! -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Listmates,
I have lost a great amount of hair trying to determine why I cannot connect to/add anything to ldap on a 10.0 server, where the exact same setup works fine on another 10.0 server. Something a simple as a search fails to bind with or without a password. Here as the symptoms and errors:
root@nemesis:/home/david # ldapsearch -x -b dc=3111skyline,dc=com "(objectClass=*)" ldap_bind: Can't contact LDAP server (-1) You don't give the hostname of the LDAP server that you want to contact. Are you sure that the correct hostname is in /etc/openldap/ldap.conf? If not, use
On Montag, 19. November 2007, David C. Rankin wrote: the "-h <hostname>" or "-H <ldap-url>" option on the commandline. [..] -- Ralf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ralf Haferkamp wrote:
Listmates,
I have lost a great amount of hair trying to determine why I cannot connect to/add anything to ldap on a 10.0 server, where the exact same setup works fine on another 10.0 server. Something a simple as a search fails to bind with or without a password. Here as the symptoms and errors:
root@nemesis:/home/david # ldapsearch -x -b dc=3111skyline,dc=com "(objectClass=*)" ldap_bind: Can't contact LDAP server (-1) You don't give the hostname of the LDAP server that you want to contact. Are you sure that the correct hostname is in /etc/openldap/ldap.conf? If not, use
On Montag, 19. November 2007, David C. Rankin wrote: the "-h <hostname>" or "-H <ldap-url>" option on the commandline.
You did it! I did get the search to work and I think it will help diagnose the problem -- I still haven't a clue where the problem lies. Here is how I got it to work. The first attempt *FAILED*. This is where I need help. I don't know why it failed or what the error means: 09:28 Rankin-P35a~> ssh nemesis Last login: Tue Nov 20 01:00:35 2007 from nemesis.3111skyline.com Have a lot of fun... david@nemesis:~> ldapsearch -h nemesis "(objectClass=*)" SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-13): user not found: no secret in database Adding simple authentication *WORKED!* Where have I screwed up the setting the prevents the -b dc=3111skyline,dc=com search from working?? david@nemesis:~> ldapsearch -x -h nemesis "(objectClass=*)" # extended LDIF # # LDAPv3 # base <> with scope sub # filter: (objectClass=*) # requesting: ALL # # 3111skyline.com dn: dc=3111skyline,dc=com objectClass: dcObject objectClass: organization dc: 3111skyline o: Rankin Law Firm PLLC description: Rankin Law Firm PLLC # ldapconfig, 3111skyline.com dn: ou=ldapconfig,dc=3111skyline,dc=com objectClass: organizationalUnit ou: ldapconfig <snip> -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David C. Rankin wrote:
You did it! I did get the search to work and I think it will help diagnose the problem -- I still haven't a clue where the problem lies. Here is how I got it to work. The first attempt *FAILED*. This is where I need help. I don't know why it failed or what the error means:
09:28 Rankin-P35a~> ssh nemesis Last login: Tue Nov 20 01:00:35 2007 from nemesis.3111skyline.com Have a lot of fun... david@nemesis:~> ldapsearch -h nemesis "(objectClass=*)" SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-13): user not found: no secret in database
*Solved* The error was a simple ldap.conf error. The exact nature of which shall remain classified to prevent disclosure of the sheer stupidity of the admin. Rule to re-remember. Read all config files line-by-line; word-by-word; very carefully. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
David C. Rankin -
Ralf Haferkamp