Find the answer to your Linux question:
Results 1 to 10 of 10
So I looked up this error and found out it supposedly means slapd isn't running, but on my system it is. And it looks like it is trying to use ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2011
    Posts
    68

    OpenLDAP: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


    So I looked up this error and found out it supposedly means slapd isn't running, but on my system it is. And it looks like it is trying to use SASL.

    This error happens every time I issue an LDAP client command such as ldapadd or ldapsearch, even if I specify the -x argument which is supposed to force the tool to use simple authentication.

    I thought non-SASL was default but apparently there is something I'm missing to disable SASL. I need to be able to use simple authentication while I'm testing.

    /etc/openldap/ldap.conf
    Code:
    BASE         dc=minamoto,dc=local
    URI          ldap://ldap.minamoto.local:389/
    #TLS_REQCERT  allow
    TIMELIMIT    2
    /etc/openldap/slapd.conf
    Code:
    #
    ##
    ### GLOBAL CONFIG
    ##
    #
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/inetorgperson.schema
    #include /etc/openldap/schema/samba.schema
    
    # TEMPORARY!!!
    #access to *
    #       by * write
    
    loglevel        -1
    logfile         /var/log/openldap/openldap.log
    #pidfile         /var/run/openldap/slapd.pid
    # argsfile      /var/run/slapd.args # DONT use
    threads         2
    
    TLSCipherSuite          HIGH:MEDIUM:+SSLv2
    TLSCertificateFile      /etc/openldap/ssl/slapdcert.pem
    TLSCertificateKeyFile   /etc/openldap/ssl/slapdkey.pem
    
    #
    ##
    ### PER-DIRECTORY CONFIG
    ##
    #
    database        bdb
    directory       /var/lib/minamoto.local
    mode            0600
    cachesize       100
    # SLAPD_SERVICES="ldaps://"
    # TLS_REQCERT             allow
    suffix "dc=minamoto,dc=local"
    password-hash   {SSHA}
    rootdn "cn=manager,dc=minamoto,dc=local"
    rootpw {SSHA}LOL_JK
    checkpoint      32      30
    
    index           objectClass             eq
    index           cn,sn,mail              pres,sub,eq
    index           uid                     pres,eq
    
    # TEMPORARY!!!
    #access to *
    #       by * write

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    i thought the "-x" was all you need to disable SASL auth, too.

    i assume you can ping the ldap server. is your firewall running, and blocking the port, maybe? you can also nmap the box and see what ports are listening, e.g.:

    Code:
    nmap -n <LDAP_IP_ADDRESS>

  3. #3
    Just Joined!
    Join Date
    Mar 2011
    Posts
    68
    Yes, I can ping the server. I actually was sitting at the console when doing this so the firewall shouldn't have come into play, but I had also turned off the firewall on the server temporarily.
    I also tried su'ing to root and executing the commands to test a user account permission issue, which doesn't seem to be the issue.

  4. $spacer_open
    $spacer_close
  5. #4
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    have you run authconfig? maybe try it on another Linux client PC, one that you don't mind messing around w/the LDAP settings.

    here's an example of what I run, on a client:

    Code:
    authconfig --enableshadow \
    --enableldap \
    --enableldapauth \
    --ldapserver=ldap://<LDAP_IP_ADDR>/ \
    --ldapbase="o=myorg" \
    --enablelocauthorize \
    --enablemkhomedir \
    --nostart \
    --updateall
    on the LDAP server, you've successfully created an LDAP user (using an LDIF file, etc)?

    Does the "slapcat" command run properly on the server?

  6. #5
    Just Joined!
    Join Date
    Mar 2011
    Posts
    68
    Erm. I don't appear to have authconfig. I think that is a distro specific script.

    I haven't gotten that far. I ran into this error when I went to make the top level OUs. I only ran ldapsearch to see if it would get the same error or yell at me for having an empty directory.

    slapcat seems to work, though it doesn't spit anything out because the directory is currently empty.

  7. #6
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by bleedingsamurai View Post
    Erm. I don't appear to have authconfig. I think that is a distro specific script.
    what's your distro?

    I haven't gotten that far. I ran into this error when I went to make the top level OUs. I only ran ldapsearch to see if it would get the same error or yell at me for having an empty directory.
    okay, so the database is empty. are you sure that the ldap daemon is running? maybe you just need to add something to it first. after i add a simple LDAP db entry, this is how i'd test it:

    Code:
    ldapsearch -x -b 'o=myorg'

  8. #7
    Just Joined!
    Join Date
    Mar 2011
    Posts
    68
    I am running Gentoo.
    If it comes down to it, I can just build a VM with another distro for testing purposes.

    Yes, I'm sure. I can see it when I run
    Code:
    ps aux | grep slapd

  9. #8
    Just Joined!
    Join Date
    Mar 2011
    Posts
    68
    * I used slapadd to import some top level OU structures. Then I restarted slapd. slapcat is working correctly. But I'm still getting the same error when I try to use:
    Code:
    ldapsearch -x -b "dn=minamoto,dn=local" "(objectclass=*)"
    from the server's console as root

  10. #9
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    how about adding this to slapd.conf (and restarting), does that make a difference?
    Code:
    allow bind_v2
    also, i assume you can resolve your LDAP url (ldap.minamoto.local)?

  11. #10
    Just Joined!
    Join Date
    Mar 2011
    Posts
    68
    Well, now I feel kind of dumb, XP

    named wasn't running. Before when I checked for connectivity, I used IP address only. (<_<) (>_>)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •