Results 1 to 2 of 2

Thread: Trying to get openldap to work...

  1. #1
    Join Date
    Oct 2011

    Trying to get openldap to work...

    I thought I had this working, but it stopped...

    I set up an Ubuntu 11.10 server with OpenSSH and OpenLDAP per the guide(s), community documentation, copious google searching, and forum searching..nothing suggested works, thus I presume it's something I'm overlooking being to close it working on it too long.

    Everything seems to be in place on the server, "ldapsearch -H ldapi:/// -x -ZZZ" spits out the expected information, phpldapadmin works. I even believe I have the TLS/SSL configuration set appropriately (self signed certs until I can verify that it works in general.)

    When I try "ldapsearch -x -H ldaps://" on a client, I get "ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1). I tried "-d 8" but it doesn't spit out any debug information. The sad part, this worked at one point...

    My /etc/default/slapd.conf on the server:

    SLAPD_SERVICES="ldaps:// ldapi:///"
    My /etc/ldap/ldap.conf on the server:

    BASE dc=ece,dc=cornell,dc=edu
    URI ldaps://
    TLS_REQCERT allow
    My /etc/ldap/ldap.conf on the client:

    BASE	dc=ece,dc=cornell,dc=edu
    URI 	ldapi://
    TLS_REQCERT allow
    It doesn't appear to be listening on right ports on the server (although there is nothing in the logs to indicate there is a problem.)

    $ sudo netstat -plane | grep ":389"
    $ sudo netstat -plane | grep ":636"
    tcp        0      0 *               LISTEN      0          7386        853/slapd       
    $ sudo netstat -plane | grep "slapd"
    tcp        0      0 *               LISTEN      0          7386        853/slapd       
    unix  2      [ ACC ]     STREAM     LISTENING     7387     853/slapd           /var/run/slapd/ldapi
    unix  2      [ ]         DGRAM                    7383     853/slapd           
    I'm about to give up and just use NIS, it's not that big of an environment. I was just hoping for a more secure authentication method.

    ...and before you suggest it, I can't use a commercial product. The university is cutting back on expenses and they've determined that IT is too costly (although HR is growing expotentially, go figure.)

  2. #2
    Join Date
    Mar 2008

    Re: Trying to get openldap to work...

    hello there,
    have you have any luck woth setting up your ldap authentication?

    I'm in a similar situation...

    thank you for your time

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts