Can't contact LDAP server
807573Jun 28 2010 — edited Jun 28 2010Hello,
Have setup DSEE 7 in the following manner 2 ldap hosts running Solaris 10 10/08 s10x_u6wos_07b X86
These 2 ldap servers are connected into another host that is running the DSCC console. Everything from the DSCC console looks
good and works good. Problem is when I try to connect with ldapsearch I get this error " ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) "
SSL certs are current and contain the subject alternative name for each ldap host. These are behind a cisco content switch. It does not appear to be a SSL
issue from what I can see. The certs are enabled on the ldap hosts and from the debugging output that looks ok. ldapsearch below was run from a linux host.
$ ldapsearch -d 33 -W -D "cn=Directory Manager" -H ldaps://ldapt.test.mydom.com -b dc=test,dc=mydom,dc=com objectClass=*
ldap_url_parse_ext(ldaps://ldapt.test.mydom.com)
ldap_create
ldap_url_parse_ext(ldaps://ldapt.test.mydom.com:636/??base)
Enter LDAP Password:
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldapt.test.mydom.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.17.1.123:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 64 bytes to sd 3
ldap_result ld 0x613570 msgid 1
wait4msg ld 0x613570 msgid 1 (infinite timeout)
wait4msg continue ld 0x613570 msgid 1 all 1
** ld 0x613570 Connections:
* host: ldapt.test.mydom.com port: 636 (default)
refcnt: 2 status: Connected
last used: Mon Jun 28 08:36:40 2010
** ld 0x613570 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x613570 request count 1 (abandoned 0)
** ld 0x613570 Response Queue:
Empty
ld 0x613570 response count 0
ldap_chkResponseList ld 0x613570 msgid 1 all 1
ldap_chkResponseList returns ld 0x613570 NULL
ldap_int_select
read1msg: ld 0x613570 msgid 1 all 1
ber_get_next
TLS trace: SSL3 alert read:warning:close notify
ldap_free_connection 1 0
ldap_free_connection: actually freed
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Since I do get a good connection status against the CSS address ldapt.test.mydom.com on port 636, That would seem to be a good sign.
These are listening on each ldap instance
*.ldap *.* 0 0 49152 0 LISTEN
*.ldaps *.* 0 0 49152 0 LISTEN
Perhaps this is something I am missing on the setup side for the ldap hosts from inside DSCC ? Logs from the ldap servers have not provided much insight...
and help is much appreciated...