[Samba] LDAP problem

Discussion:

(too old to reply)

Lukz Ferris via samba

2017-02-03 12:20:02 UTC

Hello everyone,

I'm using Samba4 in my CentOS server, and it was just fine. I could always use ldap commands like 'ldapsearch' and 'ldapadd' and I had no problem.

But one day, I don't know why, I couldn't use more ldapsearch or ldapadd. They return this:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I'm using the same command as always, like:

ldapsearch -H "ldaps://devsamba.lucas.ufes.br:636" -w '*******' -D "cn=administrator,cn=users,dc=lucas,dc=ufes,dc=br" -x -b "dc=lucas,dc=ufes,dc=br"

My /etc/openldap/ldap.conf is:

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

TLS_REQCERT never
TLS_CACERT /usr/local/samba/private/tls/cert.pem

It worked until now...

I checked that samba-tools still works, but I need to use ldap commands too. Any idea why is this happening to ldap?

Lucas

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Vinicius Bones Silva via samba

2017-02-03 12:50:01 UTC

Permalink

add -d1 to your command, see what ldapsearch complains about.

Post by Lukz Ferris via samba
Hello everyone,
I'm using Samba4 in my CentOS server, and it was just fine. I could always use ldap commands like 'ldapsearch' and 'ldapadd' and I had no problem.
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
ldapsearch -H "ldaps://devsamba.lucas.ufes.br:636" -w '*******' -D "cn=administrator,cn=users,dc=lucas,dc=ufes,dc=br" -x -b "dc=lucas,dc=ufes,dc=br"
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_REQCERT never
TLS_CACERT /usr/local/samba/private/tls/cert.pem
It worked until now...
I checked that samba-tools still works, but I need to use ldap commands too. Any idea why is this happening to ldap?
Lucas

--
Vinicius Silva
SOC

BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
***@e-trust.com.br
skype: vinicius.bones.silva

Smiley face

www.e-trust.com.br <http://www.e-trust.com.br/>

Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a
E-TRUST, enviando um e-mail para ***@e-trust.com.br. Opiniões, conclusões ou
informações contidas nesta mensagem não necessariamente refletem a posição oficial da
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.

This message may contain privileged and confidential information for the use of the
intended recipients only. If you are not an intended recipient then you should not
disseminate, copy, or take any action based on its contents. If you have received this
message in error then please notify E-TRUST by sending an e-mail message to
***@e-trust.com.br immediately. Views and opinions expressed in this message do not
necessarily reflect the position of E-TRUST. If this message is digitally signed, its
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at
www.e-trust.com.br.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Brian Candler via samba

2017-02-05 12:20:01 UTC

Permalink

Post by Lukz Ferris via samba
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
ldapsearch -H "ldaps://devsamba.lucas.ufes.br:636" -w '*******' -D "cnministrator,cn=users,dc=lucas,dc=ufes,dc=br" -x -b "dc=lucas,dc=ufes,dc=br"

This error suggests a problem with your certificate. If it used to work
previously, then check it hasn't expired.

openssl s_client -connect devsamba.lucas.ufes.br:636

copy-paste the certificate into a pem file, including begin/end lines

openssl x509 -in mycert.pem -noout -enddate

And check your root CA cert hasn't expired:

openssl x509 -in /usr/local/samba/private/tls/cert.pem -noout -enddate

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Continue reading on narkive:

Search results for '[Samba] LDAP problem' (Questions and Answers)

replies

I have doneB.E (comp).How is the profile of systemengineer for a fresher?How much is the demand in future?

started 2007-12-09 00:08:45 UTC

computer networking

replies

When trying to connect my workstations to my domain, I get the follow errors messages?

started 2007-06-21 18:49:59 UTC

computer networking

replies