Re: Syslog states ldap_result() failed: Can't contact LDAP server
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Syslog states ldap_result() failed: Can't contact LDAP server
- From: "Teichert, Robert" <Robert.Teichert [at] universa.de>
- To: nss-pam-ldapd-users <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: Re: Syslog states ldap_result() failed: Can't contact LDAP server
- Date: Fri, 18 Mar 2011 05:51:52 +0000
Hello,
> Hi, which version of nss-pam-ldapd are you using?
dpkg -l | grep -e libpam-ldapd -e libnss-ldapd -e nslcd
ii libnss-ldapd 0.7.6 NSS module
for using LDAP as a naming service
ii libpam-ldapd 0.7.6 PAM module
for using LDAP as an authentication service
ii nslcd 0.7.6 Daemon
for NSS and PAM lookups using LDAP
>I don't know about auth-client-config, ldap-auth-client and ldap-auth-config.
>I don't think they are needed for nss-pam-ldapd.
>Aren't those the Ubuntu packages meant to set up libnss-ldap and libpam-ldap?
Correct.
> There was an issue with the idle_timelimit option not working correctly.
> That should be fixed in 0.7.13 though.
0.7.13 isn't in the ubuntu repositories until now :( are there any precompiled
x64 deb binaries?
> It could be that the LDAP server is closing the connection after a timeout
> (Microsoft Active Directory is known to do this). This will confuse the LDAP
> client library so it is always better to specify idle_timelimit on > the
> client side).
ldap server:
ii slapd 2.2.23-8 OpenLDAP server (slapd)
> If this does not provide a fix, perhaps you could post more details when
> running nslcd in debug mode? It provides more details on what is going on.
Here the debug output:
Seperated by blank lines:
part 1: startup
part 2: getent passwd teichert
part 3: id teichert
part 4: shutdown
nslcd: DEBUG: add_uri(ldaps://ldap)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,2)
nslcd: DEBUG:
ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/ssl/certs/im-rsn-syCA.pem")
nslcd: version 0.7.6 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file
or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(115) done
nslcd: DEBUG: setuid(106) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=30944 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_passwd_byname(teichert)
nslcd: [8b4567] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixAccount)(uv-userName=teichert))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [8b4567] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [8b4567] DEBUG: ldap_result(): end of results
nslcd: [7b23c6] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [7b23c6] DEBUG: nslcd_passwd_byname(teichert)
nslcd: [7b23c6] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixAccount)(uv-userName=teichert))")
nslcd: [7b23c6] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [7b23c6] DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [7b23c6] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [7b23c6] DEBUG: ldap_result(): end of results
nslcd: [3c9869] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [3c9869] DEBUG: nslcd_passwd_byuid(1015)
nslcd: [3c9869] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixAccount)(uidNumber=1015))")
nslcd: [3c9869] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [3c9869] DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [3c9869] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [3c9869] DEBUG: ldap_result(): end of results
nslcd: [334873] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [334873] DEBUG: nslcd_group_bygid(1015)
nslcd: [334873] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=1015))")
nslcd: [334873] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [334873] DEBUG: ldap_set_rebind_proc()
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [334873] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [334873] DEBUG: ldap_result(): end of results
nslcd: [b0dc51] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [b0dc51] DEBUG: nslcd_group_bymember(teichert)
nslcd: [b0dc51] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixAccount)(uv-userName=teichert))")
nslcd: [b0dc51] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [b0dc51] DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [b0dc51] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [b0dc51] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(|(memberUid=teichert)(uniqueMember=cn=teichert,cn=users,cn=accounts,cn=linux,o=mydomain,c=de)))")
nslcd: [b0dc51] DEBUG: ldap_result(): end of results
nslcd: [495cff] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [495cff] DEBUG: nslcd_group_bymember(teichert)
nslcd: [495cff] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixAccount)(uv-userName=teichert))")
nslcd: [495cff] ldap_result() failed: Can't contact LDAP server
nslcd: [495cff] DEBUG: ldap_abandon()
nslcd: [495cff] DEBUG: ldap_unbind()
nslcd: [495cff] DEBUG: myldap_get_entry(): retry search
nslcd: [495cff] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [495cff] DEBUG: ldap_set_rebind_proc()
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [495cff] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [495cff] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(|(memberUid=teichert)(uniqueMember=cn=teichert,cn=users,cn=accounts,cn=linux,o=mydomain,c=de)))")
nslcd: [495cff] DEBUG: ldap_result(): end of results
nslcd: [e8944a] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [e8944a] DEBUG: nslcd_group_bygid(1015)
nslcd: [e8944a] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=1015))")
nslcd: [e8944a] DEBUG: ldap_result(): end of results
nslcd: [5558ec] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [5558ec] DEBUG: nslcd_group_bygid(64997)
nslcd: [5558ec] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64997))")
nslcd: [5558ec] DEBUG: ldap_result(): end of results
nslcd: [8e1f29] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [8e1f29] DEBUG: nslcd_group_bygid(64984)
nslcd: [8e1f29] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64984))")
nslcd: [8e1f29] DEBUG: ldap_result(): end of results
nslcd: [e87ccd] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [e87ccd] DEBUG: nslcd_group_bygid(64983)
nslcd: [e87ccd] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64983))")
nslcd: [e87ccd] DEBUG: ldap_result(): end of results
nslcd: [1b58ba] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [1b58ba] DEBUG: nslcd_group_bygid(64982)
nslcd: [1b58ba] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64982))")
nslcd: [1b58ba] DEBUG: ldap_result(): end of results
nslcd: [7ed7ab] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [7ed7ab] DEBUG: nslcd_group_bygid(64980)
nslcd: [7ed7ab] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64980))")
nslcd: [7ed7ab] DEBUG: ldap_result(): end of results
nslcd: [b141f2] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [b141f2] DEBUG: nslcd_group_bygid(1023)
nslcd: [b141f2] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=1023))")
nslcd: [b141f2] DEBUG: ldap_result(): end of results
nslcd: [b71efb] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [b71efb] DEBUG: nslcd_group_bygid(1023)
nslcd: [b71efb] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=1023))")
nslcd: [b71efb] DEBUG: ldap_result(): end of results
nslcd: [e2a9e3] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [e2a9e3] DEBUG: nslcd_group_bygid(64969)
nslcd: [e2a9e3] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64969))")
nslcd: [e2a9e3] error writing to client: Broken pipe
nslcd: [45e146] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [45e146] DEBUG: nslcd_group_bygid(64969)
nslcd: [45e146] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64969))")
nslcd: [5f007c] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [5f007c] DEBUG: nslcd_group_bygid(64969)
nslcd: [5f007c] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64969))")
nslcd: [45e146] error writing to client: Broken pipe
nslcd: [5f007c] DEBUG: ldap_result(): end of results
nslcd: [d062c2] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [d062c2] DEBUG: nslcd_group_bygid(64969)
nslcd: [d062c2] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64969))")
nslcd: [d062c2] DEBUG: ldap_result(): end of results
nslcd: [200854] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [200854] DEBUG: nslcd_group_bygid(64969)
nslcd: [200854] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64969))")
nslcd: [200854] DEBUG: ldap_result(): end of results
nslcd: [b127f8] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [b127f8] DEBUG: nslcd_group_bygid(64968)
nslcd: [b127f8] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64968))")
nslcd: [b127f8] DEBUG: ldap_result(): end of results
nslcd: [16231b] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [16231b] DEBUG: nslcd_group_bygid(64967)
nslcd: [16231b] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64967))")
nslcd: [16231b] DEBUG: ldap_result(): end of results
nslcd: [16e9e8] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [16e9e8] DEBUG: nslcd_group_bygid(64965)
nslcd: [16e9e8] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64965))")
nslcd: [16e9e8] DEBUG: ldap_result(): end of results
nslcd: [90cde7] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [90cde7] DEBUG: nslcd_group_bygid(64963)
nslcd: [90cde7] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64963))")
nslcd: [90cde7] DEBUG: ldap_result(): end of results
nslcd: [ef438d] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [ef438d] DEBUG: nslcd_group_bygid(64962)
nslcd: [ef438d] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64962))")
nslcd: [ef438d] DEBUG: ldap_result(): end of results
nslcd: [0e0f76] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [0e0f76] DEBUG: nslcd_group_bygid(64959)
nslcd: [0e0f76] DEBUG: myldap_search(base="o=mydomain,c=de",
filter="(&(objectClass=uv-posixGroup)(gidNumber=64959))")
nslcd: [0e0f76] DEBUG: ldap_result(): end of results
nslcd: [16231b] DEBUG: ldap_unbind()
nslcd: [ef438d] DEBUG: ldap_unbind()
nslcd: [16e9e8] DEBUG: ldap_unbind()
nslcd: [90cde7] DEBUG: ldap_unbind()
nslcd: [0e0f76] DEBUG: ldap_unbind()
nslcd: caught signal SIGINT (2), shutting down
nslcd: version 0.7.6 bailing out
greetings
Robert
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
***********
Hinweis zur Datensicherheit
Die Datenübertragung über das Internet erfolgt derzeit im Wesentlichen
ungesichert. Die Vertraulichkeit sensibler, personenbezogener Daten gegenüber
Dritten ist nicht gewährleistet. Es ist nicht ausgeschlossen, dass übermittelte
Daten von Unbefugten zur Kenntnis genommen und eventuell sogar verfälscht
werden. Falls Sie uns Informationen mit vertraulichem Inhalt und/oder
personenbezogenen, sensiblen Daten per E-Mail zusenden wollen, empfehlen wir
Ihnen, diese zu verschlüsseln. Bitte setzen Sie sich bzgl. der geeigneten
Kryptotechnik mit uns in Verbindung. Wenn Sie Informationen unverschlüsselt per
E-Mail an uns senden, erklären Sie sich mit der unverschlüsselten Beantwortung
per E-Mail durch uns einverstanden. Falls Sie dies nicht wünschen, teilen Sie
uns dies bitte mit. Sie erhalten die von Ihnen gewünschten Informationen dann
auch gerne per Post oder Telefax übermittelt.
Hinweis zu Vertraulich- und Rechtsverbindlichkeit
Der Inhalt des erhaltenen E-Mails ist vertraulich zu behandeln und
ausschließlich für den bezeichneten Adressaten bzw. dessen Vertreter bestimmt.
Sollten Sie nicht der für unsere Nachricht vorgesehene Empfänger sein, so
bitten wir Sie, sich mit dem Absender dieser E-Mail unverzüglich in Verbindung
zu setzen, die empfangene E-Mail nebst etwaiger Anlagen aus Ihrem System zu
löschen sowie ggf. existierende Ausdrucke zu vernichten. Wir machen darauf
aufmerksam, dass der Inhalt dieser E-Mail nicht rechtsverbindlich ist, da über
das Internet erstellte E-Mails leicht manipuliert oder unter falscher
Absenderkennung erstellt werden können. Eine rechtsverbindliche Bestätigung
erhalten Sie gerne auf Anfrage in schriftlicher Form. Eine Veröffentlichung,
Vervielfältigung oder Weiterleitung des Inhaltes dieser E-Mail ist nur nach
unserer vorherigen schriftlichen Einwilligung gestattet.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users