lists.arthurdejong.org
RSS feed

Re: Syslog states ldap_result() failed: Can't contact LDAP server

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Syslog states ldap_result() failed: Can't contact LDAP server



Hello,

> Hi, which version of nss-pam-ldapd are you using?

dpkg -l | grep -e libpam-ldapd -e libnss-ldapd -e nslcd
ii  libnss-ldapd                  0.7.6                             NSS module 
for using LDAP as a naming service
ii  libpam-ldapd                 0.7.6                             PAM module 
for using LDAP as an authentication service
ii  nslcd                            0.7.6                             Daemon 
for NSS and PAM lookups using LDAP

>I don't know about auth-client-config, ldap-auth-client and ldap-auth-config. 
>I don't think they are needed for nss-pam-ldapd.
>Aren't those the Ubuntu packages meant to set up libnss-ldap and libpam-ldap?

Correct. 

> There was an issue with the idle_timelimit option not working correctly.
> That should be fixed in 0.7.13 though.

0.7.13 isn't in the ubuntu repositories until now :( are there any precompiled 
x64 deb binaries?

> It could be that the LDAP server is closing the connection after a timeout 
> (Microsoft Active Directory is known to do this). This will confuse the LDAP 
> client library so it is always better to specify idle_timelimit on > the 
> client side).

ldap server:
ii  slapd          2.2.23-8       OpenLDAP server (slapd)

> If this does not provide a fix, perhaps you could post more details when 
> running nslcd in debug mode? It provides more details on what is going on.
Here the debug output:

Seperated by blank lines:
part 1: startup
part 2: getent passwd teichert
part 3: id teichert
part 4: shutdown


nslcd: DEBUG: add_uri(ldaps://ldap)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,2)
nslcd: DEBUG: 
ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/ssl/certs/im-rsn-syCA.pem")
nslcd: version 0.7.6 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file 
or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(115) done
nslcd: DEBUG: setuid(106) done
nslcd: accepting connections

nslcd: [8b4567] DEBUG: connection from pid=30944 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_passwd_byname(teichert)
nslcd: [8b4567] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixAccount)(uv-userName=teichert))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [8b4567] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [8b4567] DEBUG: ldap_result(): end of results


nslcd: [7b23c6] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [7b23c6] DEBUG: nslcd_passwd_byname(teichert)
nslcd: [7b23c6] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixAccount)(uv-userName=teichert))")
nslcd: [7b23c6] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [7b23c6] DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [7b23c6] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [7b23c6] DEBUG: ldap_result(): end of results
nslcd: [3c9869] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [3c9869] DEBUG: nslcd_passwd_byuid(1015)
nslcd: [3c9869] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixAccount)(uidNumber=1015))")
nslcd: [3c9869] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [3c9869] DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [3c9869] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [3c9869] DEBUG: ldap_result(): end of results
nslcd: [334873] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [334873] DEBUG: nslcd_group_bygid(1015)
nslcd: [334873] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=1015))")
nslcd: [334873] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [334873] DEBUG: ldap_set_rebind_proc()
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [334873] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [334873] DEBUG: ldap_result(): end of results
nslcd: [b0dc51] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [b0dc51] DEBUG: nslcd_group_bymember(teichert)
nslcd: [b0dc51] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixAccount)(uv-userName=teichert))")
nslcd: [b0dc51] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [b0dc51] DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [b0dc51] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [b0dc51] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(|(memberUid=teichert)(uniqueMember=cn=teichert,cn=users,cn=accounts,cn=linux,o=mydomain,c=de)))")
nslcd: [b0dc51] DEBUG: ldap_result(): end of results
nslcd: [495cff] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [495cff] DEBUG: nslcd_group_bymember(teichert)
nslcd: [495cff] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixAccount)(uv-userName=teichert))")
nslcd: [495cff] ldap_result() failed: Can't contact LDAP server
nslcd: [495cff] DEBUG: ldap_abandon()
nslcd: [495cff] DEBUG: ldap_unbind()
nslcd: [495cff] DEBUG: myldap_get_entry(): retry search
nslcd: [495cff] DEBUG: ldap_initialize(ldaps://ldap)
nslcd: [495cff] DEBUG: ldap_set_rebind_proc()
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,30)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,30)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,30)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [495cff] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [495cff] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap")
nslcd: [495cff] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(|(memberUid=teichert)(uniqueMember=cn=teichert,cn=users,cn=accounts,cn=linux,o=mydomain,c=de)))")
nslcd: [495cff] DEBUG: ldap_result(): end of results
nslcd: [e8944a] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [e8944a] DEBUG: nslcd_group_bygid(1015)
nslcd: [e8944a] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=1015))")
nslcd: [e8944a] DEBUG: ldap_result(): end of results
nslcd: [5558ec] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [5558ec] DEBUG: nslcd_group_bygid(64997)
nslcd: [5558ec] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64997))")
nslcd: [5558ec] DEBUG: ldap_result(): end of results
nslcd: [8e1f29] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [8e1f29] DEBUG: nslcd_group_bygid(64984)
nslcd: [8e1f29] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64984))")
nslcd: [8e1f29] DEBUG: ldap_result(): end of results
nslcd: [e87ccd] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [e87ccd] DEBUG: nslcd_group_bygid(64983)
nslcd: [e87ccd] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64983))")
nslcd: [e87ccd] DEBUG: ldap_result(): end of results
nslcd: [1b58ba] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [1b58ba] DEBUG: nslcd_group_bygid(64982)
nslcd: [1b58ba] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64982))")
nslcd: [1b58ba] DEBUG: ldap_result(): end of results
nslcd: [7ed7ab] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [7ed7ab] DEBUG: nslcd_group_bygid(64980)
nslcd: [7ed7ab] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64980))")
nslcd: [7ed7ab] DEBUG: ldap_result(): end of results
nslcd: [b141f2] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [b141f2] DEBUG: nslcd_group_bygid(1023)
nslcd: [b141f2] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=1023))")
nslcd: [b141f2] DEBUG: ldap_result(): end of results
nslcd: [b71efb] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [b71efb] DEBUG: nslcd_group_bygid(1023)
nslcd: [b71efb] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=1023))")
nslcd: [b71efb] DEBUG: ldap_result(): end of results
nslcd: [e2a9e3] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [e2a9e3] DEBUG: nslcd_group_bygid(64969)
nslcd: [e2a9e3] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64969))")
nslcd: [e2a9e3] error writing to client: Broken pipe
nslcd: [45e146] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [45e146] DEBUG: nslcd_group_bygid(64969)
nslcd: [45e146] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64969))")
nslcd: [5f007c] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [5f007c] DEBUG: nslcd_group_bygid(64969)
nslcd: [5f007c] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64969))")
nslcd: [45e146] error writing to client: Broken pipe
nslcd: [5f007c] DEBUG: ldap_result(): end of results
nslcd: [d062c2] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [d062c2] DEBUG: nslcd_group_bygid(64969)
nslcd: [d062c2] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64969))")
nslcd: [d062c2] DEBUG: ldap_result(): end of results
nslcd: [200854] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [200854] DEBUG: nslcd_group_bygid(64969)
nslcd: [200854] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64969))")
nslcd: [200854] DEBUG: ldap_result(): end of results
nslcd: [b127f8] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [b127f8] DEBUG: nslcd_group_bygid(64968)
nslcd: [b127f8] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64968))")
nslcd: [b127f8] DEBUG: ldap_result(): end of results
nslcd: [16231b] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [16231b] DEBUG: nslcd_group_bygid(64967)
nslcd: [16231b] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64967))")
nslcd: [16231b] DEBUG: ldap_result(): end of results
nslcd: [16e9e8] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [16e9e8] DEBUG: nslcd_group_bygid(64965)
nslcd: [16e9e8] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64965))")
nslcd: [16e9e8] DEBUG: ldap_result(): end of results
nslcd: [90cde7] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [90cde7] DEBUG: nslcd_group_bygid(64963)
nslcd: [90cde7] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64963))")
nslcd: [90cde7] DEBUG: ldap_result(): end of results
nslcd: [ef438d] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [ef438d] DEBUG: nslcd_group_bygid(64962)
nslcd: [ef438d] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64962))")
nslcd: [ef438d] DEBUG: ldap_result(): end of results
nslcd: [0e0f76] DEBUG: connection from pid=30949 uid=0 gid=0
nslcd: [0e0f76] DEBUG: nslcd_group_bygid(64959)
nslcd: [0e0f76] DEBUG: myldap_search(base="o=mydomain,c=de", 
filter="(&(objectClass=uv-posixGroup)(gidNumber=64959))")
nslcd: [0e0f76] DEBUG: ldap_result(): end of results

nslcd: [16231b] DEBUG: ldap_unbind()
nslcd: [ef438d] DEBUG: ldap_unbind()
nslcd: [16e9e8] DEBUG: ldap_unbind()
nslcd: [90cde7] DEBUG: ldap_unbind()
nslcd: [0e0f76] DEBUG: ldap_unbind()
nslcd: caught signal SIGINT (2), shutting down
nslcd: version 0.7.6 bailing out


greetings
Robert

--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --


***********
Hinweis zur Datensicherheit
Die Datenübertragung über das Internet erfolgt derzeit im Wesentlichen 
ungesichert. Die Vertraulichkeit sensibler, personenbezogener Daten gegenüber 
Dritten ist nicht gewährleistet. Es ist nicht ausgeschlossen, dass übermittelte 
Daten von Unbefugten zur Kenntnis genommen und eventuell sogar verfälscht 
werden. Falls Sie uns Informationen mit vertraulichem Inhalt und/oder 
personenbezogenen, sensiblen Daten per E-Mail zusenden wollen, empfehlen wir 
Ihnen, diese zu verschlüsseln. Bitte setzen Sie sich bzgl. der geeigneten 
Kryptotechnik mit uns in Verbindung. Wenn Sie Informationen unverschlüsselt per 
E-Mail an uns senden, erklären Sie sich mit der unverschlüsselten Beantwortung 
per E-Mail durch uns einverstanden. Falls Sie dies nicht wünschen, teilen Sie 
uns dies bitte mit. Sie erhalten die von Ihnen gewünschten Informationen dann 
auch gerne per Post oder Telefax übermittelt.

Hinweis zu Vertraulich- und Rechtsverbindlichkeit
Der Inhalt des erhaltenen E-Mails ist vertraulich zu behandeln und 
ausschließlich für den bezeichneten Adressaten bzw. dessen Vertreter bestimmt. 
Sollten Sie nicht der für unsere Nachricht vorgesehene Empfänger sein, so 
bitten wir Sie, sich mit dem Absender dieser E-Mail unverzüglich in Verbindung 
zu setzen, die empfangene E-Mail nebst etwaiger Anlagen aus Ihrem System zu 
löschen sowie ggf. existierende Ausdrucke zu vernichten. Wir machen darauf 
aufmerksam, dass der Inhalt dieser E-Mail nicht rechtsverbindlich ist, da über 
das Internet erstellte E-Mails leicht manipuliert oder unter falscher 
Absenderkennung erstellt werden können. Eine rechtsverbindliche Bestätigung 
erhalten Sie gerne auf Anfrage in schriftlicher Form. Eine Veröffentlichung, 
Vervielfältigung oder Weiterleitung des Inhaltes dieser E-Mail ist nur nach 
unserer vorherigen schriftlichen Einwilligung gestattet.
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users