Novell is now a part of Micro Focus

Troubleshooting Tips for NLDAP

Novell Cool Solutions: Tip
By Paul Hardwick

Digg This - Slashdot This

Posted: 21 Mar 2005


A reader recently described the following problems when using NLDAP:

"I've got a very strange issue with nss and eDirectory. Any attempts to log in result in this error: Could not connect to any LDAP server as (null) - Can't contact LDAP server.

The client can login eventually (it drops down to keyboard-interactive in this case), but the nss_ldap calls all fail. Does anyone have any tips on how to find out what's causing this problem, short of recompiling libnss?"

And here are some troubleshooting tips contributed by Paul Hardwick from Novell:

Troubleshooting Tips

I would start troubleshooting NLDAP - forget about nss for a second and see if you can get LDAP working. You could start by making sure that you can connect to it. I like to use ldapbrowse myself (you can download it for free). It allows you to check unsecure and TLS, as well as anonymous binds. It's pretty easy to use, with little extra to learn.

Here are some other things I would suggest you try.

1. When NDSD is running, check to ensure that the ldap ports 389 (cleartext) and 636 (SSL) are listening. For example:

netstat -na|grep -i listen|egrep "389|636"
[root@phardwick-002 edir]# netstat -na|grep -i listen|egrep "389|636"
tcp        0      0   *               LISTEN
tcp        0      0   *               LISTEN

2. If the ports are listening, try a root DSE search over cleartext from a command-line client. Here's an example with ldapsearch:

ldapsearch -x -h -b "" -s base objectClass=*

A lot of data should be returned from the ldap server with this command. The -x is required on some ldapsearch clients to specify to use simple binds without SSL authentication.

3. If the ports are not listening, then see if there are any errors when LDAP is started. Turn on the LDAP debugging levels as follows:

ldapconfig set "LDAP Screen Level"="all" -a admin.novell -w novell

The -a is for your admin user and context, and the -w is the password. If you leave these parameters off the command line you will be prompted for the user/password. The output should be something like this:

NLDAP server configuration utility for Novell eDirectory 8.7.3 v10552.72.
LDAP Server Configuration:
LDAP Server: CN=LDAP Server - phardwick-002.O=novell
LDAP Group: CN=LDAP Group - phardwick-002.O=novell
LDAP Screen Level set to all
LDAP Server refreshed with the new configuration.

4. Run NDSTrace in a second terminal session.

5. Turn on only the +LDAP +TIME +TAGS tags (ensure no other tags are turned on) and trace it to a file.

6. With ndstrace running in the second terminal, from the first terminal at the command line, unload LDAP and load it again. You should see LDAP configuration messages in ndstrace.

7. Examine the messages to see if there is some sort of error. To unload and load ldap, use "nldap -u". The output should be:

NLDAP server loading / unloading utility for Novell eDirectory 8.7.3
Stopping LDAP services.
View the log file /var/nds/ndsd.log for information.

To start again, use "nldap -l". The output should be:

NLDAP server loading / unloading utility for Novell eDirectory 8.7.3
Starting LDAP services.
View the log file /var/nds/ndsd.log for information.

On the NDSTtrace screen you should now have information something like this:

NDS attribute "NSCP:memberCertificateDesc" does not exist, mapping ignored
NDS attribute "staticMember" does not exist, mapping ignored
LDAP Agent for Novell eDirectory 8.7.3 (10552.72) started
Updating server configuration
Work info status: Total:2 Peak:2 Busy:0
Listener applying new configuration
Listener setting up cleartext port 389
Adding TLS module dependencies
TLS initialized successfully
TLS configured successfully
Listener setting up TLS port 636
Adding SASL module dependencies
SASL initialized successfully
SASL configured successfully

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates