Novell Home

My Favorites

Close

Please to see your favorites.

LDAP is not listening on TLS and TCP ports, when loading eDirectory.

This document (3308688) is provided subject to the disclaimer at the end of this document.

Environment

Novell eDirectory 8.8 for Linux
Novell eDirectory 8.7.3 for Linux

Situation

When starting eDirectory on Linux the LDAP ports do not load properly. Message is displayed during start of ndsd that the TCP and TLS ports are not listening.

Novell eDirectory LDAP Server TCP port is not listening.
Novell eDirectory LDAP Server TCP port is not listening.

Resolution

There are a couple of known causes for this message and LDAP not working:
  1. The IP address in /etc/opt/novell/eDirectory/conf/nds.conf does not match a valid IP address of the server.
    In this scenario, you will need to:
    - check the valid IP addresses on the server and compare them to the nds.conf file,
    - correct the wrong one, and
    - either restart ndsd or restart the entire server
  2. Insure there is *not* an alias in /etc/hosts assigning the real hostname of the device (as opposed to 'localhost') to a loopback IP address.
    See Additional information section for more information.
  3. This server is running a relatively large DIB and this message is cosmetic.
    See the Additional Information section for more information.
 

Additional Information

For hostname alias to loopback address:
The eDirectory 8.8.x Readme mentions this issue in section 2.7. Be sure that the names associated with loopback addresses are not the hostname or preferred server names which should be associated with the machine's real IP address. eDirectory does not listen anymore, by default, on the loopback IP address. Doing so would cause issues with multiple instances all trying to listen on that IP address.

For servers with relatively large DIBs:
These messages may be purely cosmetic. Large DIB sizes are known cause this, even though LDAP does finally listen and is working.
These messages are generated from the /etc/init.d/nldap script. Some customers with large databases will choose to remark out the section responsible for generating these errors.
If you are using a proxy user, make sure that address restrictions are not assigned to that LDAP Proxy user as these errors will cause this message.

 Another cause of this message, is when an LDAP proxy user is associated with the LDAP group and it has a non-null password. 


 

Change Log

20110930 - Karl Klemm - added sections on server IP addr and nds.conf not matching & hostname aliased to 127.0.0.1
                                    - moved background information to Additional Information section and referenced from Resolution section.

20130730 - David Chenworth Added the last line of the additional information about the LDAP proxy user w/ a non-null password based on a customer comment.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:3308688
  • Creation Date:05-FEB-08
  • Modified Date:30-JUL-13
    • NovellOpen Enterprise Server
    • SUSESUSE Linux Enterprise Server
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback