Novell Home

My Favorites

Close

Please to see your favorites.

namcd cannot connect to LDAP server

This document (3401691) is provided subject to the disclaimer at the end of this document.

Environment

Novell Open Enterprise Server 1 (OES 1) Linux
Novell Open Enterprise Server 1 (OES 1) Support Pack 1 Linux
Novell Open Enterprise Server 1 (OES 1) Support Pack 2 Linux
Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 2 (OES 2) Support Pack 1 Linux

Situation

Error messages in /var/log/messages:
Sep 10 11:12:13 server1 /usr/sbin/namcd[10477]: ldap_initconn: LDAP bind failed, trying to connect to alternative LDAP server
Sep 10 11:12:13 server1 /usr/sbin/namcd[10477]: ldap_initconn: Unable to bind to alternative LDAP servers either.

or

Dec  7 15:31:12 server1 /usr/sbin/namcd[9999]: ldap_initconn: LDAP bind failed (error = [81]), trying to connect to alternative LDAP server
Dec  7 15:31:12 server1 /usr/sbin/namcd[9999]: nam_ldap_init(): retrieval of trusted root cert failed. Make sure you have LDAP server certificate in /var/lib/novell-lum directory.
Dec  7 15:31:12 server1 /usr/sbin/namcd[9999]: nss_ldap_init: Unable to get LDAP handle.
Dec  7 15:31:12 server1 /usr/sbin/namcd[9999]: ldap_initconn: Unable to bind to alternative LDAP servers either, error [226].

Resolution

In this example the server has IP address 10.10.10.10.
  1. Check in the /etc/nam.conf and verify that the preferred-server is pointing to the correct server. In this example the IP address is 10.10.10.10. If the IP address in the nam.conf file is incorrect, you need to change this to the correct IP address.
  2. With the following command, check if a connection to the ldap server can be established:
    /opt/novell/eDirectory/bin/ldapsearch -D CN=admin,o=novell -w novell -h 10.10.10.10 -p 636 -e /etc/opt/novell/certs/SSCert.der -b "" -s base
    • If this fails, follow the steps from TID 7007106 to properly configure ldaptrace.
      Then restart LDAP and see if there are any errors reported during it's startup.
      Note: If the server's certificates have been repaired/renewed recently, they will not be used by ldap until ldap has been restarted.
    • If this succeeds, ldap is working properly and the certificate for namcd should be re-imported from ldap.
      • Go into the /var/nam directory. In this directory, you should find a file called .10.10.10.10.der
        (
        On previous versions of novell-lum the directory is /var/lib/novell-lum)
      • Create a backup copy using: mv .10.10.10.10.der .10.10.10.10.der.bak
      • Using namconfig -k, a new .10.10.10.10.der will be created
  3. Then restart namcd deamon and refresh the local cache with:
    namconfig cache_refresh

Additional Information

For Open Enterprise Server 2 the .der file can be found in /var/lib/novell-lum/
For Open Enterprise Server 2 the ldapsearch tool can be found in /opt/novell/eDirectory/bin


With Novell Open Enterprise Server 11 SP1 (OES 11SP1)  and newer, lum does not use the .der certs in /var/lib/novell-lum/.   Instead it uses the common OES certificates located in /etc/opt/novell/certs/.  If these certificates are expired, restart eDirectory to rekey expired certificates.  Rename or delete the certificates before restarting eDirectory if you want to verify the certificates are created and re-keyed or look at the expiration date of the certificates.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:3401691
  • Creation Date:25-MAR-08
  • Modified Date:29-JUL-14
    • NovellOpen Enterprise Server

Did this document solve your problem? Provide Feedback