namcd cannot connect to LDAP server

  • 3401691
  • 25-Mar-2008
  • 13-Sep-2016

Environment

Novell Open Enterprise Server 1 (OES 1) Linux
Novell Open Enterprise Server 1 (OES 1) Support Pack 1 Linux
Novell Open Enterprise Server 1 (OES 1) Support Pack 2 Linux
Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 2 (OES 2) Support Pack 1 Linux

Situation

Error messages in /var/log/messages:
Sep 10 11:12:13 server1 /usr/sbin/namcd[10477]: ldap_initconn: LDAP bind failed, trying to connect to alternative LDAP server
Sep 10 11:12:13 server1 /usr/sbin/namcd[10477]: ldap_initconn: Unable to bind to alternative LDAP servers either.

or

Dec  7 15:31:12 server1 /usr/sbin/namcd[9999]: ldap_initconn: LDAP bind failed (error = [81]), trying to connect to alternative LDAP server
Dec  7 15:31:12 server1 /usr/sbin/namcd[9999]: nam_ldap_init(): retrieval of trusted root cert failed. Make sure you have LDAP server certificate in /var/lib/novell-lum directory.
Dec  7 15:31:12 server1 /usr/sbin/namcd[9999]: nss_ldap_init: Unable to get LDAP handle.
Dec  7 15:31:12 server1 /usr/sbin/namcd[9999]: ldap_initconn: Unable to bind to alternative LDAP servers either, error [226].

Resolution

In this example the server has IP address 10.10.10.10.
  1. Check in the /etc/nam.conf and verify that the preferred-server is pointing to the correct server. In this example the IP address is 10.10.10.10. If the IP address in the nam.conf file is incorrect, you need to change this to the correct IP address.
  2. With the following command, check if a connection to the ldap server can be established:
    /opt/novell/eDirectory/bin/ldapsearch -D CN=admin,o=novell -w novell -h 10.10.10.10 -p 636 -e /etc/opt/novell/certs/SSCert.der -b "" -s base
    • If this fails, follow the steps from TID 7007106 to properly configure ldaptrace.
      Then restart LDAP and see if there are any errors reported during it's startup.
      Note: If the server's certificates have been repaired/renewed recently, they will not be used by ldap until ldap has been restarted.
    • If this succeeds, ldap is working properly and the certificate for namcd should be re-imported from ldap.
      • Go into the /var/nam directory. In this directory, you should find a file called .10.10.10.10.der
        (
        On previous versions of novell-lum the directory is /var/lib/novell-lum)
      • Create a backup copy using: mv .10.10.10.10.der .10.10.10.10.der.bak
      • Using namconfig -k, a new .10.10.10.10.der will be created
  3. Then restart namcd deamon and refresh the local cache with:
    namconfig cache_refresh

Additional Information

For Open Enterprise Server 2 the .der file can be found in /var/lib/novell-lum/
For Open Enterprise Server 2 the ldapsearch tool can be found in /opt/novell/eDirectory/bin