[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: using ldap as heimdal backend
> > With proper access control lists defined in ldap configuration the risk
> > is minimal. The LDAP connection is realized over a UNIX domain socket,
> > so Heimdal and LDAP server must run on the same host.
> > Recomended reading:
> > http://www.padl.com/Research/Heimdal.html
> This is the document I am trying to use and having problems. Any
> attempts to connect result in "Can't contact LDAP server". Thought I
> would check here that what I have setup is correct:
> esmtp# ps -ax|grep ldap
> 14242 ?? Ss 3:44.68 /usr/local/libexec/slapd -h
> ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0:389/
> ldaps://0.0.0.0:636/ -u ldap
Just try running slapd -u ldap -h '"ldapi:/// ldap://....."'
Then check the socket -
[root@sardine init.d]# ls -l /var/run/ldapi
srwx------ 1 root root 0 Mar 29 07:34 /var/run/ldapi
[root@sardine init.d]# fuser -u /var/run/ldapi
/var/run/ldapi: 2299(root)
Where 2299 should be slapd, that will tell you if slapd is listening on
the socket.
If you "netstat -ap | grep slap" you should also see a line like -
unix 2 [ ACC ] STREAM LISTENING 2797
2299/slapd //var/run/ldapi
> esmtp# ldapsearch -H 'ldapi://lolhost/' -x
> ldap_bind: Can't contact LDAP server (81)
> Can I test connectivity this way? I
It should be "-H ldapi:///"