[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using ldap as heimdal backend

> > With proper access control lists defined in ldap configuration the risk
> > is minimal. The LDAP connection is realized over a UNIX domain socket,
> > so Heimdal and LDAP server must run on the same host.
> > Recomended reading:
> > http://www.padl.com/Research/Heimdal.html
> This is the document I am trying to use and having problems. Any
> attempts to connect result in "Can't contact LDAP server". Thought I
> would check here that what I have setup is correct:
> esmtp# ps -ax|grep ldap
> 14242  ??  Ss     3:44.68 /usr/local/libexec/slapd -h
> ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://
> ldaps:// -u ldap

Just try running slapd -u ldap -h '"ldapi:/// ldap://....."'

Then check the socket -

[root@sardine init.d]# ls -l /var/run/ldapi
srwx------    1 root     root            0 Mar 29 07:34 /var/run/ldapi
[root@sardine init.d]# fuser -u /var/run/ldapi
/var/run/ldapi:       2299(root)

Where 2299 should be slapd, that will tell you if slapd is listening on
the socket.

If you "netstat -ap | grep slap" you should also see a line like -
unix  2      [ ACC ]     STREAM     LISTENING     2797  
2299/slapd          //var/run/ldapi

> esmtp# ldapsearch -H 'ldapi://lolhost/' -x
> ldap_bind: Can't contact LDAP server (81)
> Can I test connectivity this way? I 

It should be "-H ldapi:///"