# [administration] openldap configuration

## Zidge

Hi,

I have a little problem with my slapd conf, when I start it manually

```
/usr/lib/openldap/slapd
```

it starts ok, and is accessible (via phpldapadmin for example)

but when I launch it using the rc script, I can't reach it by phpldapadmin or even by an ldapsearch 

I always get (with -d 255)  a

```
ldap_connect_to_host: Trying 127.0.0.1:389

ldap_connect_timeout: fd: 3 tm: -1 async: 0

ldap_ndelay_on: 3

ldap_is_sock_ready: 3

ldap_is_socket_ready: error on socket 3: errno: 111 (Connection refused)

ldap_close_socket: 3

ldap_perror

ldap_bind: Can't contact LDAP server

```

logically, it would use the exact same config, so why is there a problem ?

thank for your advice

----------

## Koon

On my setup, here's what the rc-script does :

```
/usr/lib/openldap/slapd -- -u ldap -g ldap
```

So the difference in running just "/usr/lib/openldap/slapd" would be user/group settings. Try the above command directly to confirm that the problem lies in the user/group. Then crosscheck everything, like /etc/passwd and /etc/group contain ldap, etc...

-K

----------

## Gentoobie

I have the exact same problem.

ldap_new_socket: 3

ldap_prepare_socket: 3

ldap_connect_to_host: Trying 68.145.101.173:636

ldap_connect_timeout: fd: 3 tm: -1 async: 0

ldap_ndelay_on: 3

ldap_is_sock_ready: 3

ldap_is_socket_ready: error on socket 3: errno: 113 (No route to host)

ldap_close_socket: 3

ldap_perror

ldap_bind: Can't contact LDAP server

I checked the passwd and group and ldap exists.

----------

## Koon

 *Gentoobie wrote:*   

> I have the exact same problem.

 

No it's not. You get a "No route to host" while contacting what appears to be a distant host (68.148.101.173) while the poster above gets a "connection refused" while contacting localhost.

In your case, it's probably a network configuration problem (try pinging 68.148.101.173, it should not work either) or a ldap.conf problem (incorrect host setting).

-K

----------

## Gentoobie

Thanks, you right. I changed my slapd.conf to read suffix dc=localhost? Now I get this error

ldap_create

Enter LDAP Password:

ldap_bind_s

ldap_simple_bind_s

ldap_sasl_bind_s

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection

ldap_int_open_connection

ldap_connect_to_host: localhost

ldap_new_socket: 3

ldap_prepare_socket: 3

ldap_connect_to_host: Trying 127.0.0.1:636

ldap_connect_timeout: fd: 3 tm: -1 async: 0

ldap_ndelay_on: 3

ldap_is_sock_ready: 3

ldap_ndelay_off: 3

TLS trace: SSL_connect:before/connect initialization

tls_write: want=130, written=130

  0000:  80 80 01 03 01 00 57 00  00 00 20 00 00 16 00 00   ......W... .....

  0010:  13 00 00 0a 07 00 c0 00  00 66 00 00 07 00 00 05   .........f......

  0020:  00 00 04 05 00 80 03 00  80 01 00 80 08 00 80 00   ................

  0030:  00 65 00 00 64 00 00 63  00 00 62 00 00 61 00 00   .e..d..c..b..a..

  0040:  60 00 00 15 00 00 12 00  00 09 06 00 40 00 00 14   `...........@...

  0050:  00 00 11 00 00 08 00 00  06 00 00 03 04 00 80 02   ................

  0060:  00 80 e7 e6 21 d7 5f 0e  ec b7 1b e8 6a 42 64 4b   ....!._.....jBdK

  0070:  2d 10 bd d6 21 73 12 3f  7e 87 23 42 35 fb cb 77   -...!s.?~.#B5..w

  0080:  1c 60                                              .`

TLS trace: SSL_connect:SSLv2/v3 write client hello A

tls_read: want=7, got=7

  0000:  15 03 01 00 02 02 28                               ......(

TLS trace: SSL3 alert read:fatal:handshake failure

TLS trace: SSL_connect:error in SSLv2/v3 read server hello A

TLS: can't connect.

ldap_perror

ldap_bind: Can't contact LDAP server

        additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

The only thing I changed from gentoo's sample slapd.conf was that I  commented out the TLSCertificates because the server won't start unless I do. It says there optional. Everything else I left the same.

This is just to learn I'm trying to get the simplest config as possible and build from there. Thanks again.

----------

