# ldap configuration problem

## Peetersb

I followed the "Gentoo Linux Documentation -- Gentoo Guide to OpenLDAP Authentication.htm" to setup ldap however I got stuck at the last part of section 2 testing the slapd deamon

```
ldapsearch -D "cn=Manager,dc=appeltaart,dc=org" -W -d 255

```

I get the following error message:

```
ldap_create

Enter LDAP Password: 

ldap_bind_s

ldap_simple_bind_s

ldap_sasl_bind_s

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection

ldap_int_open_connection

ldap_connect_to_host: auth.appeltaart.org

ldap_connect_to_host: getaddrinfo failed: Name or service not known

ldap_perror

ldap_bind: Can't contact LDAP server
```

For me it's unclear and that's probably the cause of the problem how the server should know how to respond to requests sent to auth.appeltaart.org?

My /etc/openldap/ldap.conf file looks like:

```
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt$

#

# LDAP Defaults

#

# See ldap.conf(5) for details

# This file should be world readable but not world writable.

BASE    dc=appeltaart, dc=org

URI     ldaps://auth.appeltaart.org:636/

#SIZELIMIT      12

#TIMELIMIT      15

#DEREF          never
```

My /etc/openldap/slapd.conf file looks like:

```
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Ex$

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

# use crypt to hash the passwords

password-hash {crypt}

# Define SSL and TLS properties (optional)

#TLSCertificateFile /etc/ssl/ldap.pem

#TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem

#TLSCACertificateFile /etc/ssl/ldap.pem

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules:

# modulepath    /usr/lib/openldap/openldap

# moduleload    back_ldap.la

# moduleload    back_ldbm.la

# moduleload    back_passwd.la

# moduleload    back_shell.la

#

# Sample Access Control

#       Allow read access of root DSE

#       Allow self write access

#       Allow authenticated users read access

#       Allow anonymous users to authenticate

#

#access to dn="" by * read

#access to *

#       by self write

#       by users read

#       by anonymous auth

#

#

# if no access controls are present, the default is:

#       Allow read by all

#

# rootdn can always write!

#######################################################################

# ldbm database definitions

#######################################################################

database        ldbm

suffix          "dc=appeltaart,dc=org"

#suffix         "o=My Organization Name,c=US"

rootdn          "cn=Manager,dc=appeltaart,dc=org"

#rootdn         "cn=Manager,o=My Organization Name,c=US"

# Cleartext passwords, especially for the rootdn, should

# be avoid.  See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

rootpw          {MD5}xxxxxxxxxxxxxxxxxxxxx==

#rootpw          secret

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd/tools. Mode 700 recommended.

directory       /var/lib/openldap-ldbm

# Indices to maintain

index   objectClass     eq

```

My /etc/conf.d/slapd file looks like:

```
# conf.d file for the openldap-2.1 series

#

# To enable both the standard unciphered server and the ssl encrypted

# one uncomment this line or set any other server starting options

# you may desire.

#

OPTS="-h ldaps:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock"

```

and my host file looks like:

```

# /etc/hosts:  This file describes a number of hostname-to-address

#              mappings for the TCP/IP subsystem.  It is mostly

#              used at boot time, when no name servers are running.

#              On small systems, this file can be used instead of a

#              "named" name server.  Just add the names, addresses

#              and any aliases to this file...

# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/hosts,v 1.7 2002/11/18 19:39:22 az

arah Exp $

#

127.0.0.1          localhost  server.appeltaart.org

192.168.23.5     server     server.appeltaart.org
```

rc-update show gives the following result:

```

             apache2 |      default           

         authdaemond |                        

            bootmisc | boot                   

             checkfs | boot                   

           checkroot | boot                   

               clock | boot                   

         consolefont | boot                   

       courier-imapd |                        

   courier-imapd-ssl |                        

       courier-pop3d |                        

   courier-pop3d-ssl |                        

         crypto-loop |                        

               cupsd |                        

          domainname |      default           

              hdparm |                        

            hostname | boot                   

             keymaps | boot                   

                krb5 |                        

               local |      default nonetwork 

          localmount | boot                   

             metalog |      default           

             modules | boot                   

               mysql |                        

               named |      default           

            net.eth0 |      default           

              net.lo | boot                   

            netmount |      default           

                nscd |                        

          ntp-client |                        

                ntpd |                        

             numlock |                        

             portmap |      default           

             postfix |                        

             pwcheck |                        

           rmnologin | boot                   

              rsyncd |                        

               samba |      default           

           saslauthd |                        

              serial | boot                   

               slapd |      default           

              slurpd |                        

                sshd |      default           

              switch |                        

             urandom | boot                   

               vcron |      default           

             winbind |                        

                 xdm |                        

                 xfs | 
```

----------

## augustwest

I am getting the same thing, make sure you post if you solve this issue.

----------

## waverider202

ldapsearch defaults to try to connect using sasl.  Put a -x for a simple bind.  You may need a -Z for TLS.  With sasl, if it can't make a sasl connection, it will fail instead of failing over to a simple bind.

----------

## larryn

It can't get your hostname. Either put your hostname and ip in /etc/hosts or run local dns. If you could ping auth.appeltaart.org from the same box then that error will go away.

----------

## L1A

Yes that fixed it for me.  I needed to add an additional alias in /etc/hosts for auth.myhost.com.  In addition to myhost.com and myhost.  So it looks like this... 

192.168.0.55     myhost.com     auth.myhost.com     myhost

Stupid computers.

----------

