OpenLDAP设置在“ ldap_result:can can contact ldap server(-1)”上失败。
我要在运行Ubuntu 20.04 lts的虚拟机上设置OpenLDAP,此后指南。
步骤1(更改主机名)和2(调整 /etc /主机)很好,但是我不能ldapadd或其他与LDAP(ldapwhoami)进行交互,因为这会导致以下错误:
Enter LDAP Password:
ldap_result: Can't contact LDAP server (-1)
root@ldap-blubb:~# ldapwhoami
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
root@ldap-blubb:~# less /etc/hosts
127.0.0.1 localhost
155.5.66.555 ldap-blubb.uni-place.de
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
UFW是这样的(因此不应该是防火墙) - UFW状态的输出包括:
OpenLDAP LDAP ALLOW Anywhere
389/tcp ALLOW Anywhere
OpenLDAP LDAP (v6) ALLOW Anywhere (v6)
389/tcp (v6) ALLOW Anywhere (v6)
我认为它可能是SSL证书或防火墙,因为我没有从服务器上得到任何答复,尽管最初可以达到:
root@ldap-blubb:~# openssl s_client -showcerts -connect ldap-blubb.uni-place.de:389
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 323 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
我获得
root@ldap-blubb:~# ldapsearch -x -d 1
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 14 bytes to sd 3
ldap_result ld 0x555815838970 msgid 1
wait4msg ld 0x555815838970 msgid 1 (infinite timeout)
wait4msg continue ld 0x555815838970 msgid 1 all 1
** ld 0x555815838970 Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Mon Apr 25 08:32:02 2022
** ld 0x555815838970 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x555815838970 request count 1 (abandoned 0)
** ld 0x555815838970 Response Queue:
Empty
ld 0x555815838970 response count 0
ldap_chkResponseList ld 0x555815838970 msgid 1 all 1
ldap_chkResponseList returns ld 0x555815838970 NULL
ldap_int_select
read1msg: ld 0x555815838970 msgid 1 all 1
ber_get_next
ldap_err2string
ldap_result: Can't contact LDAP server (-1)
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_free_connection: actually freed
因此,欢迎
见解。编辑:通过纯文本的身份验证失败(可能很好,但是如何更改?):
root@ldap-blubb:~# ldapwhoami -x -D cn=admin,dc=example,dc=com -W
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
root@ldap-blubb:~# ldapwhoami -Y EXTERNAL -H ldapi:/// -Q
dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论