LDAP stopped responding but on

NethServer Version: NethServer release 7.6.1810 (final)
Module: Base

Hi all,

I have a NS on a VPS (so, single network interface, green, with firewall rules/fail2ban in front of it) which should do authentication/authorization with LDAP through VPN to another machine. I used OpenVPN package available from the Software Center and configured a roadwarrior client for the other machine. The other client is connected fine and is able to use all the NS services.

I tried to configure the LDAP client on a NextCloud instance on the “client” VPS which worked for some time then stopped.

I narrowed down the problem with the following:

[root@ciccio ~]# ldapsearch -x -W -D 'uid=bindonly,ou=People,dc=directory,dc=nh' -b "ou=People,dc=directory,dc=nh" -h > /dev/null
Enter LDAP Password: 
[root@ciccio ~]# echo $?

[root@ciccio ~]# ldapsearch -x -W -D 'uid=bindonly,ou=People,dc=directory,dc=nh' -b "ou=People,dc=directory,dc=nh" -h > /dev/null
Enter LDAP Password: 
ldap_bind: Invalid credentials (49)
[root@ciccio ~]# echo $?

As you may see, the first one works fine while pointing to, the second one fails with an error which is quite generic. I googled the error, finding a lot of people having problems loading the wrong slapd.conf file, which is not provided anymore and thus is not the issue.

I don’t have any clue. I tried checking in /var/log/messages (no results), on an eventual /var/log/slapd.log (but finding nothing), running slapd in debug mode (and here’s an extract of what I obtained with the first and then with the second commands:

5c27b4ec >>> dnPrettyNormal: <uid=bindonly,ou=People,dc=directory,dc=nh>
5c27b4ec <<< dnPrettyNormal: <uid=bindonly,ou=People,dc=directory,dc=nh>, <uid=bindonly,ou=people,dc=directory,dc=nh>
5c27b4ec do_bind: version=3 dn="uid=bindonly,ou=People,dc=directory,dc=nh" method=128
5c27b4ec bdb_dn2entry("uid=bindonly,ou=people,dc=directory,dc=nh")
5c27b4ec do_bind: v3 bind: "uid=bindonly,ou=People,dc=directory,dc=nh" to "uid=bindonly,ou=People,dc=directory,dc=nh"
5c27b4ec send_ldap_result: conn=1003 op=0 p=3
5c27b4ec send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 18
5c27b4ec connection_get(18): got connid=1003
5c27b4ec connection_read(18): checking for input on id=1003

5c27b548 >>> dnPrettyNormal: <uid=bindonly,ou=People,dc=directory,dc=nh>
5c27b548 <<< dnPrettyNormal: <uid=bindonly,ou=People,dc=directory,dc=nh>, <uid=bindonly,ou=people,dc=directory,dc=nh>
5c27b548 do_bind: version=3 dn="uid=bindonly,ou=People,dc=directory,dc=nh" method=128
5c27b548 bdb_dn2entry("uid=bindonly,ou=people,dc=directory,dc=nh")
5c27b548 send_ldap_result: conn=1005 op=0 p=3
5c27b548 send_ldap_response: msgid=1 tag=97 err=49
ber_flush2: 14 bytes to sd 18
5c27b548 connection_get(18): got connid=1005
5c27b548 connection_read(18): checking for input on id=1005

I really don’t know how to debug more this one :confused: ).

I’ve already checked inside “Network services” and slapd is enabled on green interface, and also ss explains that it is listening on any addresses on the same machine.

Any ideas/clues?

Could it be TLS connection requirement?

Authenticated binds are granted to TLS protected connections, or connections from


  -Z[Z]  Issue StartTLS (Transport Layer Security) extended operation. If
         you use -ZZ, the  command  will  require  the  operation  to  be
sudo -u apache scl enable rh-php71 -- php -dmemory_limit=512M /usr/share/nextcloud/occ ldap:show-config s01
sudo -u apache scl enable rh-php71 -- php -dmemory_limit=512M /usr/share/nextcloud/occ ldap:set-config s01 ldapTLS 1
# only if needed:
sudo -u apache scl enable rh-php71 -- php -dmemory_limit=512M /usr/share/nextcloud/occ ldap:set-config s01 turnOffCertCheck 1

Thanks, this effectively solved the issue.

I would like to know more on the hint you found: where you found it? I tried to search for the official documentation, but didn’t read it.

Thanks again, regards,

In the developer manual.

1 Like