Wednesday, May 19, 2010

ldap_sasl_bind_s failed (-1)

slap_client_connect: URI=ldaps://ldap1.yahweh.net DN="uid=syncuser,cn=special,o=yahweh" ldap_sasl_bind_s failed (-1)

First thing, you should do whenever you get problems, setting appropriate log settings.

Add this to slapd.conf:

loglevel stats args trace sync


Restart slapd and watch the logs. Slapd writes logs to local4 channel
/usr/sbin/slapd2.4 -u ldap -g ldap -l LOCAL4 -s 0 -h ldap:/// ldaps:///

# added by openldap2.4-2.4.22 rpm Tue May 18 15:41:20 PDT 2010
local4.* -/var/log/ldap2.4/ldap.log

May 19 11:38:03 ldap1 slapd2.4[4671]: connection_read(13): checking for input on id=1003
May 19 11:38:03 ldap1 slapd2.4[4671]: connection_read(13): unable to get TLS client DN, error=49 id=1003


Ignore the part "unable to get TLS client". Instead, make sure your client does not check server cert. TLS_REQCERT = never

No comments: