Troubleshooting LDAP Connections
This document (7010961) is provided subject to the disclaimer at the end of this document.
Environment
LDAP
NetIQ
Situation
- A server or application that communicates with an LDAP server is not functioning correctly; e.g.
- Slow
- Dropped communications
- Exceptions and errors
- What tools or commands can be used to troubleshoot the connection?
- ldapsearch gives errors using an SSL connection over port 636
- ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
- TLS certificate verification: Error, self signed certificate in certificate chain
- TLS trace: SSL3 alert write:fatal:unknown CA
- TLS trace: SSL_connect:error in SSLv3 read server certificate B
- TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)
- TLSv1 Record Layer: Alert (Level: Fatal, Description: Unknown CA)
Resolution
- Use an LDAP Browser such as Apache Directory Studio - http://directory.apache.org/studio - for example
- Use the Linux ldapsearch command
- See examples in the Additional Information section, below
- For full details refer to the man pages
Additional Information
TLS_REQCERT allow
- Unencrypted eDirectory
- ldapsearch -H ldap://red.lab.services.microfocus.com:389 -x -D "cn=admin,o=Lab" -w password -b "ou=Users,o=Lab" -s sub -a always "(objectClass=User)" cn
- Encrypted eDirectory
- ldapsearch -H ldaps://red.lab.services.microfocus.com:636 -x -D "cn=admin,o=Lab" -w password -b "ou=Users,o=Lab" -s sub -a always "(objectClass=User)" cn
- Unencrypted Active Directory
- ldapsearch -H ldap://blue.windom.lab.services.microfocus.com:389 -x -D "cn=Administrator,cn=users,DC=windom,DC=lab,DC=services,DC=microfocus,DC=com" -w password -b "CN=Users,DC=windom,DC=lab,DC=services,DC=microfocus,DC=com" -s sub -a always "(objectClass=User)" cn
- Encrypted Active Directory
- ldapsearch -H ldaps://blue.windom.lab.services.microfocus.com:636 -x -D "cn=Administrator,cn=users,DC=windom,DC=lab,DC=services,DC=microfocus,DC=com" -w password -b "CN=Users,DC=windom,DC=lab,DC=services,DC=microfocus,DC=com" -s sub -a always "(objectClass=User)" cn
Where-H host-D bind DN-w bind password (use -W to be prompted)-b base DN for search
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7010961
- Creation Date: 18-Oct-2012
- Modified Date:30-Dec-2021
-
- SUSE End of Life
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com