I'm setting up OpenLDAP on a virtual machine running Ubuntu 20.04 LTS following this https://computingforgeeks.com/install-and-configure-openldap-server-ubuntu/ guide.
Step 1 (changing hostname) and 2 (adjusting /etc/hosts) are fine, but I cannot ldapadd or otherwise interact with ldap (ldapwhoami), as this results in the following errors:
Enter LDAP Password:
ldap_result: Can't contact LDAP server (-1)
root@ldap-blubb:~# ldapwhoami
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
root@ldap-blubb:~# less /etc/hosts
127.0.0.1 localhost
155.5.66.555 ldap-blubb.uni-place.de
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ufw is configured such (so it shouldn't be the firewall) -- output of ufw status includes:
OpenLDAP LDAP ALLOW Anywhere
389/tcp ALLOW Anywhere
OpenLDAP LDAP (v6) ALLOW Anywhere (v6)
389/tcp (v6) ALLOW Anywhere (v6)
I was thinking it could be the SSL certificates or the firewall, since I get no reply from the server, although it is initially reached:
root@ldap-blubb:~# openssl s_client -showcerts -connect ldap-blubb.uni-place.de:389
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 323 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
as I get
root@ldap-blubb:~# ldapsearch -x -d 1
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 14 bytes to sd 3
ldap_result ld 0x555815838970 msgid 1
wait4msg ld 0x555815838970 msgid 1 (infinite timeout)
wait4msg continue ld 0x555815838970 msgid 1 all 1
** ld 0x555815838970 Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Mon Apr 25 08:32:02 2022
** ld 0x555815838970 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x555815838970 request count 1 (abandoned 0)
** ld 0x555815838970 Response Queue:
Empty
ld 0x555815838970 response count 0
ldap_chkResponseList ld 0x555815838970 msgid 1 all 1
ldap_chkResponseList returns ld 0x555815838970 NULL
ldap_int_select
read1msg: ld 0x555815838970 msgid 1 all 1
ber_get_next
ldap_err2string
ldap_result: Can't contact LDAP server (-1)
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_free_connection: actually freed
Insights are welcome.
Edit: Authentication via plain text fails (which is probably good, but how to change?):
root@ldap-blubb:~# ldapwhoami -x -D cn=admin,dc=example,dc=com -W
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
root@ldap-blubb:~# ldapwhoami -Y EXTERNAL -H ldapi:/// -Q
dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth