On my client on pam authentication (libnss-ldap and libpam-ldap packages and configuration) there is a configuration which leads me to
nss_ldap: failed to bind to LDAP server ldapi://172.16.10.174/: Can't contact LDAP server
My server is started as followings (seems ldapi is available):
● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
Loaded: loaded (/etc/init.d/slapd; generated; vendor preset: enabled)
Active: active (running) since Thu 2018-10-04 09:40:14 -03; 8min ago
Docs: man:systemd-sysv-generator(8)
Process: 1026 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
Tasks: 3 (limit: 4915)
CGroup: /system.slice/slapd.service
└─1180 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
with ldap it works
ldapsearch -H ldap://172.16.10.174/ -b dc=myDomain,dc=local -x
but with ldapi no either on localhost or with a machine within the LAN:
ldapsearch -H ldapi://localhost:389 -b dc=solarity,dc=local -x
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)`
Shall I change the server's configuration to be able to connect with client as ldapi://
or change the client to authenticate with ldap://
??
- Client: Where is the configuration file in debian 9 of nssd so that I can change the protocol to ldap instead of ldapi?
- Server: If there is any sense of staying with ldapi protocol, how can I test it and configure the server to do what expects my client which seems to be (
ldapsearch -H ldapi://172.16.10.174/ -b dc=solarity,dc=local -x
doesn't work)
The
ldapi://
protocol is used to access the LDAP server through a filesystem socket, such as/var/run/ldapi
(this may be different for Debian, that's the default location on CentOS). As such, it only works if you're on the same host as the LDAP server itself.If you need to access the LDAP server from other machines, it's best to use either
ldap://
orldaps://
.According to wiki.debian.org/LDAP/NSS & wiki.debian.org/LDAP/PAM it should be
/etc/libnss-ldap.conf
and/etc/pam_ldap.conf
respectively