739909 – [IPA] ERROR LDAP Error : Can't contact LDAP Server

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 739909 - [IPA] ERROR LDAP Error : Can't contact LDAP Server

Summary: [IPA] ERROR LDAP Error : Can't contact LDAP Server

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	6.1
Hardware:	i686
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	752181
TreeView+	depends on / blocked

Reported:	2011-09-20 11:49 UTC by Frederic Hornain
Modified:	2011-11-08 18:28 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	752181 (view as bug list)
Environment:
Last Closed:	2011-10-06 14:55:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Frederic Hornain 2011-09-20 11:49:49 UTC

Description of problem:
Well, this morning, I did an update of my ipa server in regards of the problem I encountered few month ago about glibc security issue which create problem with IPA.

So, now I am currently using the following recent version of IPA on my IPA Server - See below - and IPA CLIENT on another machine -See below -

And I tried to register my client -ipa-client-install- then I had the following error message :
root :ERROR LDAP Error : Can't contact LDAP Server:
Failed to verify that ipa.redhat.local is an IPA Server.
This may mean that the remote server is not up or is not reachable due to network or firewall settings.

Believe me, I double check that and it was not the real problem.

Indeed, I looked in the 389 ds config file - /etc/dirsrv/slapd-YOUR_KRB5_DOMAIN/dse.ldif - to see what has changed between the previous installation and the new one and I noticed that the following paramater had changed.

nsslapd-port 0
nsslapd-security: off

So I set the original values which was

nsslapd-port 389
nsslapd-security: on

cause I am almost sure that IPA is not currently using 689 port.

and the IPA client installation worked

So I assume this is a bug in the new IPA release.

Version-Release number of selected component (if applicable):
IPA SERVER
ipa-client-2.0.0-23.el6_1.2.x86_64
ipa-server-selinux-2.0.0-23.el6_1.2.x86_64
ipa-pki-ca-theme-9.0.3-6.el6.noarch
ipa-python-2.0.0-23.el6_1.2.x86_64
ipa-admintools-2.0.0-23.el6_1.2.x86_64
ipa-server-2.0.0-23.el6_1.2.x86_64
ipa-pki-common-theme-9.0.3-6.el6.noarch

IPA CLIENT
How reproducible:

Steps to Reproduce:
1.Install IPA server on a machine
2. Install IPA Client machine on another server
3. and try to register your IPA client to the IPA Server.

Actual results:

Expected results:
IPA Client installation Complete

Additional info:

Comment 2 Dmitri Pal 2011-09-21 22:20:28 UTC

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1836

Comment 3 Dmitri Pal 2011-10-06 14:55:24 UTC

We think this issue was addressed in the later patch upstream in ticket https://fedorahosted.org/freeipa/ticket/1199. 
Closing as fixed upstream.

Note You need to log in before you can comment on or make changes to this bug.