Bug 739909 - [IPA] ERROR LDAP Error : Can't contact LDAP Server
Summary: [IPA] ERROR LDAP Error : Can't contact LDAP Server
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.1
Hardware: i686
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks: 752181
TreeView+ depends on / blocked
 
Reported: 2011-09-20 11:49 UTC by Frederic Hornain
Modified: 2011-11-08 18:28 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 752181 (view as bug list)
Environment:
Last Closed: 2011-10-06 14:55:24 UTC


Attachments (Terms of Use)

Description Frederic Hornain 2011-09-20 11:49:49 UTC
Description of problem:
Well, this morning, I did an update of my ipa server in regards of the problem I encountered few month ago about glibc security issue which create problem with IPA.

So, now I am currently using the following recent version of IPA on my IPA Server - See below - and IPA CLIENT on another machine -See below -

And I tried to register my client -ipa-client-install- then I had the following error message :
root  :ERROR LDAP Error : Can't contact LDAP Server:
Failed to verify that ipa.redhat.local is an IPA Server.
This may mean that the remote server is not up or is not reachable due to network or firewall settings.

Believe me, I double check that and it was not the real problem.

Indeed, I looked in the 389 ds config file - /etc/dirsrv/slapd-YOUR_KRB5_DOMAIN/dse.ldif - to see what has changed between the previous installation and the new one and I noticed that the following paramater had changed.

nsslapd-port 0
nsslapd-security: off

So I set the original values which was

nsslapd-port 389
nsslapd-security: on

cause I am almost sure that IPA is not currently using 689 port.

and the IPA client installation worked

So I assume this is a bug in the new IPA release.


Version-Release number of selected component (if applicable):
IPA SERVER
ipa-client-2.0.0-23.el6_1.2.x86_64
ipa-server-selinux-2.0.0-23.el6_1.2.x86_64
ipa-pki-ca-theme-9.0.3-6.el6.noarch
ipa-python-2.0.0-23.el6_1.2.x86_64
ipa-admintools-2.0.0-23.el6_1.2.x86_64
ipa-server-2.0.0-23.el6_1.2.x86_64
ipa-pki-common-theme-9.0.3-6.el6.noarch


IPA CLIENT
How reproducible:


Steps to Reproduce:
1.Install IPA server on a machine
2. Install IPA Client machine on another server
3. and try to register your IPA client to the IPA Server.
  
Actual results:


Expected results:
IPA Client installation Complete

Additional info:

Comment 2 Dmitri Pal 2011-09-21 22:20:28 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1836

Comment 3 Dmitri Pal 2011-10-06 14:55:24 UTC
We think this issue was addressed in the later patch upstream in ticket https://fedorahosted.org/freeipa/ticket/1199. 
Closing as fixed upstream.


Note You need to log in before you can comment on or make changes to this bug.