Quanah, I set loglevel to 341 in slapd.conf (trace function calls, configuration file processing, and stats log connections/operations/results) and restarted slapd.
I then set local4.* to be written to /var/log/ldap.log and restarted syslogd. Could have just sent it a SIGHUP but used the sledge hammer. When a general user does an ldapsearch: ldapsearch -x -b 'cn=Harvey Snarkfarkel,ou=people,dc=localdomain' it completes successfully without having to enter a bind password. I think that is because I set it up to allow anyone to read. I'll work on being more secure later. When connecting to LDAP from phpldapadmin, with the Manager username and password, phpldapadmin works fine. I can even check the ldap user password without any problem through phpldapadmin. I then ran authconfig as follows: authconfig --enableldap --enableldaptls --ldapserver denali.sdc.cs.boeing.com --ldapbasedn dc=localdomain One thing I had to do running authconfig was create a pem file in /etc/openldap/cacerts. All I did there was to create a symbolic link: ls -la /etc/openldap/cacerts/ total 20 drwxr-xr-x 2 root root 4096 Aug 21 11:06 . drwxr-xr-x 4 root root 4096 Aug 21 15:32 .. lrwxrwxrwx 1 root root 23 Aug 21 11:06 CA.pem -> /usr/share/swamp/CA.pem Below are the entries added to /var/log/ldap.log when trying to ssh to this host as the ldap only user. What causes the ber_get_next failed errno=11 and TLS accept error? errno 11 is just a Try Again error. What resource would not be available? Aug 21 15:33:29 denali slapd[30178]: conn=0 fd=12 ACCEPT from IP=130.42.49.204:50462 (IP=0.0.0.0:389) Aug 21 15:33:29 denali slapd[30178]: connection_get(12): got connid=0 Aug 21 15:33:29 denali slapd[30178]: connection_read(12): checking for input on id=0 Aug 21 15:33:29 denali slapd[30178]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) Aug 21 15:33:29 denali slapd[30178]: do_extended Aug 21 15:33:29 denali slapd[30178]: send_ldap_extended: err=0 oid= len=0 Aug 21 15:33:29 denali slapd[30178]: send_ldap_response: msgid=1 tag=120 err=0 Aug 21 15:33:29 denali slapd[30178]: connection_get(12): got connid=0 Aug 21 15:33:29 denali slapd[30178]: connection_read(12): checking for input on id=0 Aug 21 15:33:29 denali slapd[30178]: connection_get(12): got connid=0 Aug 21 15:33:29 denali slapd[30178]: connection_read(12): checking for input on id=0 Aug 21 15:33:29 denali slapd[30178]: connection_read(12): TLS accept error error=-1 id=0, closing Aug 21 15:33:29 denali slapd[30178]: connection_closing: readying conn=0 sd=12 for close Aug 21 15:33:29 denali slapd[30178]: connection_close: conn=0 sd=12 Aug 21 15:33:29 denali slapd[30178]: conn=0 fd=12 closed Aug 21 15:34:29 denali slapd[30178]: conn=1 fd=12 ACCEPT from IP=130.42.49.204:50464 (IP=0.0.0.0:389) Aug 21 15:34:29 denali slapd[30178]: connection_get(12): got connid=1 Aug 21 15:34:29 denali slapd[30178]: connection_read(12): checking for input on id=1 Aug 21 15:34:29 denali slapd[30178]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) Aug 21 15:34:29 denali slapd[30178]: do_extended Aug 21 15:34:29 denali slapd[30178]: send_ldap_extended: err=0 oid= len=0 Aug 21 15:34:29 denali slapd[30178]: send_ldap_response: msgid=1 tag=120 err=0 Aug 21 15:34:29 denali slapd[30178]: connection_get(12): got connid=1 Aug 21 15:34:29 denali slapd[30178]: connection_read(12): checking for input on id=1 Aug 21 15:34:29 denali slapd[30178]: connection_read(12): TLS accept error error=-1 id=1, closing Aug 21 15:34:29 denali slapd[30178]: connection_closing: readying conn=1 sd=12 for close Aug 21 15:34:29 denali slapd[30178]: connection_close: conn=1 sd=12 Aug 21 15:34:29 denali slapd[30178]: conn=1 fd=12 closed Thanks for helping me get a clearer picture of what is happening. It was a big help. Now I just need to figure out how to follow the leads. Ideas on where to look and what to look for would be greatly appreciated. --- You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.