Hello Ondrej, if I get: --------------root@loadbalancer01:~# ldapsearch -x -D uid=repl-user,ou=users,dc=example,dc=net -W
Enter LDAP Password:
ldap_bind: Server is unavailable (52)
additional info: no connections available
--------------The log on the loadbalancer is showing: -------------Dez 04 14:19:33 loadbalancer01 slapd[883]: operation_init: received a new operation, bind request with msgid=1 for client connid=1 Dez 04 14:19:33 loadbalancer01 slapd[883]: request_bind: connid=1, msgid=1 no available connection found Dez 04 14:19:33 loadbalancer01 slapd[883]: operation_init: received a new operation, unbind request with msgid=2 for client connid=1 Dez 04 14:19:33 loadbalancer01 slapd[883]: handle_one_request: received unbind, closing client connid=1
------------- On the ldap-server I see, nothing in the log: Next thing I did was ldapsearch with "-d 3" and I got: ------------- TLS trace: SSL_connect:SSL negotiation finished successfully TLS trace: SSL_connect:SSL negotiation finished successfully TLS trace: SSL_connect:SSLv3/TLS read server session ticket tls_read: want=5, got=50000: 17 03 03 00 3f ....?
tls_read: want=63, got=630000: 15 70 78 36 2f bb aa 06 f3 34 d7 dc c7 40 c7 f1 .px6/....4...@.. 0010: a0 74 0c 31 20 5f 50 15 6a e9 33 55 10 8a 6d a1 .t.1 _P.j.3U..m. 0020: 29 ad 3a ba a8 1e d7 e8 72 e1 3d 17 5f c3 fe d0 ).:.....r.=._... 0030: 4a 94 08 e3 b5 cc 56 03 ac a1 f4 76 e9 30 31 J.....V....v.01
ldap_read: want=8, got=80000: 30 84 00 00 00 28 02 01 0....(..
ldap_read: want=38, got=380000: 01 61 84 00 00 00 1f 0a 01 34 04 00 04 18 6e 6f .a.......4....no 0010: 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 61 76 61 connections ava 0020: 69 6c 61 62 6c 65 ilable
ber_get_next: tag 0x30 len 40 contents:
ldap_find_request_by_msgid: msgid 1, lr 0x562310953bc0 lr->lr_refcnt = 1
read1msg: ld 0x56231090e7f0 msgid 1 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x56231090e7f0 0 new referrals
read1msg: mark request completed, ld 0x56231090e7f0 msgid 1
request done: ld 0x56231090e7f0 msgid 1
res_errno: 52, res_error: <no connections available>, res_matched: <>
ldap_return_request: lrx 0x562310953bc0, lr 0x562310953bc0
ldap_return_request: lrx->lr_msgid 1, lrx->lr_refcnt is now 0, lr is
still present
ldap_free_request (origid 1, msgid 1)
ldap_free_request_int: lr 0x562310953bc0 msgid 1 removed
ldap_do_free_request: asked to free lr 0x562310953bc0 msgid 1 refcnt 0
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_err2string
ldap_bind: Server is unavailable (52)
additional info: no connections available
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
tls_write: want=29, written=29
0000: 17 03 03 00 18 e8 81 d9 3d 8a 61 51 f0 8d 3d c8
........=.aQ..=.
0010: 93 9a c7 ef aa 3a 65 15 a5 d7 6f 97 66
.....:e...o.f
ldap_write: want=7, written=70000: 30 05 02 01 02 42 00 0....B.
tls_write: want=24, written=240000: 17 03 03 00 13 92 92 4f 5a b9 79 a9 b3 2b 3e 38 .......OZ.y..+>8 0010: 53 a2 03 7f 8f cf 85 76 S......v
TLS trace: SSL3 alert write:warning:close notify ldap_free_connection: actually freed ------------- i first tough it could be some TLS problem but as you see TLS is ok.Now I checked what I see on the both ldap-servers when restarting slapd, and I see nothing. So no connection is established for the proxy authentication on slapd start.
If I switch to slapd.conf it works fine on both ldap-servers. -------------Dez 04 14:27:20 provider02 slapd[501]: conn=1047 fd=21 ACCEPT from IP=192.168.56.24:59358 (IP=0.0.0.0:636) Dez 04 14:27:20 provider02 slapd[501]: conn=1047 fd=21 TLS established tls_ssf=256 ssf=256 tls_proto=TLSv1.3 tls_cipher=TLS_AES_256_GCM_SHA384 Dez 04 14:27:20 provider02 slapd[501]: conn=1047 op=0 BIND dn="uid=lloadd,ou=users,dc=example,dc=net" method=128 Dez 04 14:27:20 provider02 slapd[501]: conn=1047 op=0 BIND dn="uid=lloadd,ou=users,dc=example,dc=net" mech=SIMPLE bind_ssf=0 ssf=256
------------- There must be something wrong with the bind configuration. Stefan Am 04.12.23 um 11:52 schrieb Ondřej Kuzník:
On Mon, Dec 04, 2023 at 11:40:29AM +0100, Stefan Kania wrote:Hi to all, when I setup the loadbalancer lloadd via slapd.conf everything is working fine. Here my slapd.conf [...] As soon as I change to cn=config with the following configuration: [...] ----------------- The slapd is stating and with "ss -tlpn" I see port 1636 and 1389 as listen (next to 636 and 389) I git the following errormessage when I try to contect the ldap-server via the loadbalancer. ------------------- ldap_bind: Server is unavailable (52) additional info: no connections available ------------------- Did I miss sommthing? I also try to translate the working slapd.conf with slaptest, but the result is the same.Hi Stefan, the configurations certainly look equivalent, but no connections to provider1/2 are being established ("no connections available" to use), can you see any errors in the logs that would show why that is? Regards,
-- Stefan Kania Landweg 13 25693 St. MichaelisdonnSignieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html
smime.p7s
Description: Kryptografische S/MIME-Signatur
