Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-12-05 Thread Turbo Fredriksson
hosts, principals and host keys etc, but if I talk to the load balancer: ----- s n i p - ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) - s n i p - Now, this usually works “after a few hours” if I just leave it alone. This particular server is proving to be very obstinate.. signature.asc Description: Message signed with OpenPGP

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-12-05 Thread Turbo Fredriksson
On 3 Dec 2017, at 20:44, Bill MacAllister wrote: > For Kerberos the problem is in Cyrus SASL and is true for all load balancers. > Indeed it is true for any system that has more than one > name. SASL checks the name that the connection was made to and if they don't >

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-12-05 Thread Bill MacAllister
On Sunday, November 19, 2017 9:09:50 AM PST, Turbo Fredriksson wrote: Have anyone tried running OpenLDAP behind HAProxy? Anything special one needs to do? For Kerberos the problem is in Cyrus SASL and is true for all load balancers. Indeed it is true for any system that has more than one

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-11-20 Thread Turbo Fredriksson
On 20 Nov 2017, at 11:06, Clément OUDOT wrote: > 2017-11-20 11:59 GMT+01:00 Turbo Fredriksson : >> You’ve never had the issue I’m having? Or heard about it? > > No but I don't use Kerberos authentication. Ok, thanx for the info!! signature.asc

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-11-20 Thread Clément OUDOT
2017-11-20 11:59 GMT+01:00 Turbo Fredriksson : > You’ve never had the issue I’m having? Or heard about it? No but I don't use Kerberos authentication.

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-11-20 Thread Turbo Fredriksson
On 20 Nov 2017, at 08:07, Clément OUDOT wrote: > 2017-11-19 18:09 GMT+01:00 Turbo Fredriksson : > >> Have anyone tried running OpenLDAP behind HAProxy? > > I do this often, without any particular issue. Ok, thanx. I thought so :(. I might be running an

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-11-20 Thread Clément OUDOT
2017-11-19 18:09 GMT+01:00 Turbo Fredriksson : > Have anyone tried running OpenLDAP behind HAProxy? Anything special > one needs to do? I do this often, without any particular issue. If you use LDAPS, you can add option ssl-hello-chk. Here is a sample configuration file:

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-11-19 Thread Turbo Fredriksson
On 19 Nov 2017, at 16:59, Michael Ströder wrote: > Note that ldap_initialize() does not really open the connection. Yes, that I knew. But it does work in the ldap_connect_to_host() at the beginning, it’s just the ldap_sasl_interactive_bind_s() a few microseconds later that

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-11-19 Thread Michael Ströder
Turbo Fredriksson wrote: > I tried all day yesterday, and I could do the initial connection, but > not get any results: > > ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) > > I see the connection in syslog on the LDAP server, but don’t get any >

ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-11-19 Thread Turbo Fredriksson
them as a whole/group.. I tried all day yesterday, and I could do the initial connection, but not get any results: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) I see the connection in syslog on the LDAP server, but don’t get any results back. Now, first thing I did