Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Apache LDAP problem after SP6

Status
Not open for further replies.
organman

organman

MIS
May 12, 2004
109
SE
After installing SP6 on a NW 6.5 SP3 server I get this message on the server console and the Apache 2.0.59 screen:

LDAP initialization failed, Check LDAP and restart apache.
LDAP initialization failed.
Configured LDAP was found ready for use.
NIF CertHandler: Root certificate file for master ldap not found, requesting a new one from server.
NIF CertHandler: # Root Certs=1.
NIF CertHandler: Retrieved certificate of size=1321.
*MASTER[sh01.gruintra.net][-1] ldap_simple_bind : Can't contact LDAP server(81)
ldap *MASTER[sh01.gruintra.net] down

This messages repeat over and over again.

What is the problem here and how to resolve this ?

 
Sort by date Sort by votes
It might not have anything to do with the service pack.. Looks like you are having a certificate problem, which could mean your certs are expired. Default certs expire after 2 years and have to be regenerated.

There are many ways to see that LDAP isn't working securely.. Turn on an LDAP trace and then unload and reload nldap.nlm. You can also look in TCPCON. If LDAP isn't running securely, you won't see port 636 open.

You can run PKIDIAG --> Login --> 4, 0 to fix most certificate issues, but pay attention to errors and troubleshoot further. Once you do this, reload NLDAP.NLM. might be easier to just reboot the server though cause several services rely on certificates.

Marvin Huffaker, MCNE
 
Upvote 0 Downvote
I can't see port 636 open in TCPCON and in LDAP trace
this is seen, repeting over and over again:

LDAP server config version 8 does not match executable config version 8

Starting dynamic upgrade
Dynamically upgrading LDAP server object
Failed to set value '8.7.3.9' in attribute 'Version' on LDAP Server object 'CN=LDAP Server - SH01\OU=ADM\O=KOMMUN' in UpgradeLDAPServerObject, err = no access (-672)

Could not complete dynamic upgrade, err = no access (-672)
Could not validate Group in ReadConfigFromDS, err = no access (-672)
Could not update server configuration, err = no access (-672)

Any ideas on this ?

 
Upvote 0 Downvote
Problem resolved thanks to the hints from marvhuffaker !

I found TID 10092214, see below, and indeed I did have a rights problem wich this TID solves.

cause
The NCP Server object associated with the LDAP Server and Group objects does not have the appropriate trustee assignments.

fix
Add the NCP Server object as a trustee of both the LDAP Server and Group objects. The Server should be assigned Supervisor Entry and Attribute rights.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sebastian42
  • Question
Possibly a timing problem
Replies
0
Views
368
Sebastian42
Sebastian42
wavestar69
  • Locked
  • Question
Trouble starting WinFrame 1.7 after replacing server
Replies
0
Views
130
wavestar69
wavestar69
joemamps
  • Locked
  • Question
Netware 5 slow btrieve transaction after nw50sp6a update.
Replies
1
Views
129
Provogeek
Provogeek
badger007
  • Locked
  • Question
simh vax openvms editor problem
Replies
1
Views
127
badger007
badger007
bembden
  • Locked
  • Question
Cannot access Citrix portal after government update
Replies
0
Views
77
bembden
bembden

Part and Inventory Search

Sponsor

Back
Top