By: Andrej Simon user 01 Jun 2022 at 9:10 a.m. CDT

4 Responses
Andrej Simon gravatar
Greatings, this is my first installation of Gluu. I have used Ubuntu 20.04 LTS VM to install Gluu Server into it. The installation is fine and it works well. I can access the Gluu website. In the next step I wanted to use ldapsearch. I have installed default Ubuntu LDAP tools using apt. Unfortunately I have got this error: ldapsearch -h localhost -p 1636 -Z -X -D 'cn=directory manager' -w MyAdminPassword -b o=gluu -s sub "(uid=admin)" ldap_start_tls: Can't contact LDAP server (-1) ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) The same command works without any problem, if I log in into the Gluu container: root~# /sbin/gluu-serverd login Welcome to the Gluu Server! Last login: Wed Jun 1 13:38:53 2022 from 127.0.0.1 root# ldapsearch -h localhost -p 1636 -Z -X -D 'cn=directory manager' -w MyAdminPassword -b o=gluu -s sub "(uid=admin)" dn: inum=d1c83365-170b-402c-959f-43728e21c720,ou=people,o=gluu displayName: Default Admin User ... No firewall is enabled on this Ubuntu VM. root# systemctl status firewalld Unit firewalld.service could not be found. root# ufw status Status: inactive In the User Management Gluu documentation I have found, that I have to create a SSH tunnel. I have tried it but it didn't help. I have got the same error. $ ssh -fNL 5901:localhost:1636 root@192.168.7.56 <- IP-Address of Ubuntu VM with Gluu root@192.168.7.56's password: $ ldapsearch -h localhost -p 5901 -Z -X -D 'cn=directory manager' -w MyAdminPassword -b o=gluu -s sub "(uid=admin)" ldap_start_tls: Can't contact LDAP server (-1) ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Maybe I am creating SSH tunnel in the wrong place? In fact I have 3 possible places: On my workstation On the Ubuntu VM In the Container on the Ubuntu VM above Any ideas? I understand, that I can just log in into the container. But apparently others succeeded to use SSH tunnel for remote access of Gluu LDAP server. Regards, Andrej

By Mobarak Hosen Shakil staff 02 Jun 2022 at 11:01 p.m. CDT

Mobarak Hosen Shakil gravatar
In which VM, you have installed `LDAP tools`? As you are able to use `ldapsearch` from inside gluu container that means no problem with gluu OpenDJ itself. It's a connection problem between ubuntu and ldap. May be you can try **[Apache Directory Studio](https://directory.apache.org/studio/downloads.html)** to connect gluu opendj backend. Regards ~ Shakil

By Andrej Simon user 03 Jun 2022 at 8:12 a.m. CDT

Andrej Simon gravatar
I have used Ubuntu 20.04 LTS VM rkubgl02 for this installation. In this VM I have installed Gluu. I can connect to VM rkubgl02 like this: ssh root@rkubgl02. In the VM I have installed LDAP tools from Ubuntu repository (apt install ldap-tools). These are OpenLDAP tools. I have got the error above even if I connect to this tool locally from this VM. If I am locally on the VM, this means, that the port 1636 for instance is open. So I do not need any SSH tunnel. But ldapsearch still produces TLS connect error. So I have copied opendj certificate from the container and provided it to the VM. I have also set it in /etc/ldap/ldap.conf. But I still have got the errors. If I connect from the VM to container (/sbin/gluu-server login), then I use ldapsearch from the container. This works without any problems. So the problem is not with LDAP server itself. I assume, the problem with TLS certificate. Do you have any steps how to copy this certificate and set up /etc/ldap/ldap.conf file on Ubuntu? Regards, Andrej

By Andrej Simon user 04 Jun 2022 at 4:26 a.m. CDT

Andrej Simon gravatar
I have tried to use Apache Directory Studio. I have got the errors as well. Do I need to set up any files like /etc/ldap/ldap.conf or install certificates from Gluu server on the Ubuntu 20.04 LTS host, where I am going to run ldapsearch and Apache Directory Studio?

By Andrej Simon user 05 Jun 2022 at 3:26 a.m. CDT

Andrej Simon gravatar
Ok, I have managed to get Apache Directory Studio to work. But I can not still work with ldap tools (like ldapsearch) from Ubuntu. These tools are based on OpenLDAP. In fact I prefer to use command-line tools so that I could create some scripts. At the moment I have to do the following steps to call ldapsearch: 1. Connect to my workstation 2. Connect to VM with Gluu server: ssh root@rkubgl02 3. Switch into Gluu container: /sbin/gluu-serverd login 4. Use ldapsearch (from /opt/opendj/bin/ldapsearch) I would just prefer to use ldapsearch directly from my workstation without all these steps. My current steps are: Terminal 1: sudo su - ssh -fNL 5901:localhost:1636 root@192.168.7.57 Terminal 2: ldapsearch -Z -D 'cn=directory manager' -w Pwd -b o=gluu -s sub "(uid=admin)" -h localhost -p 5901 -X ldap_start_tls: Can't contact LDAP server (-1) ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) I have also tried -H ldap://localhost:5901 and -H ldaps://localhost:5901. Apache Active Directory uses the same tunnel without any problems. Any ideas how to use LDAP tools from Ubuntu 20.04 LTS official repository? Do I have to copy some certificates or change the default /etc/ldap/ldap.conf file? Regards, Andrej