LDAP Connection Refused

By: Mahadevan Anandhan user 08 Jan 2021 at 1:49 p.m. CST

5 Responses
Mahadevan Anandhan gravatar
Occuring 503 service unavailable error when access https://hostname/identity/. It was working perfectly before restarted the server. got below error in oxtrust-persistence.log file com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to connect to server localhost:1636: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server localhost/127.0.0.1:1636: ConnectException(**message='Connection refused (Connection refused**)', trace='socketConnect(PlainSocketImpl.java:native) / doConnect(AbstractPlainSocketImpl.java:350) / connectToAddress(AbstractPlainSocketImpl.java:206) / connect(AbstractPlainSocketImpl.java:188) / connect(SocksSocketImpl.java:392) / connect(Socket.java:589) / run(ConnectThread.java:146)', revision=24201)') 1.ldap service is listening (1636) in netstat command 2.I am able to connect ldap through ldap admin tool using reverse tunnel. 3.Getting result when querying ldap using ldapseach in localhost. so ldap service is performing good. did comment below lines in /etc/gluu/conf/ox-ldap.properties #ssl.trustStoreFile: /etc/certs/openldap.pkcs12 #ssl.trustStorePin: aeslInszE01e0s9fzs32fcJw== #ssl.trustStoreFormat: pkcs12 still getting 503 error. Please help me to fix this issue
Ubuntu 16.04
closed

Answers

By Mobarak Hosen Shakil staff 08 Jan 2021 at 2:15 p.m. CST

Copy
Mobarak Hosen Shakil gravatar
Hi Mahadevan Anandhan! Thanks for reaching out at Gluu. Please login inside of gluu server then restart `identity`: ``` /sbin/gluu-serverd-3.1.2 login systemctl restart identity ``` then check from browser is it working or not. Thanks & Regards ~ Shakil

By Mahadevan Anandhan user 08 Jan 2021 at 7:13 p.m. CST

Copy
Mahadevan Anandhan gravatar
@Mobarak Hosen.Shakil. not working after restart the identity service. Restarted all gluu services and server. service status is running for all Gluu service. but getting the same error. See my error details in my initial post.

By Mahadevan Anandhan user 10 Jan 2021 at 2:22 a.m. CST

Copy
Mahadevan Anandhan gravatar
Experts, Any solution to this issue?

By Mobarak Hosen Shakil staff 11 Jan 2021 at 9:15 a.m. CST

Copy
Mobarak Hosen Shakil gravatar
Hi Can you please share `oxtrust.log, oxauth.log` and a screenshot on error page?

By Mahadevan Anandhan user 11 Jan 2021 at 9:25 a.m. CST

Copy
Mahadevan Anandhan gravatar
LDAP certificate was expired. Fixed this issue after renewing it using the below commands, thanks for your reply Mobarak Hosen Shakil. export PASS=test /usr/bin/openssl genrsa -des3 -out /etc/certs/openldap.key.orig -passout pass:$PASS 2048 /usr/bin/openssl rsa -in /etc/certs/openldap.key.orig -passin pass:$PASS -out /etc/certs/openldap.key /usr/bin/openssl req -new -key /etc/certs/openldap.key -out /etc/certs/openldap.csr -subj /C=US/ST=LR/L=ArC/O=Gluu/CN=localhost/emailAddress=admin@goodgrid.com /usr/bin/openssl x509 -req -days 1365 -in /etc/certs/openldap.csr -signkey /etc/certs/openldap.key -out /etc/certs/openldap.crt /bin/chown ldap:ldap /etc/certs/openldap.key /etc/certs/openldap.crt /bin/chmod 440 /etc/certs/openldap.key /etc/certs/openldap.crt /opt/jre/bin/keytool -delete -alias mydomain.com_openldap -keystore /opt/jre/jre/lib/security/cacerts -storepass changeit -noprompt /opt/jre/bin/keytool -import -trustcacerts -alias mydomain.com_openldap -file /etc/certs/openldap.crt -keystore /opt/jre/jre/lib/security/cacerts -storepass changeit -noprompt /usr/bin/openssl pkcs12 -export -inkey /etc/certs/openldap.key -in /etc/certs/openldap.crt -out /etc/certs/openldap.pkcs12 -name mydomain.com -passout pass:$PASS /bin/chown jetty:jetty /etc/certs/openldap.pkcs12 /bin/chmod 440 /etc/certs/openldap.pkcs12 cat /etc/certs/openldap.crt /etc/certs/openldap.key > openldap.pem /bin/chown ldap:ldap /etc/certs/openldap.pem /bin/chmod 440 /etc/certs/openldap.pem /opt/gluu/bin/encode.py $PASS GiTR2gm2MPA= update ssl details in below file /etc/gluu/conf/ox-ldap.properties service solserver restart && service oxauth restart && service identity restart

Post an answer