LDAP is not listening on TLS and TCP ports, when loading eDirectory.

  • 3308688
  • 05-Feb-2008
  • 01-Feb-2019

Environment

Novell eDirectory 8.8 for Linux
Novell eDirectory 8.7.3 for Linux

Situation

When starting eDirectory on Linux the LDAP ports do not load properly. Message is displayed during start of ndsd that the TCP and TLS ports are not listening.

Novell eDirectory LDAP Server TCP port is not listening.
Novell eDirectory LDAP Server TCP port is not listening.

Resolution

There are a couple of known causes for this message and LDAP not working:
  1. The IP address in /etc/opt/novell/eDirectory/conf/nds.conf does not match a valid IP address of the server.
    In this scenario, you will need to:
    - check the valid IP addresses on the server and compare them to the nds.conf file,
    - correct the wrong one, and
    - either restart ndsd or restart the entire server
  2. Insure there is *not* an alias in /etc/hosts assigning the real hostname of the device (as opposed to 'localhost') to a loopback IP address.
    See Additional information section for more information.
  3. This server is running a relatively large DIB and this message is cosmetic.
    See the Additional Information section for more information.
  4. Verify that the OpenLDAP Server is not configured on the server and using the same ports.   If so, either change the ports that eDirectory LDAP is using, or disable the Open LDAP Server.
 

Additional Information

For hostname alias to loopback address:
The eDirectory 8.8.x Readme mentions this issue in section 2.7. Be sure that the names associated with loopback addresses are not the hostname or preferred server names which should be associated with the machine's real IP address.

For servers with relatively large DIBs:
These messages may be purely cosmetic. Large DIB sizes can causes this.  It just takes longer for LDAP to become available when loading those databases.
These messages are generated from the /etc/init.d/nldap script. Some customers with large databases will choose to remark out the section responsible for generating these errors.

If you are using a proxy user make sure that address restrictions are not assigned to that LDAP Proxy user as these errors will cause this message.

 Another cause of this message is when an LDAP proxy user is associated with the LDAP group and it has a non-null password.