LDAP is not listening on TLS and TCP ports, when loading eDirectory.

  • 3308688
  • 05-Feb-2008
  • 21-Jun-2016


Novell eDirectory 8.8 for Linux
Novell eDirectory 8.7.3 for Linux


When starting eDirectory on Linux the LDAP ports do not load properly. Message is displayed during start of ndsd that the TCP and TLS ports are not listening.

Novell eDirectory LDAP Server TCP port is not listening.
Novell eDirectory LDAP Server TCP port is not listening.


There are a couple of known causes for this message and LDAP not working:
  1. The IP address in /etc/opt/novell/eDirectory/conf/nds.conf does not match a valid IP address of the server.
    In this scenario, you will need to:
    - check the valid IP addresses on the server and compare them to the nds.conf file,
    - correct the wrong one, and
    - either restart ndsd or restart the entire server
  2. Insure there is *not* an alias in /etc/hosts assigning the real hostname of the device (as opposed to 'localhost') to a loopback IP address.
    See Additional information section for more information.
  3. This server is running a relatively large DIB and this message is cosmetic.
    See the Additional Information section for more information.
  4. Verify that the OpenLDAP Server is not configured on the server and using the same ports.   If so, either change the ports that eDirectory LDAP is using, or disable the Open LDAP Server.

Additional Information

For hostname alias to loopback address:
The eDirectory 8.8.x Readme mentions this issue in section 2.7. Be sure that the names associated with loopback addresses are not the hostname or preferred server names which should be associated with the machine's real IP address. eDirectory does not listen anymore, by default, on the loopback IP address. Doing so would cause issues with multiple instances all trying to listen on that IP address.

For servers with relatively large DIBs:
These messages may be purely cosmetic. Large DIB sizes are known cause this, even though LDAP does finally listen and is working.
These messages are generated from the /etc/init.d/nldap script. Some customers with large databases will choose to remark out the section responsible for generating these errors.
If you are using a proxy user, make sure that address restrictions are not assigned to that LDAP Proxy user as these errors will cause this message.

 Another cause of this message, is when an LDAP proxy user is associated with the LDAP group and it has a non-null password.