Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7732: LDAP Proxy - Allowing remote hosts

Centrify DirectControl ,   Centrify DirectControl Plugins ,  

4 November,16 at 04:26 PM

Applies to:

Versions of Centrify LDAP Proxy > 5.2.3 (2015.1) on all support platforms

Question:

How can the centrify-ldapproxy service be started to accept connections from remote hosts?


When attempting a remote ldap query against slapd, an error reflecting the following is received:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Or running with debug options (-d9) shows:

ldap_is_socket_ready: error on socket 3: errno: 111 (Connection refused)


Answer:

By default, slapd will refuse remote connections. To allow these connections, slapd should be started with the following options:

"-f /etc/centrifydc/openldap/slapd.conf -h ldap:///<slad server fqdn>:389"


Note: the value for -f may be modified if using an alternate configuration file. Please also be aware that we are starting the service with ldap support. If you wish slapd to support TLS, please see KB-5202

Beginning with Centrify LDAP Proxy 5.2.3, there have been enhancements made to the startup option recognition mechanisms. There are a few options for starting slapd with options:

1) service centrify-ldapproxy start "-f /etc/centrifydc/openldap/slapd.conf -h ldap:///<slad server fqdn>:389"

2) /usr/share/centrifydc/libexec/slapd -f /etc/centrifydc/openldap/slapd.conf -h ldap:///<slad server fqdn>:389

3) echo "STARTUP_OPTS=\"-f /etc/centrifydc/openldap/slapd.conf -h ldap:///<slad server fqdn>:389\"" >> /etc/sysconfig/centrify-ldapproxy
-- This file will be created. There is a check for this file as an optional parameter in the primary centrify-ldapproxy startup script.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.