Could not send bind request for id: authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error

Solution In Progress - Updated -

Environment

  • Red Hat Enterprise Linux 9
  • Red Hat Enterprise Linux 8
  • Red Hat directory server 11
  • Red Hat directory server 12
  • 389-ds

Issue

  • Could not send bind request for replication manager due to network error
[06/Dec/2023:12:07:05.262212520 +0700] - ERR - slapi_ldap_bind - Could not send bind request for id [cn=replication manager,cn=config] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error 0 (no error), network error 110 (Connection timed out, host "10.x.x.x:389"

Resolution

1. make the following changes in respective server .

# ldapmodify -h <ip_address_of system> -D "cn=Directory Manager" -W -x  <<EOF
dn: cn=agreement-<replica agreement_name>,cn=replica,cn=dc\3Dexampleid\2Cdc\3Dcom,cn=mapping tree,cn=config
changetype: modify
replace: nsDS5ReplicaHost
nsDS5ReplicaHost: tes.example.com
EOF

2. Open the /etc/hosts file and make the following entry as shown below for replica.

vi /etc/hosts
<ip_address_of_replca1> <fully_qualified_hostname> <shortname>
<ip_address_of_replca12> <fully_qualified_hostname> <shortname>

:wq!

3. Try to "poke" the replication agreement to trigger updates from the supplier :

# dsconf -D "cn=Directory Manager" ldap://<SUPLLIER SYSTEM_NAME>:389 repl-agmt poke --suffix "dc=example,dc=com" <agreement_name>

4. Also try to re-initialize the replication.

Example:
#dsconf <directory_server_instance_name> repl-agmt init --suffix dc=example,dc=com from-supplier1<first_supplier_name>-to-supplier2<second_supplier_name>

Root Cause

  • nsDS5ReplicaHost" should contain fqdn and not ipAddress as the RUV's were created based on fqdn.

Diagnostic Steps

[06/Dec/2023:12:07:05.262212520 +0700] - ERR - slapi_ldap_bind - Could not send bind request for id [cn=replication manager,cn=config] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error 0 (no error), network error 110 (Connection timed out, host "10.x.x.x:389"
[06/Dec/2023:12:07:05.262212520 +0700] - ERR - slapi_ldap_bind - Could not send bind request for id [cn=replication manager,cn=config] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error 0 (no error), network error 110 (Connection timed out, host "10.x.x.x:389"

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments