Hi,

This is my second DSfW server. The provisioning wizard failed at SLAPI, Assign Rights and Update Service Configuration. So I went back and did it manually. The same error pops up:

ldap_bind: can't contact LDAP server.

I did an ndstrace and then unload/load nldap. The following error stack keeps repeating.

LDAP: [2011/03/08 23:37:26.458] New TLS connection 0x1484d780 from 10.0.0.4:52580, monitor = 0xb60a1ba0, index = 1
LDAP: [2011/03/08 23:37:26.458] Monitor 0xb60a1ba0 initiating TLS handshake on connection 0x1484d780
LDAP: [2011/03/08 23:37:26.458] (10.0.0.4:52580)(0x0000:0x00) DoTLSHandshake on connection 0x1484d780
LDAP: [2011/03/08 23:37:26.460] (10.0.0.4:52580)(0x0000:0x00) TLS accept failure 1 on connection 0x1484d780, setting err = -5875
. Error stack:
error:14094412:SSL routines:func(148):reason(1042) - SSL alert number 42
LDAP: [2011/03/08 23:37:26.460] (10.0.0.4:52580)(0x0000:0x00) TLS handshake failed on connection 0x1484d780, err = -5875
LDAP: [2011/03/08 23:37:26.460] BIO ctrl called with unknown cmd 7
LDAP: [2011/03/08 23:37:26.460] Server closing connection 0x1484d780, socket error = -5875
LDAP: [2011/03/08 23:37:26.460] Connection 0x1484d780 closed


So I searched for this error and most results came back that SSL alert number 42 relates to certificate error, but both my servers are freshly installed and the certificates are valid. and then I noticed the 10.0.0.4 address in the ndstrace, which is my first dsfw. So I went back to that machine and did an ndstrace and got the following results:

LDAP: [2011/03/08 23:33:44.322] LDAP Agent for Novell eDirectory 8.8 SP5 (20506.05) stopped
LDAP: [2011/03/08 23:33:48.103] NDS attribute "NSCP:memberCertificateDesc" does not exist, mapping ignored
LDAP: [2011/03/08 23:33:48.103] NDS attribute "staticMember" does not exist, mapping ignored
LDAP: [2011/03/08 23:33:48.104] NDS attribute "ms-net-ieee-8023-GP-PolicyReser" does not exist, mapping ignored
LDAP: [2011/03/08 23:33:48.161] ANR_InitContext: No ANR attributes defined in plugin configuration; using defaults

LDAP: [2011/03/08 23:33:48.177] LDAP Agent for Novell eDirectory 8.8 SP5 (20506.05) started
LDAP: [2011/03/08 23:33:48.311] Listener cleartext socket bind failed, err = -5880
LDAP: [2011/03/08 23:33:48.311] Listener cleartext port 389 is already in use
LDAP: [2011/03/08 23:33:48.311] Unable to create listener for URL ldap://:389, err = -5880 (0xffffe908)
LDAP: [2011/03/08 23:33:48.311] Listener TLS socket bind failed, err = -5880
LDAP: [2011/03/08 23:33:48.311] Listener TLS port 636 is already in use
LDAP: [2011/03/08 23:33:48.311] Unable to create listener for URL ldaps://:636, err = -5880 (0xffffe908)
LDAP: [2011/03/08 23:33:48.311] Listener connectionless socket bind failed, err = -5880
LDAP: [2011/03/08 23:33:48.311] Listener connectionless port 389 is already in use
LDAP: [2011/03/08 23:33:48.311] Unable to create listener for URL cldap://, err = -5880 (0xffffe908)
LDAP: [2011/03/08 23:33:48.311] Listener cleartext socket bind failed, err = -5880
LDAP: [2011/03/08 23:33:48.311] Listener cleartext port 3268 is already in use
LDAP: [2011/03/08 23:33:48.311] Unable to create listener for URL ldap://:3268, err = -5880 (0xffffe908)
LDAP: [2011/03/08 23:33:48.311] Listener TLS socket bind failed, err = -5880
LDAP: [2011/03/08 23:33:48.311] Listener TLS port 3269 is already in use
LDAP: [2011/03/08 23:33:48.311] Unable to create listener for URL ldaps://:3269, err = -5880 (0xffffe908)


I have unchecked both "Required TLS...." on the LDAP Groups in iManager.

Both secure and non-secure ports are opened.

I can do an ldapsearch without problem.

What am I doing wrong?

Thanks in advance,
Philip