S4 Connector reject - LDAP server down

Ghoudin · March 6, 2019, 6:32am

Good morning all,

I’m trying to install AD Connector on 1 of my UCS server, but for some reason it gives me an error.
When I run the system diagnostic, I get the below log:

Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/__init__.py", line 275, in execute
    result = execute(umc_module, **kwargs)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/43_connectors4_rejects.py", line 135, in run
    s4 = get_s4_connector()
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/43_connectors4_rejects.py", line 100, in get_s4_connector
    False
  File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 893, in __init__
    res = self.lo_s4.lo.search_ext_s('', ldap.SCOPE_BASE, 'objectclass=*', [], serverctrls=[self.ctrl_show_deleted], timeout=-1, sizelimit=0)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 590, in search_ext_s
    msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 586, in search_ext
    timeout,sizelimit,
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
SERVER_DOWN: {'desc': "Can't contact LDAP server"}

Any idea what’s wrong there?

Thanks for your help!

Christian_Voelker · March 6, 2019, 8:01am

Hi,

well, could you simply try to start the LDAP server? There is a nice GUI where you can see all services… otherwise on command line with systemctl start slapd.
If the start is not successful you might see related information in the logfiles /var/log/syslog or /var/log/daemon.log

/CV

Ghoudin · March 6, 2019, 8:43am

Hi Christian,

The LDAP server is on.
From deamon.log:

Mar  6 07:28:09 ucs01 slapd[919]: Starting ldap server(s): slapd ...done.
Mar  6 07:28:10 ucs01 slapd[919]: Checking Schema ID: ...done.
Mar  6 07:41:17 ucs01 slapd[957]: Starting ldap server(s): slapd ...done.
Mar  6 07:41:18 ucs01 slapd[957]: Checking Schema ID: ...done.

From syslog:

Mar 6 09:00:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:04:45 ucs01 slapd[1304]: connection_read(22): no connection!
Mar 6 09:15:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:15:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:15:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:15:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:15:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:15:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:15:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:15:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:15:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:21:13 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:21:13 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:21:13 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:21:13 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:21:13 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:22:52 ucs01 slapd[1304]: <= mdb_equality_candidates: (SAMLServiceProviderIdentifier) not indexed
Mar 6 09:26:30 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:26:41 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:27:11 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:30:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:30:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:30:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed
Mar 6 09:30:02 ucs01 slapd[1304]: <= mdb_equality_candidates: (nextcloudEnabled) not indexed

And the slapd service is running in the UMC.

I found this in /var/log/univention/connector-s4.log:

06.03.2019 09:32:59,586 LDAP        (INFO   ): init finished
06.03.2019 09:32:59,586 MAIN        (------ ): UNIVENTION_DEBUG_END   : ldap.__init__
06.03.2019 09:32:59,593 LDAP        (ERROR  ): Failed to lookup S4 LDAP base, using UCR value.
06.03.2019 09:32:59,601 MAIN        (------ ): UNIVENTION_DEBUG_BEGIN : ldap.close_debug
06.03.2019 09:32:59,601 LDAP        (INFO   ): close debug
06.03.2019 09:32:59,601 MAIN        (------ ): UNIVENTION_DEBUG_END   : ldap.close_debug
06.03.2019 09:33:04,604 MAIN        (------ ): UNIVENTION_DEBUG_BEGIN : ldap.__init__
06.03.2019 09:33:04,604 MAIN        (------ ): UNIVENTION_DEBUG_BEGIN : ldap.init_debug
06.03.2019 09:33:04,605 MAIN        (------ ): DEBUG_INIT
06.03.2019 09:33:04,605 MAIN        (------ ): UNIVENTION_DEBUG_END   : ldap.init_debug
06.03.2019 09:33:04,607 MAIN        (------ ): UNIVENTION_DEBUG_BEGIN : S4Cache.__init__
06.03.2019 09:33:04,608 MAIN        (------ ): UNIVENTION_DEBUG_BEGIN : S4Cache.__create_tables
06.03.2019 09:33:04,608 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE TABLE IF NOT EXISTS GUIDS (id INTEGER PRIMARY KEY, guid TEXT);'
06.03.2019 09:33:04,608 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE TABLE IF NOT EXISTS ATTRIBUTES (id INTEGER PRIMARY KEY, attribute TEXT);'
06.03.2019 09:33:04,609 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE TABLE IF NOT EXISTS DATA (id INTEGER PRIMARY KEY, guid_id INTEGER, attribute_id INTEGER, valu$
06.03.2019 09:33:04,609 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE INDEX IF NOT EXISTS data_foreign_keys ON data(guid_id, attribute_id);'
06.03.2019 09:33:04,609 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE INDEX IF NOT EXISTS attributes_attribute ON attributes(attribute);'
06.03.2019 09:33:04,609 LDAP        (INFO   ): S4Cache: Execute SQL command: 'CREATE INDEX IF NOT EXISTS guids_guid ON guids(guid);'
06.03.2019 09:33:04,610 MAIN        (------ ): UNIVENTION_DEBUG_END   : S4Cache.__create_tables
06.03.2019 09:33:04,610 MAIN        (------ ): UNIVENTION_DEBUG_END   : S4Cache.__init__
06.03.2019 09:33:04,610 MAIN        (------ ): UNIVENTION_DEBUG_BEGIN : LockingDB.__init__
06.03.2019 09:33:04,610 MAIN        (------ ): UNIVENTION_DEBUG_BEGIN : LockingDB.__create_tables
06.03.2019 09:33:04,610 LDAP        (INFO   ): LockingDB: Execute SQL command: 'CREATE TABLE IF NOT EXISTS S4_LOCK (id INTEGER PRIMARY KEY, guid TEXT);'
06.03.2019 09:33:04,611 LDAP        (INFO   ): LockingDB: Execute SQL command: 'CREATE TABLE IF NOT EXISTS UCS_LOCK (id INTEGER PRIMARY KEY, uuid TEXT);'
06.03.2019 09:33:04,611 LDAP        (INFO   ): LockingDB: Execute SQL command: 'CREATE INDEX IF NOT EXISTS s4_lock_guid ON s4_lock(guid);'
06.03.2019 09:33:04,611 LDAP        (INFO   ): LockingDB: Execute SQL command: 'CREATE INDEX IF NOT EXISTS ucs_lock_uuid ON ucs_lock(uuid);'
06.03.2019 09:33:04,611 MAIN        (------ ): UNIVENTION_DEBUG_END   : LockingDB.__create_tables
06.03.2019 09:33:04,612 MAIN        (------ ): UNIVENTION_DEBUG_END   : LockingDB.__init__
06.03.2019 09:33:04,632 LDAP        (INFO   ): init finished
06.03.2019 09:33:04,633 MAIN        (------ ): UNIVENTION_DEBUG_END   : ldap.__init__
06.03.2019 09:33:04,640 LDAP        (ERROR  ): Failed to lookup S4 LDAP base, using UCR value.
06.03.2019 09:33:04,647 MAIN        (------ ): UNIVENTION_DEBUG_BEGIN : ldap.close_debug
06.03.2019 09:33:04,647 LDAP        (INFO   ): close debug
06.03.2019 09:33:04,647 MAIN        (------ ): UNIVENTION_DEBUG_END   : ldap.close_debug

Also, when running ucr search --brief s4/ldap, I get this:

connector/s4/ldap/base: DC=LILITSOLUTIONS,DC=CH
connector/s4/ldap/binddn: <empty>
connector/s4/ldap/bindpw: <empty>
connector/s4/ldap/certificate: 
connector/s4/ldap/host: ucs01.lilitsolutions.ch
connector/s4/ldap/port: 389
connector/s4/ldap/protocol: ldapi
connector/s4/ldap/socket: /var/lib/samba/private/ldap_priv/ldapi
connector/s4/ldap/ssl: no

I tried changing connector/s4/ldap/ssl to yes, but then it asks me for connector/s4/ldap/certificate to be declared.

Turning in circle there

Thanks for your help!