ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Solution 1:

Are you sure that your slapd is listening on LDAPI socket at all?

It has to get started with `slapd -h "ldapi:// ldap://" to e.g. listen on Unix domain socket (default path name depends on build options) and clear-text LDAP (389/tcp).

Depending on your Linux distribution (which one?) there is probably some config file for setting parameters for the start script.

Also note that you would some more config to directly map Linux user root to a LDAP user granted write access to cn=config for more reconfiguration.

In entry cn=config (frontend configuration) you need to rewrite authc-DN to proper authz-DN:

olcAuthzRegexp: {0}"gidnumber=0\+uidnumber=0,cn=peercred,cn=external,cn=auth" "cn=config"

In entry olcDatabase={0}config you would need an ACL like this:

olcAccess: {0}to
  dn.subtree="cn=config"
  by dn.base="cn=config" write

Solution 2:

root@ldap:~#ldapmodify -Y EXTERNAL -H ldapi:/// -f mod_ssl.ldif Resulting in: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

root@ldap:~#sudo service slapd start

Job for slapd.service failed because the control process exited with error code. See "systemctl status slapd.service" and "journalctl -xe" for details. Issue:- Failed to start slapd slapd.service: Control process exited, code=exited status=1 "tls init def ctx failed: -1"

Check your SSL certificate .crt/.key should be fine

root@ldap:~#ls -lsrt /etc/ldap/sasl2/ root@ldap:~#grep -R /etc/ldap/slapd.d

root@ldap:~#cat /etc/ldap/slapd.d/'cn=config.ldif'

olcTLSCertificateFile: /etc/ldap/sasl2/maneet.crt olcTLSCertificateKeyFile: /etc/ldap/sasl2/maneet.key

#sudo service slapd start

Issue resolved