Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Can't bind to LDAP server?
  •  
robaries

Messages: 14
Karma: -1
Send a private message to this user
Hi,

after the test period we decided to buy Kerio. Installation was a success but from time to time we have the problem that kerio cannot connect to the MAC OS X LDAP!

Quote:
[17/Dec/2012 18:47:51] Can't bind to LDAP server srv.domain.de. simple bind failed. User name: uid=diradmin,cn=users,dc=srv,dc=domain,dc=de. Err. code: -1, message: Can't contact LDAP server, LDAP srv. message: SASL(-13): authentication failure: realm changed: authentication aborted. ThreadId: 2968760320

Kerio needs to be restarted to get it work again!
It seems that the ldap server crashes and kerio will not work any longer until I manually restart kerio connect.

Quote:
Dec 17 18:47:51 srv com.apple.launchd[1] (org.openldap.slapd[56]): Job appears to have crashed: Abort trap: 6
Dec 17 18:47:51 srv.domain.de ReportCrash[2037]: Saved crash report for slapd[56] version 208.1 to /Library/Logs/DiagnosticReports/slapd_2012-12-17-184751_srv. crash


Quote:
Process: slapd [56]
Path: /usr/libexec/slapd
Identifier: slapd
Version: 208.1
Code Type: X86-64 (Native)
Parent Process: launchd [1]
User ID: 0

Date/Time: 2012-12-17 18:47:50.907 +0100
OS Version: Mac OS X 10.8.2 (12C60)
Report Version: 10

Crashed Thread: 4

Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000

Application Specific Information:
*** error for object 0x7fd96968e760: pointer being freed was not allocated

...

Is this a problem of kerio? Does anybody know what to do? It is really annoying Sad Looking forward for any help. Thanks a lot

Kindly
Robert
  •  
The Gerald

Messages: 7
Karma: 0
Send a private message to this user
Same here! slapd is crashing intermittently.

Config:
Xserve3,1 with 10.8.2 (12C60): OpenDirectory Master
Xserve3,1 with 10.8.2 (12C60): OpenDirectory Replik
Xserve1,1 with 10.6.8 (10K549): Mail Server

MailServer is bound to OD in the System PrefPane "Users&Groups"
Config in Domain Settings is in good standing, users are available and have access to the services until the slapd crashes on Xserve ODM or Xserve ODR.

For testing purposes, we have installed the old Open Directory Extension. But it did not solve the problem.


Currently we are trying to recreate the problem in virtual environments.

  •  
robaries

Messages: 14
Karma: -1
Send a private message to this user
I think the problem is that kerio does not automatically reconnect to the directory? Hello Kerio any ideas?

[Updated on: Wed, 09 January 2013 15:26]

  •  
Ernesto (Kerio)

Messages: 86
Karma: 7
Send a private message to this user
Robert,

What version of Kerio Connect are you running? is it 8.0?

Also, are you using Kerberos to authenticating users with OD? Kerberos is the recommended authentication method.

You can determine which authentication is configured by editing the user in Accounts->Users, or by adding the Authentication filed in that same page (Accounts->Users) in Admin console.


Sales Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
robaries

Messages: 14
Karma: -1
Send a private message to this user
Thanks for your reply. We are using Kerio Connect 8.0.0 build 639 with Kerberos authentication. Server is a Mac mini with 10.8.2. Do you need more information?

Cheers Robert
  •  
The Gerald

Messages: 7
Karma: 0
Send a private message to this user
We are using Kerio Connect 8.0.0 build 639 too.

We've also tried the Kerberos authentication with the same result: slapd is crashing intermittently on both servers.

We now switched to local users in Kerio Connect. That works fine for the moment.
  •  
robaries

Messages: 14
Karma: -1
Send a private message to this user
I can confirm that there are no problems with local users.
  •  
Ernesto (Kerio)

Messages: 86
Karma: 7
Send a private message to this user
Robert and The Gerald,

Please contact Kerio Tech support on this issue. There is a similar ldap issue under investigation in Kerio Connect 8.0.0 and there is a possible work around.


Sales Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
robaries

Messages: 14
Karma: -1
Send a private message to this user
I send a message to the support. But something went wrong Sad The message was send 7 times! Please contact me if you need details. Thanks
  •  
robaries

Messages: 14
Karma: -1
Send a private message to this user
Send a message to the support .. waiting for a reply!

ldap still is crashing and kerio stops working:

[13/Jan/2013 20:07:19][2975150080] {ldapdb} Can't bind to LDAP server srv.domain.de using SASL/DIGEST-MD5 authentication. User name: diradmin<_at_>srv.domain.de. Message: Invalid credentials, code: 49. ThreadId: 2975150080
[13/Jan/2013 20:07:19][2968760320] {ldapdb} Can't bind to LDAP server srv.domain.de using SASL/DIGEST-MD5 authentication. User name: diradmin<_at_>srv.domain.de. Message: Invalid credentials, code: 49. ThreadId: 2968760320
[13/Jan/2013 20:07:20][2968760320] {ldapdb} Can't bind to LDAP server srv.domain.de using SASL/CRAM-MD5 authentication. User name: diradmin<_at_>srv.domain.de. Message: Can't contact LDAP server, code: -1. ThreadId: 2968760320
[13/Jan/2013 20:07:20][2975150080] {ldapdb} Can't bind to LDAP server srv.domain.de using SASL/CRAM-MD5 authentication. User name: diradmin<_at_>srv.domain.de. Message: Can't contact LDAP server, code: -1. ThreadId: 2975150080
[13/Jan/2013 20:07:20][2968760320] {ldapdb} Can't bind to LDAP server srv.domain.de. simple bind failed. User name: uid=diradmin,cn=users,dc=srv,dc=domain,dc=de. Err. code: -1, message: Can't contact LDAP server, LDAP srv. message: SASL(-13): authentication failure: realm changed: authentication aborted. ThreadId: 2968760320
[13/Jan/2013 20:07:20][2975150080] {ldapdb} Can't bind to LDAP server srv.domain.de. simple bind failed. User name: uid=diradmin,cn=users,dc=srv,dc=domain,dc=de. Err. code: -1, message: Can't contact LDAP server, LDAP srv. message: SASL(-13): authentication failure: realm changed: authentication aborted. ThreadId: 2975150080
[13/Jan/2013 20:07:20][2968760320] {ldapdb} LDAPS server srv.domain.de:636 is now marked as not available.
[13/Jan/2013 20:07:20][2968760320] {ldapdb} Cannot init new LDAP server connection. No LDAP server available. (ThreadId=2968760320)
[13/Jan/2013 20:07:20][2968760320] {ldapdb} Failed to acquire new LDAP connection. (ThreadId=2968760320)
[13/Jan/2013 20:07:20][2968760320] {ldapdb} LDAP result: action=search, errcode=-1, message="Can't contact LDAP server" (ThreadId=2968760320)
[13/Jan/2013 20:07:20][2975150080] {ldapdb} LDAPS server srv.domain.de:636 is now marked as not available.
[13/Jan/2013 20:07:20][2968760320] {ldapdb} username<_at_>domain.de: Looking up in cache...
[13/Jan/2013 20:07:20][2975150080] {ldapdb} Cannot init new LDAP server connection. No LDAP server available. (ThreadId=2975150080)
[13/Jan/2013 20:07:20][2968760320] {ldapdb} username<_at_>domain.de: found in cache
  •  
Alin Pastrama

Messages: 19
Karma: 0
Send a private message to this user
Does this issue also affect Microsoft AD authentication?
  •  
robaries

Messages: 14
Karma: -1
Send a private message to this user
An other log entry

[14/Jan/2013 14:23:53] HTTP/CardDav: User <_at_> doesn't exist. Attempt from IP address 192.168.1.111.
  •  
blankz

Messages: 29
Karma: 0
Send a private message to this user
robaries wrote on Wed, 09 January 2013 18:07
Thanks for your reply. We are using Kerio Connect 8.0.0 build 639 with Kerberos authentication. Server is a Mac mini with 10.8.2. Do you need more information?

Cheers Robert


We're having the same problem with 10.7.5.
Please update if you have any ideas for a solution on this.
  •  
wooster101

Messages: 106
Karma: 2
Send a private message to this user
I see the same issue on the following setup

Setup 1

Mac OS X 10.6.8 OD Master
Mac OS X 10.6.8 Kerio Connect 8.0 server

Setup 2

Mac OS X 10.7.5 OD Master
Mac OS X 10.7.5 Kerio Connect 8.0 server

These server have worked for years authentication in this manner but stops with irregular interval since upgrading to 8.0
blankz

Messages: 29
Karma: 0
Send a private message to this user
Could you see any indications of LDAP-errors in the Warnings-logg in Kerio BEFORE the upgrade to 8.0?

I have a setup with 10.7.5 and Kerio 7.4.2, still getting these errors:

[05/Sep/2012 13:32:58] Can't bind to LDAP server ##########. simple bind failed. User name: uid=diradmin,cn=users,dc=####,dc=#########,dc=##. Err. code: -1, message: Can't contact LDAP server, LDAP srv. message: (NULL). ThreadId: 3014553600
[05/Sep/2012 13:32:58] Can't bind to LDAP server ############ using any supported authentication method.


So, could it be that Kerio 8 can't survive with this unstable OD that v.7 could handle?
Is the solution to configure password-server OD-authentication instead, if Kerberos makes the LDAP fail?
Previous Topic: Synchronization Settings -> Attached Files synchronization
Next Topic: Enable Web Administration from config file
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Feb 22 18:58:18 CET 2017

Total time taken to generate the page: 0.04499 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.