openladp

open ldap on ubuntu server 16.04
i try to install and configure openldap on ubuntu.
i install slapd ldap-utils and i try to start slapd services.
i get error :

slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
   Loaded: loaded (/etc/init.d/slapd; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since 19s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 11693 ExecStart=/etc/init.d/slapd start (code=exited, status=1/FAILURE)

 'ubuntu'systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
 ubuntu slapd[11693]:  * Starting OpenLDAP slapd
ubuntu slapd[11700]: @(#) $OpenLDAP: slapd  (Ubuntu) (May 30 2017 19:20:53) $
                                             buildd@lgw01-18:/build/openldap-JXEADB/openldap-2.4.42+dfsg/debian/build/servers/slapd
ubuntu slapd[11700]: daemon: bind(9) failed errno=98 (Address already in use)
ubuntu slapd[11693]:    ...fail!
ubuntu systemd[1]: slapd.service: Control process exited, code=exited status=1
ubuntu systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
ubuntu systemd[1]: slapd.service: Unit entered failed state.
ubuntu systemd[1]: slapd.service: Failed with result 'exit-code'.
JasaidaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
daemon: bind(9) failed errno=98 (Address already in use)

Looks like there already is a ldap service running.... or there is some misconfiguration.
Check ports 389 (ldap) & 636 (ldaps).

It might be worthwile to check the slapd.conf file what it is configured for to listen on.
with
netstat -antp | grep 389
netstat -antp | grep 636
you can find out what process is using those ports.
1
JasaidaAuthor Commented:
i do not have configuration in slapd.conf.
but port 389 is for nslcd (is for ldap ) and 636 is for samba (samba4 active directory)
0
nociSoftware EngineerCommented:
If you already have an LDAP service, why install slapd (openldap server).
AD = Kerberos + LDAP (incompletly used).
You either want AD or LDAP (without AD).
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

JasaidaAuthor Commented:
ldap  was not working. derfor install openldap. it's may be wrong. but how to clean and how to get work ldap in ad
0
nociSoftware EngineerCommented:
Q1: Do you need passwords in LDAP or not.... (AD cannot store passwords...., those are in Kerberos, not all equipment is capable of handling kerberos for authentication f.e.).?
if Yes then forget AD.  (f.e. if you need other systems without Kerberos use the LDAP ).
First determine if you need AD.... or LDAP

Then either choose one   there are a lot of cookbooks on the SAMBA site on how to integrate wiwith AD, with preexisting setup. Or setup Samba as AD as well.

Clean-up:
apt-get remove openldap
possibly followed with
apt-get autoremove
to remove now unused dependencies.
0
JasaidaAuthor Commented:
i don't need password in ldap.  i have my ad in samba 4.1
do you mean i can't have a samba as active directory and ldap?
0
nociSoftware EngineerCommented:
You can use Samba for AD...., not full LDAP.
So Q2 Why do you need LDAP, if the use of LDAP ALSO requires password lookups (think websites...) then
AD /LDAP is hardly useful.    Unless the web application ALSO does Kerberos logons.
YMMV depending on application requirements.
0
JasaidaAuthor Commented:
i need ldap for some radius server.
0
nociSoftware EngineerCommented:
You will need to check if the intended Radius server can be used with AD and how to configure that.

This might help: https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO

Oh btw, Dont literary follow the building from source mentioned there.
If it says install openssl,,, that should be already on your system..., installing Free Radius can probably be done using
apt-get install free-radius.
0
JasaidaAuthor Commented:
ok. Thanks. what about ldap i need ldap to connect to radius server. i can maybe install radius server and create user on it but it's not adopt
with ldap and ad. then if user change password, it's not working.
0
nociSoftware EngineerCommented:
Please check the article i mentioned it includes the steps on how to configure samba etc. to work together with free-radius.
Any radius server should be able to also work for another radius server (as radius-proxy /  daisy chaining them)    at least free-radius can.
So if you can integrate free-radius onto your Samba AD, then it should also be possible  point any radius server there.
0
JasaidaAuthor Commented:
i am just confuse. do you mean i do not need ldap ?
0
nociSoftware EngineerCommented:
ports are reserved for a purpose..., a function, and not exactly free to choose in most circum stances.
In yours you already have something running on port 389 (=LDAP) and 636 (=LDAPS)  you told that you have Samba as AD....
So you already HAVE LDAP (well a cripled one, as AD implements a subset of LDAP) to complement AD uses Kerberos.
You  appear to have a crippled LDAP + Kerberos, in the trade known as Active Directory.

For RADIUS access you need something that can handle (Crippled LDAP + Kerberos) aka AD.   Free-Radius can (it has some NTLM module that can authenticate using Kerberos and query LDAP for the remainder of the data).  
You will not need openldap  UNLESS you want to do a separate install (different server etc.) and use that for radius.
Then again that would be a lot of work for not integrating with your AD, then you could do without LDAP anyway and use Pure radius config.
0
nociSoftware EngineerCommented:
What is still unclear/confusing?
0
JasaidaAuthor Commented:
Yes.
i do not need  radius server on my network. i need a ldap then som remote radius server should search in ldap.
 i can't use som crippled LDAP. therefore i try to install openldap to run on another port fx. 1389 istedet of 389.
i am completly lost and conf. now. HELP
0
nociSoftware EngineerCommented:
openldap:  
/etc/openldap/slapd.conf is the server config  

man slapd.conf explains this in detail  (f.e. for the TLS certificates...)
Starting the server can be found in man slapd
Starting slapd with -h option might help here:
-h ldaps://ldapname.local:1389/            # for interface with address ldapname.local
or
-h ldaps://:1389/                                    # for all interfaces.

should work for that...
0
JasaidaAuthor Commented:
Yes i did
i run slapd -h ldap://server:1389/
it's running. But i can't connect to it via phpldapadmin
my apache2 is running and it's on port 55.
i try http://serverip:55/phpldapadmin i don't connect to the that ldap.
0
nociSoftware EngineerCommented:
the phpladpadmin will need to know how to get to some other port 1389 in stead of 389...

in the phpldapadmin-root/config/config.php

look for this line:   $servers->setValue('server','port',389);

You will need to change the 389 -> 1389 there. (also a few lines down from there you need to set the base URL.
(And possibly you need to set more...)
If this is a 2nd DNS you manage from phpldapadmin then you need to add a new sever entry there first.
with: $servers->newServer('ldap_pla1389');
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JasaidaAuthor Commented:
Thank you very much its' working now.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
LDAP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.