'ldap.SERVER_DOWN: Can't contact LDAP server. The TLS connection was non-properly terminated
I am trying to deploy OpenID Connect for my openstack instances [vmware host ubuntu 20.04, instances are also same]. The overall goal is to create a cyber range this and using pre-build scripts. While executing one of the playbooks I am continuously getting ldap.Server_Down error. The yml file is
- name: Ensure ou for users
community.general.ldap_entry:
dn: ou=people,dc=springframework,dc=org
objectClass:
- top
- organizationalUnit
bind_dn: cn=Directory\ Manager
bind_pw: "{{ kypo_crp_oidc_local_provider_ldap_root_password }}"
server_uri: ldaps://localhost:1636
validate_certs: False
register: ldap_entry
until: ldap_entry is not failed
retries: 30
delay: 5
And the output is
TASK [kypo-crp-local-oidc : Ensure ou for users] *******************************************************
FAILED - RETRYING: Ensure ou for users (30 retries left).
FAILED - RETRYING: Ensure ou for users (29 retries left).
....
FAILED - RETRYING: Ensure ou for users (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 107, 'ctrls': [], 'info': 'The TLS connection was non-properly terminated.'}
fatal: [kypo]: FAILED! => {"attempts": 30, "changed": false, "details": "{'result': -1, 'desc': \"Can't contact LDAP server\", 'errno': 107, 'ctrls': [], 'info': 'The TLS connection was non-properly terminated.'}", "msg": "Cannot bind to the server."}
After adding more verbosity to the command in few tries it also generate message saying invalid credentials
FAILED - RETRYING: Ensure ou for users (23 retries left).Result was: {
"attempts": 8,
"changed": false,
"details": "{'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}",
"invocation": {
"module_args": {
"attributes": {},
"bind_dn": "cn=Directory\\Manager",
"bind_pw": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"dn": "ou=people,dc=springframework,dc=org",
"objectClass": [
"top",
"organizationalUnit"
],
"params": null,
"server_uri": "ldaps://localhost:1636",
"start_tls": false,
"state": "present",
"validate_certs": false
}
},
"msg": "Cannot bind to the server.",
"retries": 31
}
while most of the tries output following error:
FAILED - RETRYING: Ensure ou for users (26 retries left).Result was: {
"attempts": 5,
"changed": false,
"details": "{'result': -1, 'desc': \"Can't contact LDAP server\", 'errno': 107, 'ctrls': [], 'info': 'The TLS connection was non-properly terminated.'}",
"invocation": {
"module_args": {
"attributes": {},
"bind_dn": "cn=Directory\\Manager",
"bind_pw":
"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"dn": "ou=people,dc=springframework,dc=org",
"objectClass": [
"top",
"organizationalUnit"
],
"params": null,
"server_uri": "ldaps://localhost:1636",
"start_tls": false,
"state": "present",
"validate_certs": false
}
},
"msg": "Cannot bind to the server.",
"retries": 31
}
The port 1636 is in listening mode when checked
root@kypo-head:/home/ubuntu# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign
Address State
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
tcp 0 0 localhost:1636 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:8443 [::]:* LISTEN
Cant it be the problem that yml file is accessing server URI as ldaps://localhost:1636 while the opened connections shows localhost:1636?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|