ldapsearch result: Can't contact LDAP server (-1)

Anyone knows which the problem?

I installed LDAP: yum -y install openldap-servers and then checked is the installation work well starting slapd service and doing ldapsearch like this:

ldapsearch -h 127.0.0.1 -x -b '' -s base '(objectclass=*)' namingContexts -d1

log:

ldap_create
ldap_url_parse_ext(ldap://127.0.0.1)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 127.0.0.1:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 14 bytes to sd 3
ldap_result ld 0x7f7d211a4350 msgid 1
wait4msg ld 0x7f7d211a4350 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f7d211a4350 msgid 1 all 1
** ld 0x7f7d211a4350 Connections:
* host: 127.0.0.1  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Mon Jan 26 12:05:16 2015


** ld 0x7f7d211a4350 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f7d211a4350 request count 1 (abandoned 0)
** ld 0x7f7d211a4350 Response Queue:
   Empty
  ld 0x7f7d211a4350 response count 0
ldap_chkResponseList ld 0x7f7d211a4350 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f7d211a4350 NULL
ldap_int_select
read1msg: ld 0x7f7d211a4350 msgid 1 all 1
ber_get_next
ldap_err2string
ldap_result: Can't contact LDAP server (-1)
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_free_connection: actually freed

After that I've tried to configure LDAP but the problem it's the same. And I started from scratch and then I asked with this question.

My ldap.conf:

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE    dc=example,dc=com
URI     ldap://127.0.0.1  #ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERTDIR   /etc/openldap/certs

# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON    on

Is it a problem of my Centos 7 server?

EDIT:

I checked and I can't ping to localhost: ping localhost or ping 127.0.0.1 may be is the problem. How can I solve it?

New Edit:

Ping is not the problem. Now I can ping but still not works. Only works ldapsearch like this:

ldapsearch -H ldapi:/// -x -b '' -s base '(objectclass=*)' namingContexts

It returns the following: lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

Alright, then it should be running, try again with: "ifconfig | grep -e 'LOOPBACK' -A 1" and check that its IP is actually 127.0.0.1

Result: lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0

It seems to be another problem :(

Well try replacing '127.0.0.1' with the ip of your machine and see if LDAP works

No :( still not works. onli with -H ldapi:///

Sounds less like an LDAP problem and more like a network issue. Is your machine able to communicate with any others?

Now I can pint to localhost. But LDAP still doesn't work.

If it's still not working ensure that your ldap.conf is in /etc/openldap/ not just /etc/. You may also want to use authconfig-tui, select [X] Use LDAP, then click next and fill in your LDAP settings. To make things easier try disabling TLS to make sure that's not the issue.

ldap.conf is only on /etc/openldap/ and authconfig-tui works into ssh? I've commented TLS_CACERTDIR into ldap.conf and still not working.

yes, authconfig-tui is a text based UI, you can use it while ssh into the machine.

TLS is probably your issue, but commenting it out of your ldap.conf means your client will use the default location for keys to authenticate, and it will fail. If you check /var/log/messages you will likely see some TLS errors, eg failed to authenticate.

And what's the reason for it's required? In a local machine that I tested, it isn't and works.

It doesn't appear nothing about TLS or authentication :( It appears this auditd[805]: Audit daemon rotating log files

TLS adds a level of security to LDAP, functioning in a similar manner as SSH keys. Essentially you create TLS certificates, one for the server, and one for clients. The clients check when LDAP commands are executed that they are querying the right LDAP server (so that someone wouldn't be able to change the LDAP server location by way of adding say, a new hostname, or specifying -H). For more information, check out: openldap.org/doc/admin24/tls.html

If my intention is a simple Apache authentication, Do you recommends install authconfig-tui or not? Thanks for your patience I'm really newbie :( and I'm not sure if I'm doing right.

If system-config-authentication is installed you can use that as well, it's similar to authconfig-tui. If neither is installed I'd definitely recommend one of the two to make it easier for you rather than editing the configuration files.

Can I solve my problem with that? And how? We can talk into chat?

You can enter ldap server information into a client by running 'system-config-authentication' on the client and filling in the form. In this case the same machine is both the client and server, but that's fine. I can't chat now, as I am at work, and will be for a few more hours.

I thing that is not I'm looking for. :/