ldapsearch

Question

Level 1

4 points

ldapsearch

ldapsearch fails, unable to contact server.

Ever since I began using OS X Sierra, I have not been able to search LDAP servers using ldapsearch. I get the following error in the terminal:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I also see the following two errors in the console:

/usr/bin/ldapsearch (/usr/lib/system/libsystem_trace.dylib)

subsystem: com.apple.securityd, category: secpref, enable_level: 0, persist_level: 0, default_ttl: 0, info_ttl: 0, debug_ttl: 0, generate_symptoms: 0, enable_oversize: 0, privacy_setting: 2, enable_private_data: 0

/usr/bin/ldapsearch (/usr/lib/system/libsystem_trace.dylib)

subsystem: com.apple.network, category: , enable_level: 0, persist_level: 0, default_ttl: 0, info_ttl: 0, debug_ttl: 0, generate_symptoms: 0, enable_oversize: 0, privacy_setting: 2, enable_private_data: 0

I have tried disabling the firewall, that doesn't help. I have seen this in two MBPs, one was an older 2012 that had a clean install of Sierra. The second is my new 😎 MBP, with a factory OS install.

Is this a bug? Any debugging help would be appreciated.

Thanks in advance,

Erik

MacBook Pro with Retina display, macOS Sierra (10.12.3)

Posted on Feb 21, 2017 7:56 AM

Reply

Answer 1

cdhw

Level 4

3,594 points

Feb 21, 2017 9:13 AM in response to cuerik

That error message can be triggered in various ways, including not specifying any command arguments:

bash-3.2$ ldapsearch

ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

If you are using arguments that have previously worked fine, Sierra has tightened various security settings and default behaviour. My guess is that ldapsearch wants the server to be properly secured, i.e. accept ldaps connections and it isn't. Without knowing what command you are using and the configuration of the server, neither of which you have shared, it's impossible to say what's wrong. I wouldn't jump to the conclusion it's a bug yet.

C.

Reply