Hostname has changed · SFTP Gateway Support

Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.

Overview

In some environments, the hostname of the Linux server gets changed.

This causes a problem with SFTP Gateway, because it can no longer find the local LDAP database.

This article shows you a workaround for getting SFTP Gateway to find the local LDAP database again.

Background

You may encounter the following error message:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

For example, you are running the resetadminpassword command, and you get this as the error message.

The problem is that SFTP Gateway cannot find the local LDAP server, which could be the result of the Linux hostname being changed.

SFTP Gateway uses two configuration files to locate the LDAP server:

/etc/nslcd.conf
/etc/openldap/ldap.conf

In each file, there is a line:

uri ldap://<original-hostname>/

Check to see if the <original-hostname> matches the current hostname, which you can get by running the command:

hostname

Hostname workaround

If the original hostname has changed along the way, you can fix this by appending it to /etc/hosts:

127.0.0.1   localhost ... ... <your_original_hostname>

Now, SFTP Gateway should be able to locate the LDAP database. To confirm, you can run the following commands:

ldappassword=$(sudo grep ldap.password /opt/sftpgw/application.properties | cut -d"=" -f2)
ldapsearch -D cn=admin -w $ldappassword

You should see the contents of your LDAP database output to the screen.

Note: It might be tempting to update the hostname in /etc/nslcd.conf and /etc/openldap/ldap.conf. But this causes another issue -- the SSL certificate used by Java to communicate with LDAP is tied to the original hostname. So, this approach will break the Java backend.