In some environments, the
hostname of the Linux server gets changed.
This causes a problem with SFTP Gateway, because it can no longer find the local LDAP database.
This article shows you a workaround for getting SFTP Gateway to find the local LDAP database again.
You may encounter the following error message:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
For example, you are running the
and you get this as the error message.
The problem is that SFTP Gateway cannot find the local LDAP server, which could be the result of the Linux hostname being changed.
SFTP Gateway uses two configuration files to locate the LDAP server:
In each file, there is a line:
Check to see if the
<original-hostname> matches the current hostname,
which you can get by running the command:
If the original hostname has changed along the way, you can fix this
by appending it to
127.0.0.1 localhost ... ... <your_original_hostname>
Now, SFTP Gateway should be able to locate the LDAP database. To confirm, you can run the following commands:
ldappassword=$(sudo grep ldap.password /opt/sftpgw/application.properties | cut -d"=" -f2) ldapsearch -D cn=admin -w $ldappassword
You should see the contents of your LDAP database output to the screen.
Note: It might be tempting to update the hostname in
/etc/openldap/ldap.conf. But this causes another issue -- the SSL
certificate used by Java to communicate with LDAP is tied to the original
hostname. So, this approach will break the Java backend.