Re: [gentoo-user] OpenLDAP works only at localhost, not from outside
On Mon, Sep 5, 2011 at 12:50 AM, Johannes Geiss wrote: > On Fri, 02 Sep 2011 08:50:46 +0200 > Joost Roeleveld wrote: > >> What do you mean with, "outside"? > > I meant from another place via the Internet through my router to my > computer. > > >> [...] > >> Hope this helps. > > Yes, your suggestions helped. Thank you very much. Though it doesn't > solve the problem. Now I know I did everything right at my > LDAP-server, but the problem is my router (Speedport W 503V Typ C). > It's blocking some (not all) of the communication. I forwarded all > ports to my computer (ie. it's in the DMZ), but LDAP is not working > correctly. It could be that your ISP has a firewall. You might try nmapping your public IP address from elsewhere, and verifying that everything you think is open, is open. -- :wq
Re: [gentoo-user] OpenLDAP works only at localhost, not from outside
On Monday, September 05, 2011 06:50:35 AM Johannes Geiss wrote: > On Fri, 02 Sep 2011 08:50:46 +0200 > > Joost Roeleveld wrote: > > What do you mean with, "outside"? > > I meant from another place via the Internet through my router to my > computer. I suspected this to be the case. > > > [...] > > > > Hope this helps. > > Yes, your suggestions helped. Thank you very much. Though it doesn't > solve the problem. Now I know I did everything right at my > LDAP-server, but the problem is my router (Speedport W 503V Typ C). > It's blocking some (not all) of the communication. I forwarded all > ports to my computer (ie. it's in the DMZ), but LDAP is not working > correctly. How did you forward all ports? I never specify a port-range for port-forwarding, but only specific ports. I am not familiar with the router you are using, but is there an option to specify a specific port? Alternatively, you could try using port-forwarding/tunneling using SSH- connections. Your LDAP-client should be able to hitch a ride over that connection if you set up the tunnel. If you google for "ssh portforwarding" you should find some examples and explanations for this. -- Joost
Re: [gentoo-user] OpenLDAP works only at localhost, not from outside
On Fri, 02 Sep 2011 08:50:46 +0200 Joost Roeleveld wrote: > What do you mean with, "outside"? I meant from another place via the Internet through my router to my computer. > [...] > Hope this helps. Yes, your suggestions helped. Thank you very much. Though it doesn't solve the problem. Now I know I did everything right at my LDAP-server, but the problem is my router (Speedport W 503V Typ C). It's blocking some (not all) of the communication. I forwarded all ports to my computer (ie. it's in the DMZ), but LDAP is not working correctly. Bye Johannes -- --//-- // PGP at https://pegasos.dnsalias.org/~jgeiss/pgpkey.txt \\ //Johannes R. GeissPandora, Zaurus, Pegasos, Amiga and C64 --\X/- signature.asc Description: PGP signature
Re: [gentoo-user] OpenLDAP works only at localhost, not from outside
On Wednesday, August 31, 2011 06:24:26 PM Johannes Geiss wrote: > Hi there, > > I want to access my LDAP-data from anywhere on the internet but I only > get it working on localhost. > > I installed OpenLDAP 2.4.24, and tried to do the tutorial at > > http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html > > The LDAP database works fine from localhost with > > ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h localhost > > but if I try to do it from the outside (ie. the IP address my router > gave me via DHCP) What do you mean with, "outside"? > > ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h xxx.xxx.xxx.xxx > > I get the output "ldap_initialize( ldap://xxx.xxx.xxx.xxx )" and the > client hangs. > > The slapd server prints > > slap_listener_activate(6): > >>> slap_listener(ldap:///) Interesting, this should indicate that it does bind to all interfaces. > > and hangs at this point until I Ctrl-C the client or wait approx. 5 > Minutes. 5 minutes is a time-out. > Does anybody successfully installed an LDAP-service with access from > the outside? What is the content of slapd.conf? Yes, slapd.conf doesn't decide this though > > Did I miss anything else? If it weren't for the log from the slapd logs, I'd answer with the following bit: First the short answer: *** /etc/conf.d/slapd *** # conf.d file for openldap # OPTS="-f /etc/openldap/slapd.conf -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock' -4" * The long answer: You need to configure "slapd" to listen to all interfaces, you do this by setting the "-h " options correctly. I use both SSL and non-SSL for my LDAP and also set a socket-file: " -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" See "man slapd" for more information. However, the logs show that this should already work. This makes me wonder about the following possible causes: 1) Outside = on the other side of the router 2) A firewall on your machine is blocking access These have the following solutions: 1) Forward the correct port (386) to your machine 2) Reconfigure your firewall Another thing to try would be to check if there is actually something listening on the correct port: # netstat -an | grep 389 This should return a line like: ** tcp0 0 0.0.0.0:389 0.0.0.0:* LISTEN ** You could also have a look at the Gentoo-LDAP page: http://www.gentoo.org/doc/en/ldap-howto.xml Hope this helps. -- Joost
[gentoo-user] OpenLDAP works only at localhost, not from outside
Hi there, I want to access my LDAP-data from anywhere on the internet but I only get it working on localhost. I installed OpenLDAP 2.4.24, and tried to do the tutorial at http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html The LDAP database works fine from localhost with ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h localhost but if I try to do it from the outside (ie. the IP address my router gave me via DHCP) ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h xxx.xxx.xxx.xxx I get the output "ldap_initialize( ldap://xxx.xxx.xxx.xxx )" and the client hangs. The slapd server prints slap_listener_activate(6): >>> slap_listener(ldap:///) connection_get(17): got connid=1000 connection_read(17): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 12 contents: op tag 0x60, time 1314787890 ber_get_next conn=1000 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> do_bind: version=3 dn="" method=128 send_ldap_result: conn=1000 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 17 do_bind: v3 anonymous bind and hangs at this point until I Ctrl-C the client or wait approx. 5 Minutes. Does anybody successfully installed an LDAP-service with access from the outside? What is the content of slapd.conf? Did I miss anything else? Thank you for any suggestions Johannes -- --//-- // PGP at https://pegasos.dnsalias.org/~jgeiss/pgpkey.txt \\ //Johannes R. GeissPandora, Zaurus, Pegasos, Amiga and C64 --\X/- signature.asc Description: PGP signature