Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

2011-09-06 Thread Michael Mol 
On Mon, Sep 5, 2011 at 12:50 AM, Johannes Geiss  wrote:
> On Fri, 02 Sep 2011 08:50:46 +0200
> Joost Roeleveld  wrote:
>
>> What do you mean with, "outside"?
>
> I meant from another place via the Internet through my router to my
> computer.
>
>
>> [...]
>
>> Hope this helps.
>
> Yes, your suggestions helped. Thank you very much. Though it doesn't
> solve the problem. Now I know I did everything right at my
> LDAP-server, but the problem is my router (Speedport W 503V Typ C).
> It's blocking some (not all) of the communication. I forwarded all
> ports to my computer (ie. it's in the DMZ), but LDAP is not working
> correctly.


It could be that your ISP has a firewall. You might try nmapping your
public IP address from elsewhere, and verifying that everything you
think is open, is open.

-- 
:wq

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

2011-09-05 Thread Joost Roeleveld 
On Monday, September 05, 2011 06:50:35 AM Johannes Geiss wrote:
> On Fri, 02 Sep 2011 08:50:46 +0200
> 
> Joost Roeleveld  wrote:
> > What do you mean with, "outside"?
> 
> I meant from another place via the Internet through my router to my
> computer.

I suspected this to be the case.

> 
> > [...]
> > 
> > Hope this helps.
> 
> Yes, your suggestions helped. Thank you very much. Though it doesn't
> solve the problem. Now I know I did everything right at my
> LDAP-server, but the problem is my router (Speedport W 503V Typ C).
> It's blocking some (not all) of the communication. I forwarded all
> ports to my computer (ie. it's in the DMZ), but LDAP is not working
> correctly.

How did you forward all ports?
I never specify a port-range for port-forwarding, but only specific ports.

I am not familiar with the router you are using, but is there an option to 
specify a specific port?

Alternatively, you could try using port-forwarding/tunneling using SSH-
connections. Your LDAP-client should be able to hitch a ride over that 
connection if you set up the tunnel.

If you google for "ssh portforwarding" you should find some examples and 
explanations for this.

--
Joost

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

2011-09-04 Thread Johannes Geiss 
On Fri, 02 Sep 2011 08:50:46 +0200
Joost Roeleveld  wrote:

> What do you mean with, "outside"?

I meant from another place via the Internet through my router to my
computer.


> [...]

> Hope this helps.

Yes, your suggestions helped. Thank you very much. Though it doesn't
solve the problem. Now I know I did everything right at my
LDAP-server, but the problem is my router (Speedport W 503V Typ C).
It's blocking some (not all) of the communication. I forwarded all
ports to my computer (ie. it's in the DMZ), but LDAP is not working
correctly. 

Bye
Johannes
-- 

--//--
 // PGP at https://pegasos.dnsalias.org/~jgeiss/pgpkey.txt
 \\ //Johannes R. GeissPandora, Zaurus, Pegasos, Amiga and C64
--\X/-


signature.asc
Description: PGP signature

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

2011-09-01 Thread Joost Roeleveld 
On Wednesday, August 31, 2011 06:24:26 PM Johannes Geiss wrote:
> Hi there,
> 
> I want to access my LDAP-data from anywhere on the internet but I only
> get it working on localhost.
> 
> I installed OpenLDAP 2.4.24, and tried to do the tutorial at
> 
> http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html
> 
> The LDAP database works fine from localhost with
> 
> ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h localhost
> 
> but if I try to do it from the outside (ie. the IP address my router
> gave me via DHCP)

What do you mean with, "outside"?
> 
> ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h xxx.xxx.xxx.xxx
> 
> I get the output "ldap_initialize( ldap://xxx.xxx.xxx.xxx )" and the
> client hangs.
> 
> The slapd server prints
> 
> slap_listener_activate(6):
> >>> slap_listener(ldap:///)

Interesting, this should indicate that it does bind to all interfaces.

> 
> and hangs at this point until I Ctrl-C the client or wait approx. 5
> Minutes.

5 minutes is a time-out.

> Does anybody successfully installed an LDAP-service with access from
> the outside? What is the content of slapd.conf?

Yes, slapd.conf doesn't decide this though
> 
> Did I miss anything else?

If it weren't for the log from the slapd logs, I'd answer with the following 
bit:

First the short answer:
*** /etc/conf.d/slapd ***
# conf.d file for openldap
#
OPTS="-f /etc/openldap/slapd.conf -h 'ldaps:// ldap:// 
ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock' -4"
*

The long answer:

You need to configure "slapd" to listen to all interfaces, you do this by 
setting the "-h " options correctly. I use both SSL and non-SSL for my LDAP 
and also set a socket-file:
" -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"

See "man slapd" for more information.

However, the logs show that this should already work.
This makes me wonder about the following possible causes:

1) Outside = on the other side of the router
2) A firewall on your machine is blocking access

These have the following solutions:
1) Forward the correct port (386) to your machine
2) Reconfigure your firewall

Another thing to try would be to check if there is actually something 
listening on the correct port:
# netstat -an | grep 389

This should return a line like:
**
tcp0  0 0.0.0.0:389 0.0.0.0:*   LISTEN 
**

You could also have a look at the Gentoo-LDAP page:
http://www.gentoo.org/doc/en/ldap-howto.xml

Hope this helps.

--
Joost

[gentoo-user] OpenLDAP works only at localhost, not from outside

2011-08-31 Thread Johannes Geiss 
Hi there,

I want to access my LDAP-data from anywhere on the internet but I only
get it working on localhost.

I installed OpenLDAP 2.4.24, and tried to do the tutorial at

http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html

The LDAP database works fine from localhost with

ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h localhost

but if I try to do it from the outside (ie. the IP address my router
gave me via DHCP)

ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h xxx.xxx.xxx.xxx

I get the output "ldap_initialize( ldap://xxx.xxx.xxx.xxx )" and the
client hangs.

The slapd server prints

slap_listener_activate(6):
>>> slap_listener(ldap:///)
connection_get(17): got connid=1000
connection_read(17): checking for input on id=1000
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
op tag 0x60, time 1314787890
ber_get_next
conn=1000 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=1000 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 17
do_bind: v3 anonymous bind

and hangs at this point until I Ctrl-C the client or wait approx. 5
Minutes.

Does anybody successfully installed an LDAP-service with access from
the outside? What is the content of slapd.conf?

Did I miss anything else?

Thank you for any suggestions
Johannes
-- 

--//--
 // PGP at https://pegasos.dnsalias.org/~jgeiss/pgpkey.txt
 \\ //Johannes R. GeissPandora, Zaurus, Pegasos, Amiga and C64
--\X/-


signature.asc
Description: PGP signature