subject:"\[gentoo\-user\] OpenLDAP works only at localhost, not from outside"

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

2011-09-06 Thread Michael Mol

On Mon, Sep 5, 2011 at 12:50 AM, Johannes Geiss johannes.ge...@web.de wrote:
 On Fri, 02 Sep 2011 08:50:46 +0200
 Joost Roeleveld jo...@antarean.org wrote:

 What do you mean with, outside?

 I meant from another place via the Internet through my router to my
 computer.


 [...]

 Hope this helps.

 Yes, your suggestions helped. Thank you very much. Though it doesn't
 solve the problem. Now I know I did everything right at my
 LDAP-server, but the problem is my router (Speedport W 503V Typ C).
 It's blocking some (not all) of the communication. I forwarded all
 ports to my computer (ie. it's in the DMZ), but LDAP is not working
 correctly.


It could be that your ISP has a firewall. You might try nmapping your
public IP address from elsewhere, and verifying that everything you
think is open, is open.

-- 
:wq

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

2011-09-05 Thread Joost Roeleveld

On Monday, September 05, 2011 06:50:35 AM Johannes Geiss wrote:
 On Fri, 02 Sep 2011 08:50:46 +0200
 
 Joost Roeleveld jo...@antarean.org wrote:
  What do you mean with, outside?
 
 I meant from another place via the Internet through my router to my
 computer.

I suspected this to be the case.

 
  [...]
  
  Hope this helps.
 
 Yes, your suggestions helped. Thank you very much. Though it doesn't
 solve the problem. Now I know I did everything right at my
 LDAP-server, but the problem is my router (Speedport W 503V Typ C).
 It's blocking some (not all) of the communication. I forwarded all
 ports to my computer (ie. it's in the DMZ), but LDAP is not working
 correctly.

How did you forward all ports?
I never specify a port-range for port-forwarding, but only specific ports.

I am not familiar with the router you are using, but is there an option to 
specify a specific port?

Alternatively, you could try using port-forwarding/tunneling using SSH-
connections. Your LDAP-client should be able to hitch a ride over that 
connection if you set up the tunnel.

If you google for ssh portforwarding you should find some examples and 
explanations for this.

--
Joost

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

2011-09-04 Thread Johannes Geiss

On Fri, 02 Sep 2011 08:50:46 +0200
Joost Roeleveld jo...@antarean.org wrote:

 What do you mean with, outside?

I meant from another place via the Internet through my router to my
computer.


 [...]

 Hope this helps.

Yes, your suggestions helped. Thank you very much. Though it doesn't
solve the problem. Now I know I did everything right at my
LDAP-server, but the problem is my router (Speedport W 503V Typ C).
It's blocking some (not all) of the communication. I forwarded all
ports to my computer (ie. it's in the DMZ), but LDAP is not working
correctly. 

Bye
Johannes
-- 

--//--
 // PGP at https://pegasos.dnsalias.org/~jgeiss/pgpkey.txt
 \\ //Johannes R. GeissPandora, Zaurus, Pegasos, Amiga and C64
--\X/-


signature.asc
Description: PGP signature

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

2011-09-02 Thread Joost Roeleveld

On Wednesday, August 31, 2011 06:24:26 PM Johannes Geiss wrote:
 Hi there,
 
 I want to access my LDAP-data from anywhere on the internet but I only
 get it working on localhost.
 
 I installed OpenLDAP 2.4.24, and tried to do the tutorial at
 
 http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html
 
 The LDAP database works fine from localhost with
 
 ldapsearch -vLx -b o=stooges (sn=Fine) -h localhost
 
 but if I try to do it from the outside (ie. the IP address my router
 gave me via DHCP)

What do you mean with, outside?
 
 ldapsearch -vLx -b o=stooges (sn=Fine) -h xxx.xxx.xxx.xxx
 
 I get the output ldap_initialize( ldap://xxx.xxx.xxx.xxx ) and the
 client hangs.
 
 The slapd server prints
 
 slap_listener_activate(6):
  slap_listener(ldap:///)

Interesting, this should indicate that it does bind to all interfaces.

 
 and hangs at this point until I Ctrl-C the client or wait approx. 5
 Minutes.

5 minutes is a time-out.

 Does anybody successfully installed an LDAP-service with access from
 the outside? What is the content of slapd.conf?

Yes, slapd.conf doesn't decide this though
 
 Did I miss anything else?

If it weren't for the log from the slapd logs, I'd answer with the following 
bit:

First the short answer:
*** /etc/conf.d/slapd ***
# conf.d file for openldap
#
OPTS=-f /etc/openldap/slapd.conf -h 'ldaps:// ldap:// 
ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock' -4
*

The long answer:

You need to configure slapd to listen to all interfaces, you do this by 
setting the -h  options correctly. I use both SSL and non-SSL for my LDAP 
and also set a socket-file:
 -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'

See man slapd for more information.

However, the logs show that this should already work.
This makes me wonder about the following possible causes:

1) Outside = on the other side of the router
2) A firewall on your machine is blocking access

These have the following solutions:
1) Forward the correct port (386) to your machine
2) Reconfigure your firewall

Another thing to try would be to check if there is actually something 
listening on the correct port:
# netstat -an | grep 389

This should return a line like:
**
tcp0  0 0.0.0.0:389 0.0.0.0:*   LISTEN 
**

You could also have a look at the Gentoo-LDAP page:
http://www.gentoo.org/doc/en/ldap-howto.xml

Hope this helps.

--
Joost

[gentoo-user] OpenLDAP works only at localhost, not from outside

2011-08-31 Thread Johannes Geiss

Hi there,

I want to access my LDAP-data from anywhere on the internet but I only
get it working on localhost.

I installed OpenLDAP 2.4.24, and tried to do the tutorial at

http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html

The LDAP database works fine from localhost with

ldapsearch -vLx -b o=stooges (sn=Fine) -h localhost

but if I try to do it from the outside (ie. the IP address my router
gave me via DHCP)

ldapsearch -vLx -b o=stooges (sn=Fine) -h xxx.xxx.xxx.xxx

I get the output ldap_initialize( ldap://xxx.xxx.xxx.xxx ) and the
client hangs.

The slapd server prints

slap_listener_activate(6):
 slap_listener(ldap:///)
connection_get(17): got connid=1000
connection_read(17): checking for input on id=1000
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
op tag 0x60, time 1314787890
ber_get_next
conn=1000 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
 dnPrettyNormal: 
 dnPrettyNormal: , 
do_bind: version=3 dn= method=128
send_ldap_result: conn=1000 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 17
do_bind: v3 anonymous bind

and hangs at this point until I Ctrl-C the client or wait approx. 5
Minutes.

Does anybody successfully installed an LDAP-service with access from
the outside? What is the content of slapd.conf?

Did I miss anything else?

Thank you for any suggestions
Johannes
-- 

--//--
 // PGP at https://pegasos.dnsalias.org/~jgeiss/pgpkey.txt
 \\ //Johannes R. GeissPandora, Zaurus, Pegasos, Amiga and C64
--\X/-


signature.asc
Description: PGP signature

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

Re: [gentoo-user] OpenLDAP works only at localhost, not from outside

[gentoo-user] OpenLDAP works only at localhost, not from outside

5 matches

Site Navigation

Mail list logo

Footer information