Re: [gentoo-user] OpenLDAP works only at localhost, not from outside
On Mon, Sep 5, 2011 at 12:50 AM, Johannes Geiss johannes.ge...@web.de wrote: On Fri, 02 Sep 2011 08:50:46 +0200 Joost Roeleveld jo...@antarean.org wrote: What do you mean with, outside? I meant from another place via the Internet through my router to my computer. [...] Hope this helps. Yes, your suggestions helped. Thank you very much. Though it doesn't solve the problem. Now I know I did everything right at my LDAP-server, but the problem is my router (Speedport W 503V Typ C). It's blocking some (not all) of the communication. I forwarded all ports to my computer (ie. it's in the DMZ), but LDAP is not working correctly. It could be that your ISP has a firewall. You might try nmapping your public IP address from elsewhere, and verifying that everything you think is open, is open. -- :wq
Re: [gentoo-user] OpenLDAP works only at localhost, not from outside
On Monday, September 05, 2011 06:50:35 AM Johannes Geiss wrote: On Fri, 02 Sep 2011 08:50:46 +0200 Joost Roeleveld jo...@antarean.org wrote: What do you mean with, outside? I meant from another place via the Internet through my router to my computer. I suspected this to be the case. [...] Hope this helps. Yes, your suggestions helped. Thank you very much. Though it doesn't solve the problem. Now I know I did everything right at my LDAP-server, but the problem is my router (Speedport W 503V Typ C). It's blocking some (not all) of the communication. I forwarded all ports to my computer (ie. it's in the DMZ), but LDAP is not working correctly. How did you forward all ports? I never specify a port-range for port-forwarding, but only specific ports. I am not familiar with the router you are using, but is there an option to specify a specific port? Alternatively, you could try using port-forwarding/tunneling using SSH- connections. Your LDAP-client should be able to hitch a ride over that connection if you set up the tunnel. If you google for ssh portforwarding you should find some examples and explanations for this. -- Joost
Re: [gentoo-user] OpenLDAP works only at localhost, not from outside
On Fri, 02 Sep 2011 08:50:46 +0200 Joost Roeleveld jo...@antarean.org wrote: What do you mean with, outside? I meant from another place via the Internet through my router to my computer. [...] Hope this helps. Yes, your suggestions helped. Thank you very much. Though it doesn't solve the problem. Now I know I did everything right at my LDAP-server, but the problem is my router (Speedport W 503V Typ C). It's blocking some (not all) of the communication. I forwarded all ports to my computer (ie. it's in the DMZ), but LDAP is not working correctly. Bye Johannes -- --//-- // PGP at https://pegasos.dnsalias.org/~jgeiss/pgpkey.txt \\ //Johannes R. GeissPandora, Zaurus, Pegasos, Amiga and C64 --\X/- signature.asc Description: PGP signature
Re: [gentoo-user] OpenLDAP works only at localhost, not from outside
On Wednesday, August 31, 2011 06:24:26 PM Johannes Geiss wrote: Hi there, I want to access my LDAP-data from anywhere on the internet but I only get it working on localhost. I installed OpenLDAP 2.4.24, and tried to do the tutorial at http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html The LDAP database works fine from localhost with ldapsearch -vLx -b o=stooges (sn=Fine) -h localhost but if I try to do it from the outside (ie. the IP address my router gave me via DHCP) What do you mean with, outside? ldapsearch -vLx -b o=stooges (sn=Fine) -h xxx.xxx.xxx.xxx I get the output ldap_initialize( ldap://xxx.xxx.xxx.xxx ) and the client hangs. The slapd server prints slap_listener_activate(6): slap_listener(ldap:///) Interesting, this should indicate that it does bind to all interfaces. and hangs at this point until I Ctrl-C the client or wait approx. 5 Minutes. 5 minutes is a time-out. Does anybody successfully installed an LDAP-service with access from the outside? What is the content of slapd.conf? Yes, slapd.conf doesn't decide this though Did I miss anything else? If it weren't for the log from the slapd logs, I'd answer with the following bit: First the short answer: *** /etc/conf.d/slapd *** # conf.d file for openldap # OPTS=-f /etc/openldap/slapd.conf -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock' -4 * The long answer: You need to configure slapd to listen to all interfaces, you do this by setting the -h options correctly. I use both SSL and non-SSL for my LDAP and also set a socket-file: -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock' See man slapd for more information. However, the logs show that this should already work. This makes me wonder about the following possible causes: 1) Outside = on the other side of the router 2) A firewall on your machine is blocking access These have the following solutions: 1) Forward the correct port (386) to your machine 2) Reconfigure your firewall Another thing to try would be to check if there is actually something listening on the correct port: # netstat -an | grep 389 This should return a line like: ** tcp0 0 0.0.0.0:389 0.0.0.0:* LISTEN ** You could also have a look at the Gentoo-LDAP page: http://www.gentoo.org/doc/en/ldap-howto.xml Hope this helps. -- Joost
[gentoo-user] OpenLDAP works only at localhost, not from outside
Hi there, I want to access my LDAP-data from anywhere on the internet but I only get it working on localhost. I installed OpenLDAP 2.4.24, and tried to do the tutorial at http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html The LDAP database works fine from localhost with ldapsearch -vLx -b o=stooges (sn=Fine) -h localhost but if I try to do it from the outside (ie. the IP address my router gave me via DHCP) ldapsearch -vLx -b o=stooges (sn=Fine) -h xxx.xxx.xxx.xxx I get the output ldap_initialize( ldap://xxx.xxx.xxx.xxx ) and the client hangs. The slapd server prints slap_listener_activate(6): slap_listener(ldap:///) connection_get(17): got connid=1000 connection_read(17): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 12 contents: op tag 0x60, time 1314787890 ber_get_next conn=1000 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: dnPrettyNormal: dnPrettyNormal: , do_bind: version=3 dn= method=128 send_ldap_result: conn=1000 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 17 do_bind: v3 anonymous bind and hangs at this point until I Ctrl-C the client or wait approx. 5 Minutes. Does anybody successfully installed an LDAP-service with access from the outside? What is the content of slapd.conf? Did I miss anything else? Thank you for any suggestions Johannes -- --//-- // PGP at https://pegasos.dnsalias.org/~jgeiss/pgpkey.txt \\ //Johannes R. GeissPandora, Zaurus, Pegasos, Amiga and C64 --\X/- signature.asc Description: PGP signature