[K12OSN] still banging my head against Ubuntu 8 authenticating against LDAP
Rob Owens
rob.owens at biochemfluidics.com
Wed Sep 24 11:13:30 UTC 2008
John Lucas wrote:
> Micha Silver wrote:
>> Carl Keil wrote:
>>> So,
>>>
>>> When I run "ldapsearch 10.0.1.252 domain.com -x" on the LDAP server,
>>> I get a list of all the people in the LDAP database. When I run the
>>> same search from the client I get a message saying that it can't
>>> contact the LDAP server. I've dropped the firewall on the server and
>>> I can ping the server.
>>> Anyone have any idea what the problem could be? How do you tell LDAP
>>> to listen to outside ports?
>>>
>> As far as I know, two things will block access to an ldap server.
>> 1- Either the firewall is not allowing traffic in on port 389 . This
>> you can check with iptables -nvL. You should see a line ACCEPTing
>> packets from whoever should be able to query the ldap server. (I'm not
>> sure what you mean by "dropped the firewall..." ?)
>> or
>> 2- Access limited by "access" rules in your slapd.conf file
>> (/etc/openldap/slapd.conf). The default, if there are no access rules,
>> is to allow everyone read access, and only the root user to write.
>>
>
> You might also make sure that there is an "ldap" stanza allowing access
> in /etc/hosts.allow.
>
It could also be that your /etc/ldap.conf (or /etc/ldap/ldap.conf) file
is screwed up. It could also be that there's a certificate problem.
Post your config files and maybe someone can pick out an error.
-Rob
********************************************************
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If you are not the addressee, any disclosure, reproduction,
copying, distribution, or other dissemination or use of this transmission in
error please notify the sender immediately and then delete this e-mail.
E-mail transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted lost, destroyed, arrive late or
incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message which arise as a result of e-mail
transmission. If verification is required please request a hard copy
version.
********************************************************
More information about the K12OSN
mailing list