Fedora Linux Support Community & Resources Center
  #1  
Old 21st February 2007, 09:05 AM
wouterzzzzz Offline
Registered User
 
Join Date: Jan 2007
Posts: 22
LDAP: Can't contact LDAP server

Hi all,
I'm trying to get an LDAP server up and running, nut I'm having some trouble accessing it from "the outside world". Everything seems to work locally (I can add stuff, search it, it returns results etc). Only when I try to do this from another computer, it keeps saying:
ldap_bind: Can't contact LDAP server (-1)

I changed my ldap.conf to include my host, my netstat seems to be fine:
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 :::389 :::* LISTEN

I use this command to search:
ldapsearch -h correct.hostname -D -v "cn=Manager,dc=example" -x -W -b "dc=example" mail

In my hosts.allow I added slapd: ALL and ldap: ALL. Still, it refuses to connect. Who can help me?
Thanks!
Wouter
Reply With Quote
  #2  
Old 21st February 2007, 02:32 PM
duanecu Offline
Registered User
 
Join Date: Mar 2006
Location: South Bend, IN - USA
Age: 43
Posts: 34
My first thought would be to check the firewall and SELinux settings.
Reply With Quote
  #3  
Old 21st February 2007, 02:36 PM
wouterzzzzz Offline
Registered User
 
Join Date: Jan 2007
Posts: 22
Since I consider myself still a newbie: what should I be looking for regarding OpenLDAP and my firewall/ SELinux settings?
Reply With Quote
  #4  
Old 22nd February 2007, 10:22 AM
wouterzzzzz Offline
Registered User
 
Join Date: Jan 2007
Posts: 22
Ok, so I added the port for LDAP to the firewall settings and now it works. But is this the right way to do it, or am I exposing myself to hack attempts by doing this?
Reply With Quote
  #5  
Old 22nd February 2007, 01:20 PM
duanecu Offline
Registered User
 
Join Date: Mar 2006
Location: South Bend, IN - USA
Age: 43
Posts: 34
I'm not security expert myself, but as long as you've only updated the firewall settings just enough to allow OpenLDAP to do its basic operation that you need - then you should be fine. That way, you're relying on OpenLDAP to secure that port. It sounds scary, but OpenLDAP will provide its own security updates.

At lease that's how I've come to think of it (not an LDAP admin ... yet). Anyone else have better/more advice?
Reply With Quote
  #6  
Old 22nd February 2007, 01:51 PM
ibbo Offline
Registered User
 
Join Date: Jun 2005
Location: Leeds
Posts: 1,264
If you definately need to hook up form outside your subnet you have few options but to open your port in your firewall.
However as you also use tcpwrappers (hosts.allow etc) you can use that to allow only connections from your machine.

So
hosts.deny
ALL:ALL

hosts.allow
slapd: your-host-ip. or ALL: your-host-ip (as you know your safe)

This at least will reject all access to your machine bar ldap request coming from your computer outside of the subnet.
You should be safe (though don't be complacent and ccheck check check).

Ibbo
__________________
A Hangover Lasts A Day, But Our Drunken Memories Last A Lifetime
--
Linux user #349545
(GNU/Linux)iD8DBQBAzWjX+MZAIjBWXGURAmflAKCntuBbuKCWenpm XoA7LNydllVQOwCfdjyzXscddzQvlhBedAcD7qfKmHo==zx0H
Reply With Quote
  #7  
Old 22nd February 2007, 02:44 PM
wouterzzzzz Offline
Registered User
 
Join Date: Jan 2007
Posts: 22
Thanks for the answer, but since I want to be able to explore my address book from multiple computers, I do not have a single "your-host-ip" to add to the hosts.allow. Though a thing I might do of course is change the default port of LDAP to make it less obvious.
Reply With Quote
  #8  
Old 16th March 2007, 10:34 AM
mohit_fedora Offline
Registered User
 
Join Date: Mar 2007
Posts: 1
Hi I am new to LDAP. I've configured openldap server as per guided in linuxhomenetworking.com. I am not able to connect to Ldap server which is at FC-3 with Ldap client which is at FC-5.

Is it necessary to use same versions of Fedora Core on both client & server.
I am getting the following error in /var/log/messages on client ldap:
nss_ldap: failed to bind to ldap server to ldap

Please suggest....Thanks a lot
Reply With Quote
Reply

Tags
contact, ldap, server

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why is LDAP so complicated?!! LDAP server config question tornadof3 Servers & Networking 3 11th January 2008 02:04 PM
SAMBA+LDAP Can't contact LDAP server cobra_tiger Using Fedora 0 31st July 2006 03:35 PM


Current GMT-time: 01:18 (Thursday, 28-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat