1 |
On Wednesday, August 31, 2011 06:24:26 PM Johannes Geiss wrote: |
2 |
> Hi there, |
3 |
> |
4 |
> I want to access my LDAP-data from anywhere on the internet but I only |
5 |
> get it working on localhost. |
6 |
> |
7 |
> I installed OpenLDAP 2.4.24, and tried to do the tutorial at |
8 |
> |
9 |
> http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html |
10 |
> |
11 |
> The LDAP database works fine from localhost with |
12 |
> |
13 |
> ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h localhost |
14 |
> |
15 |
> but if I try to do it from the outside (ie. the IP address my router |
16 |
> gave me via DHCP) |
17 |
|
18 |
What do you mean with, "outside"? |
19 |
> |
20 |
> ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h xxx.xxx.xxx.xxx |
21 |
> |
22 |
> I get the output "ldap_initialize( ldap://xxx.xxx.xxx.xxx )" and the |
23 |
> client hangs. |
24 |
> |
25 |
> The slapd server prints |
26 |
> |
27 |
> slap_listener_activate(6): |
28 |
> >>> slap_listener(ldap:///) |
29 |
|
30 |
Interesting, this should indicate that it does bind to all interfaces. |
31 |
|
32 |
> |
33 |
> and hangs at this point until I Ctrl-C the client or wait approx. 5 |
34 |
> Minutes. |
35 |
|
36 |
5 minutes is a time-out. |
37 |
|
38 |
> Does anybody successfully installed an LDAP-service with access from |
39 |
> the outside? What is the content of slapd.conf? |
40 |
|
41 |
Yes, slapd.conf doesn't decide this though |
42 |
> |
43 |
> Did I miss anything else? |
44 |
|
45 |
If it weren't for the log from the slapd logs, I'd answer with the following |
46 |
bit: |
47 |
|
48 |
First the short answer: |
49 |
*** /etc/conf.d/slapd *** |
50 |
# conf.d file for openldap |
51 |
# |
52 |
OPTS="-f /etc/openldap/slapd.conf -h 'ldaps:// ldap:// |
53 |
ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock' -4" |
54 |
********* |
55 |
|
56 |
The long answer: |
57 |
|
58 |
You need to configure "slapd" to listen to all interfaces, you do this by |
59 |
setting the "-h " options correctly. I use both SSL and non-SSL for my LDAP |
60 |
and also set a socket-file: |
61 |
" -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" |
62 |
|
63 |
See "man slapd" for more information. |
64 |
|
65 |
However, the logs show that this should already work. |
66 |
This makes me wonder about the following possible causes: |
67 |
|
68 |
1) Outside = on the other side of the router |
69 |
2) A firewall on your machine is blocking access |
70 |
|
71 |
These have the following solutions: |
72 |
1) Forward the correct port (386) to your machine |
73 |
2) Reconfigure your firewall |
74 |
|
75 |
Another thing to try would be to check if there is actually something |
76 |
listening on the correct port: |
77 |
# netstat -an | grep 389 |
78 |
|
79 |
This should return a line like: |
80 |
** |
81 |
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN |
82 |
** |
83 |
|
84 |
You could also have a look at the Gentoo-LDAP page: |
85 |
http://www.gentoo.org/doc/en/ldap-howto.xml |
86 |
|
87 |
Hope this helps. |
88 |
|
89 |
-- |
90 |
Joost |