| 1 |
On Wednesday, August 31, 2011 06:24:26 PM Johannes Geiss wrote: |
| 2 |
> Hi there, |
| 3 |
> |
| 4 |
> I want to access my LDAP-data from anywhere on the internet but I only |
| 5 |
> get it working on localhost. |
| 6 |
> |
| 7 |
> I installed OpenLDAP 2.4.24, and tried to do the tutorial at |
| 8 |
> |
| 9 |
> http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html |
| 10 |
> |
| 11 |
> The LDAP database works fine from localhost with |
| 12 |
> |
| 13 |
> ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h localhost |
| 14 |
> |
| 15 |
> but if I try to do it from the outside (ie. the IP address my router |
| 16 |
> gave me via DHCP) |
| 17 |
|
| 18 |
What do you mean with, "outside"? |
| 19 |
> |
| 20 |
> ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h xxx.xxx.xxx.xxx |
| 21 |
> |
| 22 |
> I get the output "ldap_initialize( ldap://xxx.xxx.xxx.xxx )" and the |
| 23 |
> client hangs. |
| 24 |
> |
| 25 |
> The slapd server prints |
| 26 |
> |
| 27 |
> slap_listener_activate(6): |
| 28 |
> >>> slap_listener(ldap:///) |
| 29 |
|
| 30 |
Interesting, this should indicate that it does bind to all interfaces. |
| 31 |
|
| 32 |
> |
| 33 |
> and hangs at this point until I Ctrl-C the client or wait approx. 5 |
| 34 |
> Minutes. |
| 35 |
|
| 36 |
5 minutes is a time-out. |
| 37 |
|
| 38 |
> Does anybody successfully installed an LDAP-service with access from |
| 39 |
> the outside? What is the content of slapd.conf? |
| 40 |
|
| 41 |
Yes, slapd.conf doesn't decide this though |
| 42 |
> |
| 43 |
> Did I miss anything else? |
| 44 |
|
| 45 |
If it weren't for the log from the slapd logs, I'd answer with the following |
| 46 |
bit: |
| 47 |
|
| 48 |
First the short answer: |
| 49 |
*** /etc/conf.d/slapd *** |
| 50 |
# conf.d file for openldap |
| 51 |
# |
| 52 |
OPTS="-f /etc/openldap/slapd.conf -h 'ldaps:// ldap:// |
| 53 |
ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock' -4" |
| 54 |
********* |
| 55 |
|
| 56 |
The long answer: |
| 57 |
|
| 58 |
You need to configure "slapd" to listen to all interfaces, you do this by |
| 59 |
setting the "-h " options correctly. I use both SSL and non-SSL for my LDAP |
| 60 |
and also set a socket-file: |
| 61 |
" -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" |
| 62 |
|
| 63 |
See "man slapd" for more information. |
| 64 |
|
| 65 |
However, the logs show that this should already work. |
| 66 |
This makes me wonder about the following possible causes: |
| 67 |
|
| 68 |
1) Outside = on the other side of the router |
| 69 |
2) A firewall on your machine is blocking access |
| 70 |
|
| 71 |
These have the following solutions: |
| 72 |
1) Forward the correct port (386) to your machine |
| 73 |
2) Reconfigure your firewall |
| 74 |
|
| 75 |
Another thing to try would be to check if there is actually something |
| 76 |
listening on the correct port: |
| 77 |
# netstat -an | grep 389 |
| 78 |
|
| 79 |
This should return a line like: |
| 80 |
** |
| 81 |
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN |
| 82 |
** |
| 83 |
|
| 84 |
You could also have a look at the Gentoo-LDAP page: |
| 85 |
http://www.gentoo.org/doc/en/ldap-howto.xml |
| 86 |
|
| 87 |
Hope this helps. |
| 88 |
|
| 89 |
-- |
| 90 |
Joost |
Archives