[CentOS] LDAP/iptables
Thomas E Dukes
edukes at alltel.net
Mon Sep 5 17:57:34 UTC 2005
> -----Original Message-----
> From: centos-bounces at centos.org
> [mailto:centos-bounces at centos.org] On Behalf Of Sean O'Connell
> Sent: Monday, September 05, 2005 12:57 PM
> To: CentOS mailing list
> Subject: RE: [CentOS] LDAP/iptables
>
> On Mon, 2005-09-05 at 08:06 -0400, Thomas E Dukes wrote:
> > Hello Sean,
> >
> > Here's the output for ps -ef | grep slapd:
> >
> > ldap 1928 1 0 00:03 ? 00:00:00
> /usr/sbin/slapd -u ldap -h
> > ldap:///
> > root 15066 15003 0 07:29 tty1 00:00:00 grep slapd
> > >
> > > (or pgrep -l slapd). You can also use service slapd
> status (though,
> > > this isn't always 100% reliable).
> > >
> > > The openldap server, outputs to syslog on local4 by default.
> > > It's possible that there are errors or issues with your
> > > /etc/openldap/slapd.conf that are causing slapd to fail to start.
> > > You can edit /etc/syslog.conf and add a few lines like
> > >
> > > local4.* /var/log/ldap.log
> > >
> > > Then run service syslog restart (or HUP syslogd) to pickup the
> > > changes.
> >
> > Here's the output to ldap.log after adding the above to syslog:
> >
> > Sep 5 07:43:43 palmettodomains slapd[15571]: @(#) $OpenLDAP: slapd
> > 2.2.13 (Apr 28 2005 19:30:08) $
> >
> buildsys at bob:/home/buildsys/rpmbuild/BUILD/openldap-2.2.13/openldap-2.
> > 2.13/b
> > uild-servers/servers/slapd
> > Sep 5 07:43:43 palmettodomains slapd[15571]: bdb_initialize:
> > Sleepycat
> > Software: Berkeley DB 4.2.52: (December 3, 2003) Sep 5 07:43:43
> > palmettodomains slapd[15571]: bdb_initialize: Sleepycat
> > Software: Berkeley DB 4.2.52: (December 3, 2003) Sep 5 07:43:43
> > palmettodomains slapd[15571]: bdb_db_init: Initializing BDB database
> >
> > I think everthing is running but I can't connect to port 389.
> >
> > Can you think of anything els?
>
> How are you trying to connect to the ldap service? Are you
> trying to connect via ldapsearch? or just telnet hostname 389 ?
>
> If you do an
>
> lsof -p 1928
>
> (assuming slapd is still 1928 :) does it show it listening on
> any TCP ports?
Hello Sean,
Here's the output from lsof -p 1928:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
slapd 1928 ldap cwd DIR 3,2 4096 2 /
slapd 1928 ldap rtd DIR 3,2 4096 2 /
slapd 1928 ldap txt REG 3,2 1290940 637712 /usr/sbin/slapd
slapd 1928 ldap mem REG 3,2 221792 229136
/lib/libssl.so.0.9.7a
slapd 1928 ldap mem REG 3,2 53654 229201
/lib/libcrypt-2.3.4.so
slapd 1928 ldap mem REG 3,2 485961 277480
/lib/tls/i486/libpthread-2.3.4.so
slapd 1928 ldap mem REG 3,2 28504 377263
/usr/lib/libwrap.so.0.7.6
slapd 1928 ldap mem REG 3,2 15216 571286
/usr/lib/sasl2/libcrammd5.so.2.0.19
slapd 1928 ldap mem REG 3,2 13392 571319
/usr/lib/sasl2/libplain.so.2.0.19
slapd 1928 ldap mem REG 3,2 998912 229121
/lib/libcrypto.so.0.9.7a
slapd 1928 ldap mem REG 3,2 427444 377412
/usr/lib/libkrb5.so.3.2
slapd 1928 ldap mem REG 3,2 140140 378154
/usr/lib/libk5crypto.so.3.0
slapd 1928 ldap mem REG 3,2 230500 229168
/lib/libnss_nisplus-2.3.4.so
slapd 1928 ldap mem REG 3,2 783456 571274
/usr/lib/sasl2/libsasldb.so.2.0.19
slapd 1928 ldap mem REG 3,2 21348 577260
/usr/lib/sasl2/libsql.so.2.0.19
slapd 1928 ldap mem REG 3,2 534768 277479
/lib/tls/i486/libm-2.3.4.so
slapd 1928 ldap mem REG 3,2 82320 1910146
/usr/lib/libsasl2.so.2.0.19
slapd 1928 ldap mem REG 3,2 1046360 505949
/usr/lib/mysql/libmysqlclient.so.14.0.0
slapd 1928 ldap mem REG 3,2 58211 229158
/lib/libnss_dns-2.3.4.so
slapd 1928 ldap mem REG 3,2 86532 377520
/usr/lib/libgssapi_krb5.so.2.2
slapd 1928 ldap mem REG 3,2 65580 378295
/usr/lib/libz.so.1.2.1.2
slapd 1928 ldap mem REG 3,2 13264 571315
/usr/lib/sasl2/liblogin.so.2.0.19
slapd 1928 ldap mem REG 3,2 411410 228487
/lib/libnsl-2.3.4.so
slapd 1928 ldap mem REG 3,2 783484 572022
/usr/lib/tls/libslapd_db-4.2.so
slapd 1928 ldap mem REG 3,2 519365 228485 /lib/ld-2.3.4.so
slapd 1928 ldap mem REG 3,2 108396 228489 /lib/libdl-2.3.4.so
slapd 1928 ldap mem REG 3,2 22292 577256
/usr/lib/sasl2/libgssapiv2.so.2.0.19
slapd 1928 ldap mem REG 3,2 113876 376534
/usr/lib/libpq.so.3.1
slapd 1928 ldap mem REG 3,2 42964 571290
/usr/lib/sasl2/libdigestmd5.so.2.0.19
slapd 1928 ldap mem REG 3,2 29104 577248
/usr/lib/sasl2/libntlm.so.2.0.19
slapd 1928 ldap mem REG 3,2 5620585 277447
/lib/tls/i486/libc-2.3.4.so
slapd 1928 ldap mem REG 3,2 7168 229119
/lib/libcom_err.so.2.1
slapd 1928 ldap mem REG 3,2 264753 229144
/lib/libresolv-2.3.4.so
slapd 1928 ldap mem REG 3,2 186343 229234
/lib/libnss_files-2.3.4.so
slapd 1928 ldap mem REG 3,2 12852 571270
/usr/lib/sasl2/libanonymous.so.2.0.19
slapd 1928 ldap mem REG 3,2 16384 1731793
/var/lib/ldap/__db.001
slapd 1928 ldap 0u CHR 1,3 1401 /dev/null
slapd 1928 ldap 1u CHR 1,3 1401 /dev/null
slapd 1928 ldap 2u CHR 1,3 1401 /dev/null
slapd 1928 ldap 3u unix 0xd7639b80 4289 socket
slapd 1928 ldap 4r FIFO 0,7 4290 pipe
slapd 1928 ldap 5w FIFO 0,7 4290 pipe
slapd 1928 ldap 6u sock 0,4 4293 can't identify
protocol
slapd 1928 ldap 7u sock 0,4 4294 can't identify
protocol
>From the above, I don't see it listening to port 389, but I'm not really
sure what its telling me. :-)
>
> Have you tried telnet localhost 389 (to rule out any firewall
> oddities)?
Yes, it won't connect to port 389. I also tried 25 and 110. I can telnet
to these ports fine. I use the same ruleset to open those ports.
> If you just try the following it should at the very least
> connect and ask you for a password.
>
> ldapsearch -v -v -H ldap://localhost
When I run the above, I get:
ldap_initialize( ldap://localhost )
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Thanks again!!
Eddie
>
>
> --
> Sean
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list