[CentOS] LDAP/iptables
Sean O'Connell
oconnell at soe.ucsd.edu
Mon Sep 5 18:37:21 UTC 2005
On Mon, 2005-09-05 at 13:57 -0400, Thomas E Dukes wrote:
> > How are you trying to connect to the ldap service? Are you
> > trying to connect via ldapsearch? or just telnet hostname 389 ?
> >
> > If you do an
> >
> > lsof -p 1928
> >
> > (assuming slapd is still 1928 :) does it show it listening on
> > any TCP ports?
>
> Hello Sean,
>
> Here's the output from lsof -p 1928:
>
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> slapd 1928 ldap cwd DIR 3,2 4096 2 /
> slapd 1928 ldap rtd DIR 3,2 4096 2 /
> slapd 1928 ldap txt REG 3,2 1290940 637712 /usr/sbin/slapd
> slapd 1928 ldap mem REG 3,2 221792 229136
> /lib/libssl.so.0.9.7a
> slapd 1928 ldap mem REG 3,2 53654 229201
> /lib/libcrypt-2.3.4.so
> slapd 1928 ldap mem REG 3,2 485961 277480
> /lib/tls/i486/libpthread-2.3.4.so
> slapd 1928 ldap mem REG 3,2 28504 377263
> /usr/lib/libwrap.so.0.7.6
> slapd 1928 ldap mem REG 3,2 15216 571286
> /usr/lib/sasl2/libcrammd5.so.2.0.19
> slapd 1928 ldap mem REG 3,2 13392 571319
> /usr/lib/sasl2/libplain.so.2.0.19
> slapd 1928 ldap mem REG 3,2 998912 229121
> /lib/libcrypto.so.0.9.7a
> slapd 1928 ldap mem REG 3,2 427444 377412
> /usr/lib/libkrb5.so.3.2
> slapd 1928 ldap mem REG 3,2 140140 378154
> /usr/lib/libk5crypto.so.3.0
> slapd 1928 ldap mem REG 3,2 230500 229168
> /lib/libnss_nisplus-2.3.4.so
> slapd 1928 ldap mem REG 3,2 783456 571274
> /usr/lib/sasl2/libsasldb.so.2.0.19
> slapd 1928 ldap mem REG 3,2 21348 577260
> /usr/lib/sasl2/libsql.so.2.0.19
> slapd 1928 ldap mem REG 3,2 534768 277479
> /lib/tls/i486/libm-2.3.4.so
> slapd 1928 ldap mem REG 3,2 82320 1910146
> /usr/lib/libsasl2.so.2.0.19
> slapd 1928 ldap mem REG 3,2 1046360 505949
> /usr/lib/mysql/libmysqlclient.so.14.0.0
> slapd 1928 ldap mem REG 3,2 58211 229158
> /lib/libnss_dns-2.3.4.so
> slapd 1928 ldap mem REG 3,2 86532 377520
> /usr/lib/libgssapi_krb5.so.2.2
> slapd 1928 ldap mem REG 3,2 65580 378295
> /usr/lib/libz.so.1.2.1.2
> slapd 1928 ldap mem REG 3,2 13264 571315
> /usr/lib/sasl2/liblogin.so.2.0.19
> slapd 1928 ldap mem REG 3,2 411410 228487
> /lib/libnsl-2.3.4.so
> slapd 1928 ldap mem REG 3,2 783484 572022
> /usr/lib/tls/libslapd_db-4.2.so
> slapd 1928 ldap mem REG 3,2 519365 228485 /lib/ld-2.3.4.so
> slapd 1928 ldap mem REG 3,2 108396 228489 /lib/libdl-2.3.4.so
> slapd 1928 ldap mem REG 3,2 22292 577256
> /usr/lib/sasl2/libgssapiv2.so.2.0.19
> slapd 1928 ldap mem REG 3,2 113876 376534
> /usr/lib/libpq.so.3.1
> slapd 1928 ldap mem REG 3,2 42964 571290
> /usr/lib/sasl2/libdigestmd5.so.2.0.19
> slapd 1928 ldap mem REG 3,2 29104 577248
> /usr/lib/sasl2/libntlm.so.2.0.19
> slapd 1928 ldap mem REG 3,2 5620585 277447
> /lib/tls/i486/libc-2.3.4.so
> slapd 1928 ldap mem REG 3,2 7168 229119
> /lib/libcom_err.so.2.1
> slapd 1928 ldap mem REG 3,2 264753 229144
> /lib/libresolv-2.3.4.so
> slapd 1928 ldap mem REG 3,2 186343 229234
> /lib/libnss_files-2.3.4.so
> slapd 1928 ldap mem REG 3,2 12852 571270
> /usr/lib/sasl2/libanonymous.so.2.0.19
> slapd 1928 ldap mem REG 3,2 16384 1731793
> /var/lib/ldap/__db.001
> slapd 1928 ldap 0u CHR 1,3 1401 /dev/null
> slapd 1928 ldap 1u CHR 1,3 1401 /dev/null
> slapd 1928 ldap 2u CHR 1,3 1401 /dev/null
> slapd 1928 ldap 3u unix 0xd7639b80 4289 socket
> slapd 1928 ldap 4r FIFO 0,7 4290 pipe
> slapd 1928 ldap 5w FIFO 0,7 4290 pipe
> slapd 1928 ldap 6u sock 0,4 4293 can't identify
> protocol
> slapd 1928 ldap 7u sock 0,4 4294 can't identify
> protocol
>
> >From the above, I don't see it listening to port 389, but I'm not really
> sure what its telling me. :-)
> >
> > Have you tried telnet localhost 389 (to rule out any firewall
> > oddities)?
>
> Yes, it won't connect to port 389. I also tried 25 and 110. I can telnet
> to these ports fine. I use the same ruleset to open those ports.
>
>
> > If you just try the following it should at the very least
> > connect and ask you for a password.
> >
> > ldapsearch -v -v -H ldap://localhost
>
> When I run the above, I get:
>
> ldap_initialize( ldap://localhost )
> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Eddie-
It doesn't look like the slapd is opening up a TCP port. It only appears
to have opened unix sockets. Running lsof on working slapd, I see the
following in addition to stuff you reported:
slapd 2511 ldap 6u IPv6 7136316 TCP *:ldap (LISTEN)
slapd 2511 ldap 7u IPv4 7136317 TCP *:ldap (LISTEN)
slapd 2511 ldap 8u IPv6 7136320 TCP *:ldaps (LISTEN)
slapd 2511 ldap 9u IPv4 7136321 TCP *:ldaps (LISTEN)
I think there might be an issue with your slapd.conf.
--
Sean
More information about the CentOS
mailing list