[CentOS] LDAP/iptables

Sean O'Connell oconnell at soe.ucsd.edu
Mon Sep 5 18:37:21 UTC 2005


On Mon, 2005-09-05 at 13:57 -0400, Thomas E Dukes wrote:
> > How are you trying to connect to the ldap service? Are you 
> > trying to connect via ldapsearch? or just telnet hostname 389 ?
> > 
> > If you do an
> > 
> > lsof -p 1928
> > 
> > (assuming slapd is still 1928 :) does it show it listening on 
> > any TCP ports?
> 
> Hello Sean,
> 
> Here's the output from lsof -p 1928:
> 
> COMMAND  PID USER   FD   TYPE     DEVICE    SIZE    NODE NAME
> slapd   1928 ldap  cwd    DIR        3,2    4096       2 /
> slapd   1928 ldap  rtd    DIR        3,2    4096       2 /
> slapd   1928 ldap  txt    REG        3,2 1290940  637712 /usr/sbin/slapd
> slapd   1928 ldap  mem    REG        3,2  221792  229136
> /lib/libssl.so.0.9.7a
> slapd   1928 ldap  mem    REG        3,2   53654  229201
> /lib/libcrypt-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2  485961  277480
> /lib/tls/i486/libpthread-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2   28504  377263
> /usr/lib/libwrap.so.0.7.6
> slapd   1928 ldap  mem    REG        3,2   15216  571286
> /usr/lib/sasl2/libcrammd5.so.2.0.19
> slapd   1928 ldap  mem    REG        3,2   13392  571319
> /usr/lib/sasl2/libplain.so.2.0.19
> slapd   1928 ldap  mem    REG        3,2  998912  229121
> /lib/libcrypto.so.0.9.7a
> slapd   1928 ldap  mem    REG        3,2  427444  377412
> /usr/lib/libkrb5.so.3.2
> slapd   1928 ldap  mem    REG        3,2  140140  378154
> /usr/lib/libk5crypto.so.3.0
> slapd   1928 ldap  mem    REG        3,2  230500  229168
> /lib/libnss_nisplus-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2  783456  571274
> /usr/lib/sasl2/libsasldb.so.2.0.19
> slapd   1928 ldap  mem    REG        3,2   21348  577260
> /usr/lib/sasl2/libsql.so.2.0.19
> slapd   1928 ldap  mem    REG        3,2  534768  277479
> /lib/tls/i486/libm-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2   82320 1910146
> /usr/lib/libsasl2.so.2.0.19
> slapd   1928 ldap  mem    REG        3,2 1046360  505949
> /usr/lib/mysql/libmysqlclient.so.14.0.0
> slapd   1928 ldap  mem    REG        3,2   58211  229158
> /lib/libnss_dns-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2   86532  377520
> /usr/lib/libgssapi_krb5.so.2.2
> slapd   1928 ldap  mem    REG        3,2   65580  378295
> /usr/lib/libz.so.1.2.1.2
> slapd   1928 ldap  mem    REG        3,2   13264  571315
> /usr/lib/sasl2/liblogin.so.2.0.19
> slapd   1928 ldap  mem    REG        3,2  411410  228487
> /lib/libnsl-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2  783484  572022
> /usr/lib/tls/libslapd_db-4.2.so
> slapd   1928 ldap  mem    REG        3,2  519365  228485 /lib/ld-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2  108396  228489 /lib/libdl-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2   22292  577256
> /usr/lib/sasl2/libgssapiv2.so.2.0.19
> slapd   1928 ldap  mem    REG        3,2  113876  376534
> /usr/lib/libpq.so.3.1
> slapd   1928 ldap  mem    REG        3,2   42964  571290
> /usr/lib/sasl2/libdigestmd5.so.2.0.19
> slapd   1928 ldap  mem    REG        3,2   29104  577248
> /usr/lib/sasl2/libntlm.so.2.0.19
> slapd   1928 ldap  mem    REG        3,2 5620585  277447
> /lib/tls/i486/libc-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2    7168  229119
> /lib/libcom_err.so.2.1
> slapd   1928 ldap  mem    REG        3,2  264753  229144
> /lib/libresolv-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2  186343  229234
> /lib/libnss_files-2.3.4.so
> slapd   1928 ldap  mem    REG        3,2   12852  571270
> /usr/lib/sasl2/libanonymous.so.2.0.19
> slapd   1928 ldap  mem    REG        3,2   16384 1731793
> /var/lib/ldap/__db.001
> slapd   1928 ldap    0u   CHR        1,3            1401 /dev/null
> slapd   1928 ldap    1u   CHR        1,3            1401 /dev/null
> slapd   1928 ldap    2u   CHR        1,3            1401 /dev/null
> slapd   1928 ldap    3u  unix 0xd7639b80            4289 socket
> slapd   1928 ldap    4r  FIFO        0,7            4290 pipe
> slapd   1928 ldap    5w  FIFO        0,7            4290 pipe
> slapd   1928 ldap    6u  sock        0,4            4293 can't identify
> protocol
> slapd   1928 ldap    7u  sock        0,4            4294 can't identify
> protocol
> 
> >From the above, I don't see it listening to port 389, but I'm not really
> sure what its telling me. :-)
> > 
> > Have you tried telnet localhost 389 (to rule out any firewall 
> > oddities)?
> 
> Yes, it won't connect to port 389.  I also tried 25 and 110.  I can telnet
> to these ports fine.  I use the same ruleset to open those ports.
> 
> 
> > If you just try the following it should at the very least 
> > connect and ask you for a password.
> > 
> > ldapsearch -v -v -H ldap://localhost
> 
> When I run the above, I get:
> 
> ldap_initialize( ldap://localhost )
> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Eddie-

It doesn't look like the slapd is opening up a TCP port. It only appears
to have opened unix sockets. Running lsof on working slapd, I see the
following in addition to stuff you reported:

slapd   2511 ldap    6u  IPv6    7136316             TCP *:ldap (LISTEN)
slapd   2511 ldap    7u  IPv4    7136317             TCP *:ldap (LISTEN)
slapd   2511 ldap    8u  IPv6    7136320             TCP *:ldaps (LISTEN)
slapd   2511 ldap    9u  IPv4    7136321             TCP *:ldaps (LISTEN)

I think there might be an issue with your slapd.conf.

-- 
Sean




More information about the CentOS mailing list