> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of Sean O'Connell > Sent: Sunday, September 04, 2005 10:43 PM > To: CentOS mailing list > Subject: RE: [CentOS] LDAP/iptables > > On Sun, 2005-09-04 at 20:39 -0400, Thomas E Dukes wrote: > > > > > -----Original Message----- > > > From: centos-bounces at centos.org > > > [mailto:centos-bounces at centos.org] On Behalf Of Johnny Hughes > > > Sent: Sunday, September 04, 2005 11:16 AM > > > To: CentOS ML > > > Subject: Re: [CentOS] LDAP/iptables > > > > > > On Sun, 2005-09-04 at 09:10 -0400, Thomas E Dukes wrote: > > > > Hello, > > > > > > > > I am trying to get LDAP running. So far, the server is > > > running but I > > > > cannot connect to port 389 or the server using webmin or > > > phpldapadmin. > > > > It could be my ISP has blocked this port but I'm not > sure. I have > > > > tried to telnet to port 389 but it is refused. All other > > > services run fine. > > > > > > > > I user the iptables ruleset found in the IP-Masquerade > > > HowTo. Below > > > > is the ruleset I follow for opening ports for external access. > > > > For some reason it won't open 389. > > > > > > > > $IPTABLES -A INPUT -i $EXTIF -m state --state > > > NEW,ESTABLISHED,RELATED > > > > \ -p tcp -s $UNIVERSE -d $EXTIP --dport 389 -j ACCEPT > > > > > > > > Where $EXTIF = eth0 and $EXTIP = my ipaddress > > > > > > > > Does anyone know what I may be doing wrong? > > > > > > > > TIA > > > > > > > > > > > > > > If you are trying to connect from the outside from another PC ... > > > and if the firewall and ldap are installed on the same PC, that > > > should work to allow connection to port 389. > > > > > > If you are trying to connect directly to port 389 from > and internal > > > IP, that probably won't work. (you will need to do something to > > > PREROUTING chain to get the packets routed to the EXTIF) > > > > > > BUT ... you shouldn't need to do either of those if you are also > > > running webmin or phpmyadmin also on that machine ... if > you listen > > > on the internal IP at port 389 and not the external IP. > > > > > > Does netstat -aptn show you listening on the internal / > external / > > > or loopback ip on port 389 (or more than one of them). > > > > Hello, > > > > Running netstat -aptn shows nothing for port 389. This > doesn't make sense. > > Is slapd (assuming you are using openldap) running? > > ps -ef |grep slapd > > (for example here is hte output from one of the centos boxes > running ldap). > > ldap 9032 1 0 04:04 ? 00:00:00 > /usr/sbin/slapd -u ldap > -h ldap:/// ldaps:/// Hello Sean, Here's the output for ps -ef | grep slapd: ldap 1928 1 0 00:03 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldap:/// root 15066 15003 0 07:29 tty1 00:00:00 grep slapd > > (or pgrep -l slapd). You can also use service slapd status > (though, this isn't always 100% reliable). > > The openldap server, outputs to syslog on local4 by default. > It's possible that there are errors or issues with your > /etc/openldap/slapd.conf that are causing slapd to fail to start. > You can edit /etc/syslog.conf and add a few lines like > > local4.* /var/log/ldap.log > > Then run service syslog restart (or HUP syslogd) to pickup > the changes. Here's the output to ldap.log after adding the above to syslog: Sep 5 07:43:43 palmettodomains slapd[15571]: @(#) $OpenLDAP: slapd 2.2.13 (Apr 28 2005 19:30:08) $ buildsys at bob:/home/buildsys/rpmbuild/BUILD/openldap-2.2.13/openldap-2.2.13/b uild-servers/servers/slapd Sep 5 07:43:43 palmettodomains slapd[15571]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Sep 5 07:43:43 palmettodomains slapd[15571]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Sep 5 07:43:43 palmettodomains slapd[15571]: bdb_db_init: Initializing BDB database I think everthing is running but I can't connect to port 389. Can you think of anything els? Thanks!! Eddie > Then try starting the ldap service and see what's being > output to the log file. You can also use the -d (debug) flag > to run slapd in the foreground with a fairly verbose output > > slapd -d 5 -u ldap -h ldap:/// ldaps://// 2>&1 | tee >/tmp/ldap.out > > To see what might be happening. I'd also recommend setting up > the syslog anyway to be able to see what's going on. > > Sean > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >