Cannot bind/connect to server outside the LAN - openldap-technical

28 May 2009


      Hello all,
I need help in three problems that I'm facing with my OpenLDAP
implementation please.
First problem:
I'm able to connect to my LDAP server on 636 port without a problem
from the same subnet but not outside the Internet.
What I want to achieve is to be able to connect from a particular
range of static IP's.
The ACL part of my slapd.conf is:
access to attrs=userPassword,shadowLastChange
    by dn="uid=authenticate,ou=System,dc=example.com" read
    by dn="uid=myusername,ou=Users,ou=bca,dc=example.com" read
        by anonymous auth
        by self write
access to attrs=givenName,sn,cn,mail
    by dn="uid=syncrepl,ou=system,dc=example.com" read
    by anonymous peername.ip=some_static_ip read
    by anonymous peername.ip=some_static_ip read
    by anonymous peername.ip=some_static_ip read
    by anonymous peername.ip=some_static_ip read
    by self read
    by users auth
    by anonymous auth
access to attrs=uid
    by anonymous read
    by users read
access to dn.regex="^.*,uid=([^,]+),ou=Users,dc=example.com$"
        by dn.exact,expand="uid=$1,ou=Users,dc=example.com" write
access to *
    by dn.exact="uid=authenticate,ou=System,dc=example.com" none
    by users none break
    by self read
    by users read	
    by * none
2nd problem:
The following ACL does not work at all or I'm doing something wrong:
access to attrs=givenName,sn,cn,mail
    by dn="uid=syncrepl,ou=system,dc=example.com" read
    by anonymous peername.ip=some_static_ip read
    by anonymous peername.ip=some_static_ip read
    by anonymous peername.ip=some_static_ip read
    by anonymous peername.ip=some_static_ip read
    by self read
    by users auth
    by anonymous auth
I can't bind as anonymous from 'some_static_ip' in order to fetch the
mail, givenName etc into the Thunderbird address book for example.
3rd problem and last!
If I reboot the master server then the slave does not bind correctly
and email etc does not work at all even though it is configured on
that server (slave). Also when I reboot the servers, master must come
up first as otherwise I'm not able to connect until I reboot the slave
server.
Both servers running on Ubuntu 9.04 if that matters in any way. See output:
root@masterldap:/etc/ldap# dpkg -l slapd
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  slapd          2.4.15-1ubuntu OpenLDAP server (slapd)
I have also attached the whole slapd.conf file of my master server in
case that helps more.
Any help, suggestion is much appreciated.