1:08 a.m.
Dear Quanah, OpenLDAPs,
Herewith the proof that slapd is listening on port 389.
I also included the slapd.conf, /etc/sysconfig/slapd and ldap.conf files.
Regards,
Thierry
# netstat -ltn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:389 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:8080 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp6 0 0 :::389 :::*
LISTEN
tcp6 0 0 :::3306 :::*
LISTEN
tcp6 0 0 :::22 :::*
LISTEN
# nc -zv 192.168.100.11 389
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.100.11:389.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
# cat /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/ppolicy.schema
allow bind_v2
idletimeout 10
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap
moduleload ppolicy.la
moduleload syncprov
password-hash {CRYPT}
password-crypt-salt-format "$6$%.86s"
access to * by * read
database bdb
suffix "dc=be"
rootdn "cn=Manager,dc=be"
rootpw {CRYPT}$6$DAn/HuEvv8oxXzht$4...k4ZUiJG4qUKzqUTCQVtuUY1
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=be"
ppolicy_use_lockout
# cat /etc/sysconfig/slapd
SLAPD_URLS="ldapi:/// ldap:///"
# cat /etc/openldap/ldap.conf
#TLS_CACERTDIR /etc/openldap/certs
#TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT never
SASL_NOCANON on
Op di 10 mrt. 2020 om 19:42 schreef Quanah Gibson-Mount <quanah(a)symas.com>:
--On Tuesday, March 10, 2020 12:03 PM +0100 Thierry Debaene
<thierry.debaene(a)gmail.com> wrote:
># ldapsearch -x -H ldap://192.168.100.11 -D
># "uid=thierry,ou=People,ou=linux,dc=be" -w password -b ou=linux,dc=be
># -LLL memberUid -v
> ldap_initialize( ldap://192.168.100.11:389/??base )
> ldap_result: Can't contact LDAP server (-1)
Please provide evidence that slapd is listening to 192.168.100.11 on port
389 and that it can be accessed (i.e., no firewall etc blocking access).
For example on my local system:
nc -zv 10.2.0.74 389
Connection to 10.2.0.74 389 port [tcp/ldap] succeeded!
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
10:15 a.m.
New subject: ldapsearch not working with '-H ldap://<IP_LDAP_server>/' option
--On Wednesday, March 11, 2020 10:08 AM +0100 Thierry Debaene
<thierry.debaene(a)gmail.com> wrote:
Dear Quanah, OpenLDAPs,
Herewith the proof that slapd is listening on port 389.
I also included the slapd.conf, /etc/sysconfig/slapd and ldap.conf files.
I would:
a) Start with ldapwhoami (rather than ldapsearch), just for simplicity
b) add a -d -1 for full client side debugging to see where it's getting
hung up
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
1360
days inactive
1360
days old
openldap-technical@openldap.org
1 comments
2 participants
participants (2)
-
Quanah Gibson-Mount -
Thierry Debaene