From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QzNbe-00061c-8A for garchives@archives.gentoo.org; Fri, 02 Sep 2011 06:52:04 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 51E7C21C114; Fri, 2 Sep 2011 06:51:48 +0000 (UTC) Received: from smtpq4.gn.mail.iss.as9143.net (smtpq4.gn.mail.iss.as9143.net [212.54.34.167]) by pigeon.gentoo.org (Postfix) with ESMTP id A56CE21C029 for ; Fri, 2 Sep 2011 06:50:50 +0000 (UTC) Received: from [212.54.34.150] (helo=smtp18.gn.mail.iss.as9143.net) by smtpq4.gn.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from ) id 1QzNaT-0002gB-U0 for gentoo-user@lists.gentoo.org; Fri, 02 Sep 2011 08:50:49 +0200 Received: from 5ed027a1.cm-7-1a.dynamic.ziggo.nl ([94.208.39.161] helo=data.antarean.org) by smtp18.gn.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from ) id 1QzNaT-0000gb-5s for gentoo-user@lists.gentoo.org; Fri, 02 Sep 2011 08:50:49 +0200 Received: from localhost (localhost [127.0.0.1]) by data.antarean.org (Postfix) with ESMTP id 5AD55BC6 for ; Fri, 2 Sep 2011 08:51:16 +0200 (CEST) X-Virus-Scanned: amavisd-new at antarean.org Received: from data.antarean.org ([127.0.0.1]) by localhost (data.antarean.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Upf80Vh9FJ86 for ; Fri, 2 Sep 2011 08:51:14 +0200 (CEST) Received: from eve.localnet (eve.lan.antarean.org [10.20.13.50]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by data.antarean.org (Postfix) with ESMTPS id A30ACB4D for ; Fri, 2 Sep 2011 08:51:14 +0200 (CEST) From: Joost Roeleveld To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] OpenLDAP works only at localhost, not from outside Date: Fri, 02 Sep 2011 08:50:46 +0200 Message-ID: <2117779.58rmGC8WoN@eve> User-Agent: KMail/4.7.0 (Linux/2.6.36-gentoo-r5; KDE/4.7.0; x86_64; ; ) In-Reply-To: <20110831182426.79c1b146@polaris> References: <20110831182426.79c1b146@polaris> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-ZiggoSMTP-MailScanner-Information: Please contact the ISP for more information X-ZiggoSMTP-MailScanner-ID: 1QzNaT-0000gb-5s X-ZiggoSMTP-MailScanner: Found to be clean X-ZiggoSMTP-MailScanner-SpamCheck: geen spam, SpamAssassin (niet cached, score=1.208, vereist 5, KHOP_DYNAMIC 0.73, RDNS_DYNAMIC 0.98, RP_MATCHES_RCVD -0.50) X-ZiggoSMTP-MailScanner-SpamScore: s X-ZiggoSMTP-MailScanner-From: joost@antarean.org X-Spam-Status: No X-Archives-Salt: X-Archives-Hash: f1b90fbc334355fcfc17cd418d9247e1 On Wednesday, August 31, 2011 06:24:26 PM Johannes Geiss wrote: > Hi there, > > I want to access my LDAP-data from anywhere on the internet but I only > get it working on localhost. > > I installed OpenLDAP 2.4.24, and tried to do the tutorial at > > http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html > > The LDAP database works fine from localhost with > > ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h localhost > > but if I try to do it from the outside (ie. the IP address my router > gave me via DHCP) What do you mean with, "outside"? > > ldapsearch -vLx -b "o=stooges" "(sn=Fine)" -h xxx.xxx.xxx.xxx > > I get the output "ldap_initialize( ldap://xxx.xxx.xxx.xxx )" and the > client hangs. > > The slapd server prints > > slap_listener_activate(6): > >>> slap_listener(ldap:///) Interesting, this should indicate that it does bind to all interfaces. > > and hangs at this point until I Ctrl-C the client or wait approx. 5 > Minutes. 5 minutes is a time-out. > Does anybody successfully installed an LDAP-service with access from > the outside? What is the content of slapd.conf? Yes, slapd.conf doesn't decide this though > > Did I miss anything else? If it weren't for the log from the slapd logs, I'd answer with the following bit: First the short answer: *** /etc/conf.d/slapd *** # conf.d file for openldap # OPTS="-f /etc/openldap/slapd.conf -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock' -4" ********* The long answer: You need to configure "slapd" to listen to all interfaces, you do this by setting the "-h " options correctly. I use both SSL and non-SSL for my LDAP and also set a socket-file: " -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" See "man slapd" for more information. However, the logs show that this should already work. This makes me wonder about the following possible causes: 1) Outside = on the other side of the router 2) A firewall on your machine is blocking access These have the following solutions: 1) Forward the correct port (386) to your machine 2) Reconfigure your firewall Another thing to try would be to check if there is actually something listening on the correct port: # netstat -an | grep 389 This should return a line like: ** tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN ** You could also have a look at the Gentoo-LDAP page: http://www.gentoo.org/doc/en/ldap-howto.xml Hope this helps. -- Joost