[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: New list member.
On 25 Feb 2002, Adam Williams wrote:
> >I am completely new to the idea of OpenLDAP and need lots of
> >advice. I managed to create a couple of Linux based undergraduate labs in
> >our department using RH and Debian Linux flavors.
> >Everything works great all undergrads are now using
> >Linux/OpenOffice(StarOffice) and other soft for the class work. As a last
> >touch I would like to implement some sort of centralized authentication
> >service. I was not recommenced to use NIS in our environment, too
> >insecure. I read on the web, that the openldap has being successfully used
> >for this and many other purposes.
> >I installed latest available rpm ...-21 and now are trying to do the
> >configuration.
> >Would greatly appreciate if one can advice to me a good book keeping in
> >mind that I am sysadmin, not a programmer.
> >Any sites where examples of conf for openldap for user authentication
> >are given will be very appreciated.
>
> I have an LDAP presentation with examples of such things at:
> ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf
>
Thank you I will read it. I was also recommended to buy a book I
may do it as well.
> >If somebody have an experience with setting openldap in a small university
> >department and would like to share his/her wisdom, their advice will be
> >highly appreciated.
> >My first question:
> >1) I have wrappers installed and I am blocking any requests coming from
>
> tcpwrappers? Can you provide examples of entries that do/do-not work?
>
slapd: host_name.domain.name.edu.au
or
sladp: TPAddressRange/SubnetMask
or
sladp: IpAddress.
if I put in /etc/hosts.allow
sladp: ALL
Everything is working fine. Looks strange to me.
> >outside of my domain. I found, however that openldap server only works if
> >I allow ALL to access my ldap server.
> >If I try to restrict ldap to my subnet by putting an IP range and try
> >ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts I get:
> >ldap_bind: Can't contact LDAP server
> >Is this is normal?
>
> I would suppose not, but I've never used tcpwrappers (?) with slapd.
>
> >For all other services I can put an IP range from which connections are
> >accepted.
>
> What does netstat -ap look like on the LDAP server when it does not
> work?
Output of netstat -ap with entry in hosts.allow
slapd: host_name.domain.name.edu.au
or
sladp: TPAddressRange/SubnetMask
or
sladp: IpAddress.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 *:32768 *:* LISTEN
658/rpc.statd
tcp 0 0 *:32770 *:* LISTEN
1069/rpc.mountd
tcp 0 0 *:printer *:* LISTEN
16477/lpd Waiting
tcp 0 0 *:ldap *:* LISTEN
3329/slapd
tcp 0 0 *:842 *:* LISTEN
1089/amd
tcp 0 0 *:sunrpc *:* LISTEN
630/portmap
tcp 0 0 *:x11 *:* LISTEN
505/X
tcp 0 0 *:auth *:* LISTEN
917/identd
tcp 0 0 *:820 *:* LISTEN
1064/rpc.rquotad
tcp 0 0 *:ssh *:* LISTEN
991/sshd
tcp 0 0 localhost:smtp *:* LISTEN
1150/sendmail: acce
tcp 0 0 *:x11-ssh-offset *:* LISTEN
3216/sshd
tcp 0 1008 muscovite.es.usyd.e:ssh dipole.es.usyd.edu:1540
ESTABLISHED 3216/sshd
udp 0 0 *:32768 *:*
658/rpc.statd
udp 0 0 *:nfs *:*
-
udp 0 0 *:32770 *:*
1069/rpc.mountd
udp 0 0 *:32771 *:*
-
udp 0 0 *:798 *:*
-
udp 0 0 *:799 *:*
-
udp 0 0 *:800 *:*
-
udp 0 0 *:817 *:*
1064/rpc.rquotad
udp 0 0 *:834 *:*
658/rpc.statd
udp 0 0 *:843 *:*
1089/amd
udp 0 0 *:sunrpc *:*
630/portmap
udp 0 0 muscovite.es.usyd.e:ntp *:*
898/ntpd
udp 0 0 localhost:ntp *:*
898/ntpd
udp 0 0 *:ntp *:*
898/ntpd
udp 0 0 *:1022 *:*
1089/amd
udp 0 0 *:1023 *:*
1089/amd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name
Path
unix 16 [ ] DGRAM 868 607/syslogd
/dev/log
unix 2 [ ACC ] STREAM LISTENING 1639 1231/xfs
/tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 169317 505/X
/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 1594 1169/gpm
/dev/gpmctl
unix 2 [ ] DGRAM 172257 3329/slapd
unix 3 [ ] STREAM CONNECTED 169349 505/X
/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 169348 512/xsri
unix 3 [ ] STREAM CONNECTED 169346 505/X
/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 169345 511/gdmlogin
unix 3 [ ] STREAM CONNECTED 169342 505/X
/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 169341 511/gdmlogin
unix 3 [ ] STREAM CONNECTED 169326 1231/xfs
/tmp/.font-unix/fs7100
unix 3 [ ] STREAM CONNECTED 169325 505/X
unix 3 [ ] STREAM CONNECTED 169328 505/X
/tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 169319 504/gdm
unix 2 [ ] DGRAM 1642 1231/xfs
unix 2 [ ] DGRAM 1604 1187/crond
unix 2 [ ] DGRAM 1567 1150/sendmail:
acce
unix 2 [ ] DGRAM 1233 973/xinetd
unix 2 [ ] DGRAM 1176 917/identd
unix 2 [ ] DGRAM 1148 898/ntpd
unix 2 [ ] DGRAM 1033 810/automount
unix 2 [ ] DGRAM 1022 789/automount
unix 2 [ ] DGRAM 1007 768/automount
unix 2 [ ] DGRAM 1006 766/automount
unix 2 [ ] DGRAM 941 676/apmd
unix 2 [ ] DGRAM 920 658/rpc.statd
unix 2 [ ] DGRAM 877 612/klogd
unix 2 [ ] STREAM CONNECTED 566 1/init
>
--
================================================================================
Ivan Teliatnikov,
F05 David Edgeworth Building,
Department of Geology and Geophysics,
School of Geosciences,
University of Sydney, 2006
Australia
e-mail: ivan@es.usyd.edu.au
ph: 061-2-9351-2031 (w)
fax: 061-2-9351-0184 (w)
===============================================================================