[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: New list member.



On 25 Feb 2002, Adam Williams wrote:

> >I am completely new to the idea of OpenLDAP and need lots of 
> >advice. I managed to create a couple of Linux based undergraduate labs in 
> >our department using RH and Debian Linux flavors.
> >Everything works great all undergrads are now using
> >Linux/OpenOffice(StarOffice) and other soft for the class work. As a last
> >touch I would like to implement some sort of centralized authentication
> >service. I was not recommenced to use NIS in our environment, too
> >insecure. I read on the web, that the openldap has being successfully used
> >for this and many other purposes.
> >I installed latest available rpm ...-21 and now are trying to do the 
> >configuration. 
> >Would greatly appreciate if one can advice to me a good book keeping in 
> >mind that I am sysadmin, not a programmer.
> >Any sites where examples of conf for openldap for user authentication
> >are given will be very appreciated.
> 
> I have an LDAP presentation with examples of such things at:
> ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf
>
	Thank you I will read it. I was also recommended to buy a book I 
may do it as well.

 
> >If somebody have an experience with setting openldap in a small university
> >department and would like to share his/her wisdom, their advice will be 
> >highly appreciated.
> >My first question:
> >1) I have wrappers installed and I am blocking any requests coming from 
> 
> tcpwrappers?  Can you provide examples of entries that do/do-not work?
> 

slapd: host_name.domain.name.edu.au
or
sladp: TPAddressRange/SubnetMask
or
sladp: IpAddress.


if I put in /etc/hosts.allow 

sladp: ALL

Everything is working fine. Looks strange to me.

> >outside of my domain. I found, however that openldap server only works if 
> >I allow ALL to access my ldap server. 
> >If I try to restrict ldap to my subnet by putting an IP range and try
> >ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts I get:
> >ldap_bind: Can't contact LDAP server
> >Is this is normal?
> 
> I would suppose not,  but I've never used tcpwrappers (?) with slapd.  
> 
> >For all other services I can put an IP range from which connections are 
> >accepted.
> 
> What does netstat -ap look like on the LDAP server when it does not
> work?

Output of netstat -ap  with entry in hosts.allow

slapd: host_name.domain.name.edu.au
or
sladp: TPAddressRange/SubnetMask
or
sladp: IpAddress.

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
PID/Program name   
tcp        0      0 *:32768                 *:*                     LISTEN      
658/rpc.statd       
tcp        0      0 *:32770                 *:*                     LISTEN      
1069/rpc.mountd     
tcp        0      0 *:printer               *:*                     LISTEN      
16477/lpd Waiting   
tcp        0      0 *:ldap                  *:*                     LISTEN      
3329/slapd          
tcp        0      0 *:842                   *:*                     LISTEN      
1089/amd            
tcp        0      0 *:sunrpc                *:*                     LISTEN      
630/portmap         
tcp        0      0 *:x11                   *:*                     LISTEN      
505/X               
tcp        0      0 *:auth                  *:*                     LISTEN      
917/identd          
tcp        0      0 *:820                   *:*                     LISTEN      
1064/rpc.rquotad    
tcp        0      0 *:ssh                   *:*                     LISTEN      
991/sshd            
tcp        0      0 localhost:smtp          *:*                     LISTEN      
1150/sendmail: acce 
tcp        0      0 *:x11-ssh-offset        *:*                     LISTEN      
3216/sshd           
tcp        0   1008 muscovite.es.usyd.e:ssh dipole.es.usyd.edu:1540 
ESTABLISHED 3216/sshd           
udp        0      0 *:32768                 *:*                                 
658/rpc.statd       
udp        0      0 *:nfs                   *:*                                 
-                   
udp        0      0 *:32770                 *:*                                 
1069/rpc.mountd     
udp        0      0 *:32771                 *:*                                 
-                   
udp        0      0 *:798                   *:*                                 
-                   
udp        0      0 *:799                   *:*                                 
-                   
udp        0      0 *:800                   *:*                                 
-                   
udp        0      0 *:817                   *:*                                 
1064/rpc.rquotad    
udp        0      0 *:834                   *:*                                 
658/rpc.statd       
udp        0      0 *:843                   *:*                                 
1089/amd            
udp        0      0 *:sunrpc                *:*                                 
630/portmap         
udp        0      0 muscovite.es.usyd.e:ntp *:*                                 
898/ntpd            
udp        0      0 localhost:ntp           *:*                                 
898/ntpd            
udp        0      0 *:ntp                   *:*                                 
898/ntpd            
udp        0      0 *:1022                  *:*                                 
1089/amd            
udp        0      0 *:1023                  *:*                                 
1089/amd            
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    
Path
unix  16     [ ]         DGRAM                    868    607/syslogd         
/dev/log
unix  2      [ ACC ]     STREAM     LISTENING     1639   1231/xfs            
/tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     169317 505/X               
/tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     1594   1169/gpm            
/dev/gpmctl
unix  2      [ ]         DGRAM                    172257 3329/slapd          
unix  3      [ ]         STREAM     CONNECTED     169349 505/X               
/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     169348 512/xsri            
unix  3      [ ]         STREAM     CONNECTED     169346 505/X               
/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     169345 511/gdmlogin        
unix  3      [ ]         STREAM     CONNECTED     169342 505/X               
/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     169341 511/gdmlogin        
unix  3      [ ]         STREAM     CONNECTED     169326 1231/xfs            
/tmp/.font-unix/fs7100
unix  3      [ ]         STREAM     CONNECTED     169325 505/X               
unix  3      [ ]         STREAM     CONNECTED     169328 505/X               
/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     169319 504/gdm             
unix  2      [ ]         DGRAM                    1642   1231/xfs            
unix  2      [ ]         DGRAM                    1604   1187/crond          
unix  2      [ ]         DGRAM                    1567   1150/sendmail: 
acce 
unix  2      [ ]         DGRAM                    1233   973/xinetd          
unix  2      [ ]         DGRAM                    1176   917/identd          
unix  2      [ ]         DGRAM                    1148   898/ntpd            
unix  2      [ ]         DGRAM                    1033   810/automount       
unix  2      [ ]         DGRAM                    1022   789/automount       
unix  2      [ ]         DGRAM                    1007   768/automount       
unix  2      [ ]         DGRAM                    1006   766/automount       
unix  2      [ ]         DGRAM                    941    676/apmd            
unix  2      [ ]         DGRAM                    920    658/rpc.statd       
unix  2      [ ]         DGRAM                    877    612/klogd           
unix  2      [ ]         STREAM     CONNECTED     566    1/init            

> 

-- 
================================================================================

Ivan Teliatnikov,
F05 David Edgeworth Building,
Department of Geology and Geophysics,
School of Geosciences,
University of Sydney, 2006
Australia

e-mail: ivan@es.usyd.edu.au
ph:  061-2-9351-2031 (w)
fax: 061-2-9351-0184 (w)

===============================================================================