[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap_sasl_interactive_bind_s: Can't contact LDAP server (81)

To: Dan Rossi <daniel@electroteque.org>
Subject: RE: ldap_sasl_interactive_bind_s: Can't contact LDAP server (81)
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 10 Dec 2002 00:32:07 +0100
Cc: "'openLDAP'" <openldap-software@OpenLDAP.org>
In-reply-to: <EJECKPELDLGDPHHJOEDLGEGFDEAA.daniel@electroteque.org>
Organization:
References: <EJECKPELDLGDPHHJOEDLGEGFDEAA.daniel@electroteque.org>

man, 2002-12-09 kl. 20:56 skrev Dan Rossi:

> proess is on
> 
> running tupan

<snip>
</snip>

> running tupa

<snip>
</snip>

> doesnt seem to be showing up ?

Absolutely nothing to do with ldap there, whatsoever. However, as a
security man I'd advise you to consult your own on-site security fellow
at the very first opportunity and show him what you posted.

Anyway, what you asked about opening closing/ports for SASL: SASL would
make use of standard ldap ports (389, 636), unless you tell a client
that you have ldap / ldap-tls on an other port (I use 9009 for a test
DSA, for example). Then you'd have to open up 9009 for external clients
and they would have to do stateful inspection on their own originating
high ports (out: allow new, established; in: allow established). You can
limit client IP addresses with Netfilter or tcp_wrappers (Netfilter is
best).

> and what would this mean

> c16447.ran:microsoft-ds

microsoft-ds is a tcp/udp service on port 445 (/etc/services). What it
does I do not know (Google, Alltheweb) and it most probably should not
be there :-) unless you mean it to be.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

References:
- RE: ldap_sasl_interactive_bind_s: Can't contact LDAP server (81)
  - From: "Dan Rossi" <daniel@electroteque.org>

Prev by Date: Re: result: 32 No such object
Next by Date: Assigning multiple groups for a user
Index(es):
- Chronological
- Thread