[Date Prev][Date Next] [Chronological] [Thread] [Top]

Cannot bind/connect to server outside the LAN



Hello all,

I need help in three problems that I'm facing with my OpenLDAP
implementation please.

First problem:
I'm able to connect to my LDAP server on 636 port without a problem
from the same subnet but not outside the Internet.
What I want to achieve is to be able to connect from a particular
range of static IP's.

The ACL part of my slapd.conf is:

access to attrs=userPassword,shadowLastChange
	by dn="uid=authenticate,ou=System,dc=example.com" read
	by dn="uid=myusername,ou=Users,ou=bca,dc=example.com" read
        by anonymous auth
        by self write

access to attrs=givenName,sn,cn,mail
	by dn="uid=syncrepl,ou=system,dc=example.com" read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by self read
	by users auth
	by anonymous auth

access to attrs=uid
	by anonymous read
	by users read

access to dn.regex="^.*,uid=([^,]+),ou=Users,dc=example.com$"
        by dn.exact,expand="uid=$1,ou=Users,dc=example.com" write

access to *
	by dn.exact="uid=authenticate,ou=System,dc=example.com" none
	by users none break
	by self read
	by users read	
	by * none


2nd problem:
The following ACL does not work at all or I'm doing something wrong:

access to attrs=givenName,sn,cn,mail
	by dn="uid=syncrepl,ou=system,dc=example.com" read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by self read
	by users auth
	by anonymous auth

I can't bind as anonymous from 'some_static_ip' in order to fetch the
mail, givenName etc into the Thunderbird address book for example.


3rd problem and last!
If I reboot the master server then the slave does not bind correctly
and email etc does not work at all even though it is configured on
that server (slave). Also when I reboot the servers, master must come
up first as otherwise I'm not able to connect until I reboot the slave
server.

Both servers running on Ubuntu 9.04 if that matters in any way. See output:
root@masterldap:/etc/ldap# dpkg -l slapd
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  slapd          2.4.15-1ubuntu OpenLDAP server (slapd)

I have also attached the whole slapd.conf file of my master server in
case that helps more.

Any help, suggestion is much appreciated.

Attachment: slapd.conf
Description: Binary data