[Date Prev][Date Next] [Chronological] [Thread] [Top]

Cannot bind/connect to server outside the LAN

To: openldap-technical@openldap.org
Subject: Cannot bind/connect to server outside the LAN
From: "Stelios A." <stelios.a@gmail.com>
Date: Thu, 28 May 2009 23:08:07 +0300
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=wUY/nLmi/8wRKZhbHFVwhL3zpR6XdSYh6TzF2O5dqlI=; b=hN9eCVyjDpxpX0utpBMLvlknPmM43ZBtGonjK1ikAerdDzMuP+TWTNYDdBYJdbM9wK PfB/2HVlg/c2W+v/9S2ZStTPIhmQNg8dhwtHKCLhScxGrAmv64WWO85q4HYQWizEcpC5 UJknPJDJURgyV00bn+sxvprQJH6CGjTfsdawA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=g98cA1EcAxnI6dHeNzXAQE/XSrcLsGxmcU7g9b52DudSinmlxuC8pEmYR1Bn1CsO/B aYnQoVcJyHrQOVi4IZedME8ZeiKbVw+AG3piArjvT5WG3jonzkYo5xxPH3GviXl0FXER rrB6csPwc2olRr4PeX5Hyxut8e6uJEXzWfAB8=

Hello all,

I need help in three problems that I'm facing with my OpenLDAP
implementation please.

First problem:
I'm able to connect to my LDAP server on 636 port without a problem
from the same subnet but not outside the Internet.
What I want to achieve is to be able to connect from a particular
range of static IP's.

The ACL part of my slapd.conf is:

access to attrs=userPassword,shadowLastChange
	by dn="uid=authenticate,ou=System,dc=example.com" read
	by dn="uid=myusername,ou=Users,ou=bca,dc=example.com" read
        by anonymous auth
        by self write

access to attrs=givenName,sn,cn,mail
	by dn="uid=syncrepl,ou=system,dc=example.com" read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by self read
	by users auth
	by anonymous auth

access to attrs=uid
	by anonymous read
	by users read

access to dn.regex="^.*,uid=([^,]+),ou=Users,dc=example.com$"
        by dn.exact,expand="uid=$1,ou=Users,dc=example.com" write

access to *
	by dn.exact="uid=authenticate,ou=System,dc=example.com" none
	by users none break
	by self read
	by users read	
	by * none


2nd problem:
The following ACL does not work at all or I'm doing something wrong:

access to attrs=givenName,sn,cn,mail
	by dn="uid=syncrepl,ou=system,dc=example.com" read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by anonymous peername.ip=some_static_ip read
	by self read
	by users auth
	by anonymous auth

I can't bind as anonymous from 'some_static_ip' in order to fetch the
mail, givenName etc into the Thunderbird address book for example.


3rd problem and last!
If I reboot the master server then the slave does not bind correctly
and email etc does not work at all even though it is configured on
that server (slave). Also when I reboot the servers, master must come
up first as otherwise I'm not able to connect until I reboot the slave
server.

Both servers running on Ubuntu 9.04 if that matters in any way. See output:
root@masterldap:/etc/ldap# dpkg -l slapd
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  slapd          2.4.15-1ubuntu OpenLDAP server (slapd)

I have also attached the whole slapd.conf file of my master server in
case that helps more.

Any help, suggestion is much appreciated.

Attachment: slapd.conf
Description: Binary data

Prev by Date: Re: Cosine schema - RFC 4524
Next by Date: Bind/search more than one tree and server
Index(es):
- Chronological
- Thread