When called from cgi script/apache user: "ldap_bind: Can't contact LDAP server (-1)"

redhydralisk · 04-28-2010, 08:08 PM

Here are the specs of my machine:

Linux matrix 2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:12 EDT 2008 i686 i686 i386 GNU/Linux
Red Hat Enterprise Linux Server release 5.2 (Tikanga)

When I run an ldapsearch in root, it works fine. tcpdump filtered by dest IP shows packets captured.
When I run an ldapsearch in a perl script as root, it works fine. tcpdump filtered by dest IP shows packets captured.
However, when I run it via a perl script in my cgi-bin directory it fails. tcpdump shows no packets captured. When I added a "2>&1" to my ldap search in my cgi script, I got "ldap_bind: Can't contact LDAP server (-1)".
I ran a "whoami" in my cgi script and it showed up as apache.

Another twist to all this is that I ran the same test on my slackware box, and everything works (esp the cgi script). Here's what the specs are on that machine:

Linux slackvm 2.6.29.6-smp #2 SMP Mon Aug 17 00:52:54 CDT 2009 i686 Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz GenuineIntel GNU/Linux

I checked the permissions on the ldapsearch file and directory, and they're the same (755).

Could there be something blocking the apache user on my Red Hat box from sending packets out?

Thanks.

bathory · 04-29-2010, 12:08 AM

Hi,

Looks like a SELinux problem.

Regards

redhydralisk · 04-29-2010, 01:26 PM

that was it. just ran a "setenforce 0" and it works great. This is a lab machine (not servicing anything on the web) so i think i'll be ok.

thank you so much. i would've never figured that out. it saved me a lot of time.