LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   ldap problem (https://www.linuxquestions.org/questions/linux-networking-3/ldap-problem-260547/)

armagdon 11-29-2004 11:41 AM
ldap problem
 
hello
I was configure ldap with samba on SuSE Enterprise 9 as a pdc and all client login not problem , today when restarted ldap service is running but not open port "389" with " " nmap " I don't know what's the problem , log files appear that "can't contact LDAP server "

david_ross 11-29-2004 01:00 PM
Welcome to LQ.

Do you see the service listening? Can you post the output from:
ps -ef | grep slapd
netstat -nlp
iptables -nL

armagdon 11-29-2004 01:36 PM
this ou put from this command
netstat -nl
iptables -Ln
ps -ef |grep slapd

ldap 26134 1 0 21:10 ? 00:00:00 /usr/lib/openldap/slapd -h ldap:/// -u ldap -g ldap
root 26221 1 0 21:25 ? 00:00:00 /usr/lib/openldap/slapd
root 26234 20994 0 21:27 pts/1 00:00:00 grep slapd
#################################################################################################### ##################
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:901 0.0.0.0:* LISTEN 25972/xinetd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 26062/smbd
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 14519/clamd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 13474/portmap
tcp 0 0 10.10.10.1:8080 0.0.0.0:* LISTEN 16483/(squid)
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 13427/ntop
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25958/named
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 26062/smbd
tcp 0 0 :::53 :::* LISTEN 25958/named
tcp 0 0 ::1:953 :::* LISTEN 25958/named
udp 0 0 10.10.10.1:137 0.0.0.0:* 26038/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 26038/nmbd
udp 0 0 10.10.10.1:138 0.0.0.0:* 26038/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 26038/nmbd
udp 0 0 0.0.0.0:1566 0.0.0.0:* 16483/(squid)
udp 0 0 212.122.233.6:53 0.0.0.0:* 25958/named
udp 0 0 10.10.10.1:53 0.0.0.0:* 25958/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 25958/named
udp 0 0 0.0.0.0:3130 0.0.0.0:* 16483/(squid)
udp 0 0 0.0.0.0:67 0.0.0.0:* 14366/dhcpd
udp 0 0 0.0.0.0:67 0.0.0.0:* 14366/dhcpd
udp 0 0 0.0.0.0:3401 0.0.0.0:* 16483/(squid)
udp 0 0 0.0.0.0:4827 0.0.0.0:* 16483/(squid)
udp 0 0 0.0.0.0:111 0.0.0.0:* 13474/portmap
udp 0 0 0.0.0.0:2033 0.0.0.0:* 25958/named
udp 0 0 212.122.233.6:123 0.0.0.0:* 13005/ntpd
udp 0 0 10.10.10.1:123 0.0.0.0:* 13005/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 13005/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 13005/ntpd
udp 0 0 :::53 :::* 25958/named
udp 0 0 :::2034 :::* 25958/named
udp 0 0 :::123 :::* 13005/ntpd
raw 0 0 0.0.0.0:1 0.0.0.0:* 7 14366/dhcpd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 115324 20491/kdeinit: ksms /tmp/.ICE-unix/20491
unix 2 [ ACC ] STREAM LISTENING 115117 20433/X /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 84143 12802/powersaved /var/run/powersave_socket
unix 2 [ ACC ] STREAM LISTENING 115161 20470/kdeinit: Runn /tmp/ksocket-server/kdeinit__0
unix 2 [ ACC ] STREAM LISTENING 115163 20470/kdeinit: Runn /tmp/ksocket-server/kdeinit-:0
unix 2 [ ACC ] STREAM LISTENING 115169 20473/kdeinit: dcop /tmp/.ICE-unix/dcop20473-1101781244
unix 2 [ ACC ] STREAM LISTENING 83311 12306/resmgrd /var/run/.resmgr_socket
unix 2 [ ACC ] STREAM LISTENING 115269 20486/artsd /tmp/mcop-server/comp-srv_valuesys_net-5006-41abd919
unix 2 [ ACC ] STREAM LISTENING 115195 20475/kdeinit: klau /tmp/ksocket-server/klauncherHSqOTa.slave-socket


#################################################################################################### ############
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

david_ross 11-29-2004 01:57 PM
It seems a bit odd. Can you try stopping the server and starting in debug mode:
killall slapd
/usr/lib/openldap/slapd -h ldap:/// -u ldap -g ldap -d 10

This will stay open on the terminal (you can stop it with Ctrl+C). See if you can connect after that. While it is running you can try looking at the netstat output again to see if the server is listening:
netstat -nlp | grep 389

If it doesn't work - can you post the output from the debug command and a copy of your slapd.conf file.

armagdon 11-29-2004 02:23 PM
this is the output of this command
/usr/lib/openldap/slapd -h ldap:/// -u ldap -g ldap -d 10

@(#) $OpenLDAP: slapd 2.2.6 (Jun 30 2004 21:39:35) $
abuild@boltzmann:/usr/src/packages/BUILD/openldap-2.2.6/servers/slapd
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (June 30, 2004)
bdb_db_init: Initializing BDB database.
###############################################################################33
slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/dnszone.schema
include /etc/openldap/schema/yast.schema
#include /etc/openldap/schema/rfc2307bis.schema
# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# moduleload back_ldap.la
# moduleload back_meta.la
# moduleload back_monitor.la
# moduleload back_perl.la

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
## Yast2 samba hack ACL
## allow the "ldap admin dn" access, but deny everyone else
access to attrs=SambaLMPassword,SambaNTPassword
by dn="cn=administrator,dc=valuesys,dc=net" write
by * none
## Yast2 samba hack ACL done
access to dn.base=""
by * read

access to dn.base="cn=Subschema"
by * read

access to attr=userPassword,userPKCS12
by self write
by * auth

access to attr=shadowLastChange
by self write
by * read

access to *
by * read

# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# bdb database definitions
#######################################################################

loglevel 1022
database bdb
checkpoint 1024 5
cachesize 20000
suffix "dc=domain,dc=com"
rootdn "cn=administrator,dc=domain,dc=com"
rootpw password
directory /var/lib/ldap
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres

david_ross 11-29-2004 02:32 PM
I seem to remember the debug output being longer - can you try increasing the verbosity with:
/usr/lib/openldap/slapd -h ldap:/// -u ldap -g ldap -d 255


All times are GMT -5. The time now is 05:24 PM.