harshgrover
asked on
LDAP Setup on linux for Zimbra
okie, so i am a newbie on Linux.
I have two servers that i am configuring. Both the servers are in different networks for now, i.e., they are being hosted by different vendors
Server 1:
DNS server, the domain name is configured for its IP. Has a few opensource applications like mysql etall running on it. Currently, our mail also runs out of that box. We are using sendmail.
Server 2:
I am trying to install Zimbra on this server, but LDAP authentication keeps on failing. I checked server 1, and the LDAP port (389) is disabled. what do i need to do, to get the ldap authentication working, and also open up the port 389 on server1?
Server1 is running on Linux enterprise
Server2 is running on CentOS
Just to add a note to this peculiar setup, i am trying to phase out server1. I would get a second new server with the new vendor, but i wanted the mail to be up and running before i phase out the 1st server.
Thanks,
Gary.
I have two servers that i am configuring. Both the servers are in different networks for now, i.e., they are being hosted by different vendors
Server 1:
DNS server, the domain name is configured for its IP. Has a few opensource applications like mysql etall running on it. Currently, our mail also runs out of that box. We are using sendmail.
Server 2:
I am trying to install Zimbra on this server, but LDAP authentication keeps on failing. I checked server 1, and the LDAP port (389) is disabled. what do i need to do, to get the ldap authentication working, and also open up the port 389 on server1?
Server1 is running on Linux enterprise
Server2 is running on CentOS
Just to add a note to this peculiar setup, i am trying to phase out server1. I would get a second new server with the new vendor, but i wanted the mail to be up and running before i phase out the 1st server.
Thanks,
Gary.
ASKER
yep...the port for LDAP is active on server2, however, its closed on server 1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
now your firewall allows LDAP traffic.
And the quickfix in the beginning just disables the firewall altogether! This is ok for tests but then ad thenecessary rule and restart as I indicated on the following example.
Cheers,
K.
And the quickfix in the beginning just disables the firewall altogether! This is ok for tests but then ad thenecessary rule and restart as I indicated on the following example.
Cheers,
K.
ASKER
hey Kerem,
Thanks for the update :). I'll have to wait till the evening to try this out though. i dont have access to the remote servers from work :)...
Thanks for the update :). I'll have to wait till the evening to try this out though. i dont have access to the remote servers from work :)...
:) usually I'd expect the opposite but OK :)
ASKER
hehe...i know...this is wierd...but this is not for work ;)...this is some gig that i am working on :)
ASKER
hey Bro,
i modified the iptables on my domain, but i still dont see 389 to be open.
i did a nmap and it still does not show up in the list of open ports. do i need to reboot the system?
Thanks,
Gary
i modified the iptables on my domain, but i still dont see 389 to be open.
i did a nmap and it still does not show up in the list of open ports. do i need to reboot the system?
Thanks,
Gary
ASKER
increasing the points to 250 :(
ASKER
just to clarify the configuration again.
Server1: Enterprise Linux
Server2: CentOS
Install of zimbra: being done on Server2.
server2 tries to connect to server1 for LDAP.
LDAP port is open on server2, but it does not show up as an open port on server1 (Linux) when i do Nmap on the same.
not really sure what's going wrong here.
Server1: Enterprise Linux
Server2: CentOS
Install of zimbra: being done on Server2.
server2 tries to connect to server1 for LDAP.
LDAP port is open on server2, but it does not show up as an open port on server1 (Linux) when i do Nmap on the same.
not really sure what's going wrong here.
Hi,
in fact last time I'verespondedn you, I had thought that you were accessing the ldap port from the CentOS system via telnet localhost 389, but you were not able to reach it from the lold redhat system telnet <centos_IP> 389. Is it really the case ?
or you can not access to LDAP system from neither CentOS or Old RHEL ? Please Log-on to the centos system. type:
netstat -anpt | grep :389
Post the output here. Please Also sendme the output of the command:
iptables -L
in fact last time I'verespondedn you, I had thought that you were accessing the ldap port from the CentOS system via telnet localhost 389, but you were not able to reach it from the lold redhat system telnet <centos_IP> 389. Is it really the case ?
or you can not access to LDAP system from neither CentOS or Old RHEL ? Please Log-on to the centos system. type:
netstat -anpt | grep :389
Post the output here. Please Also sendme the output of the command:
iptables -L
ASKER
ah...i guess i was not really clear on the issue then :(...
LDAP starts on the centOS system, and works fine. however, its not initialized on the Linux enterprise server. when i do nmap, i dont see port 389 open on the linux enterprise server. i want to open the ldap port on the linux server
LDAP starts on the centOS system, and works fine. however, its not initialized on the Linux enterprise server. when i do nmap, i dont see port 389 open on the linux enterprise server. i want to open the ldap port on the linux server
Is the slapd process actualy started on the RHEL server?
'ps ax | grep slapd'
if so, what does 'netstat -antp | grep slapd' show?
it might be port 389 ( would seem strange wrt to the above answers)
it might be port 636 ( which actualy is ldaps )
Also note the addresses it listens on (127.0.0.1 or 0.0.0.0 or different)
if not, what stopped it (grep slapd /var/log/*[a-y] )
in the second case you need to:
either modify the config on the CentOS server to use the secured line (prefered)
or modify the RHEL server to not use ldaps.. (not advised).
There is no immediate need for an ldap server on the CentOS system, unless you mean to move the data from the one to the other. (can also be done through slapcat,
slapadd and friends)
Or you can configure them to be mirros of each other.
'ps ax | grep slapd'
if so, what does 'netstat -antp | grep slapd' show?
it might be port 389 ( would seem strange wrt to the above answers)
it might be port 636 ( which actualy is ldaps )
Also note the addresses it listens on (127.0.0.1 or 0.0.0.0 or different)
if not, what stopped it (grep slapd /var/log/*[a-y] )
in the second case you need to:
either modify the config on the CentOS server to use the secured line (prefered)
or modify the RHEL server to not use ldaps.. (not advised).
There is no immediate need for an ldap server on the CentOS system, unless you mean to move the data from the one to the other. (can also be done through slapcat,
slapadd and friends)
Or you can configure them to be mirros of each other.
Noci,
I guss yrr mising the point. The initial question specifies that LDAP is available when connected locally on the CentOS system but not reachable from a remote system.
I guess this rather a problem ie either related to Firewall configuration or LDAP bound to localhost only.
I guss yrr mising the point. The initial question specifies that LDAP is available when connected locally on the CentOS system but not reachable from a remote system.
I guess this rather a problem ie either related to Firewall configuration or LDAP bound to localhost only.
KeremE,
In the description of server2 (CentOS) is stated it can't reach ldap on server1..?
Otherwise there is (AFAICT from the question) hardly any need to configure LDAP in
all tools of a server that is going to be phased out.
Also there can be a problem in between like a firewall, NAT gateway etc.
that block traffic (the systems are on different networks).
Plain LDAP over a hostile networks is not advised.
Get the tcptraceroute tool and check if there is a block in between:
http://michael.toren.net/code/tcptraceroute/
with 'tcptraceroute server1 398 '
'tcptraceroute server1 636 '
from server2 and vice versa.
In the description of server2 (CentOS) is stated it can't reach ldap on server1..?
Otherwise there is (AFAICT from the question) hardly any need to configure LDAP in
all tools of a server that is going to be phased out.
Also there can be a problem in between like a firewall, NAT gateway etc.
that block traffic (the systems are on different networks).
Plain LDAP over a hostile networks is not advised.
Get the tcptraceroute tool and check if there is a block in between:
http://michael.toren.net/code/tcptraceroute/
with 'tcptraceroute server1 398 '
'tcptraceroute server1 636 '
from server2 and vice versa.
Noci,
I asked:
hi,
Is LDAP port active when you querried the Server 2? If it is that wthis may be a problem with the default Firewall which is built over Centos.
I got this response from the author:
yep...the port for LDAP is active on server2, however, its closed on server 1
I asked:
hi,
Is LDAP port active when you querried the Server 2? If it is that wthis may be a problem with the default Firewall which is built over Centos.
I got this response from the author:
yep...the port for LDAP is active on server2, however, its closed on server 1
Also he said this:
> LDAP port is open on server2, but it does not show up as an open port on server1 (Linux) when i do Nmap on the same.
> LDAP port is open on server2, but it does not show up as an open port on server1 (Linux) when i do Nmap on the same.
Is LDAP port active when you querried the Server 2? If it is that wthis may be a problem with the default Firewall which is built over Centos.