Local LDAP does not receive any remote client communication

Hi all,
I installed local LDAP on neth 7.3.1611 . Added some users and did a local ldapsearch, so far all working. On another host I installed the openldap-clients and did the same search again, but without success. Shorewall is ok.
I appreciate any comment or hint, thanks in advance.
Best,
Johannes

Can you share the ldapsearch query command in use?

ldapsearch -h 123.123.123.123 -D “cn=ldapservice,dc=directory,dc=nh” -w bla -b “ou=People,dc=directory,dc=nh” sAMAccountName

the error is invalid credentials

Substitute

cn=ldapservice,...

With

uid=ldapservice,...

Also

samaccountname

With

objectclass=\*

Add also -Z flag (STARTTLS)

BTW you can bind anonymously from LAN

ldapsearch -D '' -w '' -x ...
1 Like

Hi,
thanks for your help!
This works:

ldapsearch -x -h myserver.com -b “” -s base “(objectclass=*)”
If I use a specific binddn it fails.

Here is the dump of the account-provider test

[root@bla ~]# account-provider-test dump
{
“BindDN” : “cn=ldapservice,dc=directory,dc=nh”,
“LdapURI” : “ldap://127.0.0.1”,
“StartTls” : “”,
“port” : 389,
“host” : “127.0.0.1”,
“isAD” : “”,
“isLdap” : “1”,
“UserDN” : “ou=People,dc=directory,dc=nh”,
“GroupDN” : “ou=Groups,dc=directory,dc=nh”,
“BindPassword” : “bla”,
“BaseDN” : “dc=directory,dc=nh”,
“LdapUriDn” : “ldap:///dc%3Dzoo%2Cdc%3Dhasselbit%2Cdc%3Dcom”
}


Domain Accounts says:

LDAP URI: ldap://127.0.0.1
Base DN
dc=directory,dc=nh
User DN
ou=People,dc=directory,dc=nh
Group DN
ou=Groups,dc=directory,dc=nh
Bind DN
cn=ldapservice,dc=directory,dc=nh
Bind password
bla

I though it fails because the ldap:// protocol is bound to the localhost and therefore does not accept remote access. But with your test I have to discard my theory.

Do you see anything weird?

Thanks in advance

I switched to ldaps:// on the remote host and everything works fine. Thanks for your help