Dec 29, 2023: iRedMail-1.6.8 has been released.

**m.krzaczek** · 2017-02-10 22:37:12

m.krzaczek
Member
Offline

Registered: 2010-08-25
Posts: 66

Topic: ldap not acccessible form lan

iRed 096, centos7, default installation, SELINUX=disabled,

[root@mail ~]# sestatus
SELinux status: disabled

[root@mail ~]# systemctl status iptables
Unit iptables.service could not be found.

telnet 0 389 ----connect!!
telnet iredM_IP 389 ---no connection from LAN

iptables -A INPUT -p tcp --dport 389 -j ACCEPT ----still problem after adding the rule

I need to access to LDAP from LAN, how to do it? thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2017-02-11 21:21:25

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,787

Re: ldap not acccessible form lan

Is OpenLDAP listening on address '127.0.0.1' or '0.0.0.0'? Check with command:

netstat -ntlp | grep 389

**m.krzaczek** · 2017-02-13 17:17:16

m.krzaczek
Member
Offline

Registered: 2010-08-25
Posts: 66

Re: ldap not acccessible form lan

sure:
[root@mail ~]# netstat -ntlp | grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2426/slapd
tcp6 0 0 :::389 :::* LISTEN 2426/slapd

**ZhangHuangbin** · 2017-02-13 21:50:41

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,787

Re: ldap not acccessible form lan

It should be fine if you connect from other machines. What's the issue or error message did you get while testing?

**m.krzaczek** · 2017-02-20 20:10:54

m.krzaczek
Member
Offline

Registered: 2010-08-25
Posts: 66

Re: ldap not acccessible form lan

strange, I had a backup file of the previous virtual machine (vdi) with clean linux centos, so I changed files and run iReadMail.sh wizard again. Now I have telnet connection from LAN to all ports (25, 22, 80, 587 etc) but one: 389
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 2499/amavisd (maste
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2069/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 2320/master
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1003/memcached
tcp 0 0 127.0.0.1:9998 0.0.0.0:* LISTEN 2499/amavisd (maste
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1166/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2320/master
tcp 0 0 127.0.0.1:20000 0.0.0.0:* LISTEN 2508/sogod
tcp 0 0 127.0.0.1:7777 0.0.0.0:* LISTEN 1796/python
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2558/slapd
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 2499/amavisd (maste
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 2320/master
tcp6 0 0 :::587 :::* LISTEN 2320/master
tcp6 0 0 :::80 :::* LISTEN 1012/httpd
tcp6 0 0 :::22 :::* LISTEN 1166/sshd
tcp6 0 0 :::25 :::* LISTEN 2320/master
tcp6 0 0 :::443 :::* LISTEN 1012/httpd
tcp6 0 0 :::389 :::* LISTEN 2558/slapd

telnet IP 389: "connecting.." and after 1 minute: "can not connect..".

[root@mail ~]# systemctl status slapd
â slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2017-02-20 13:53:22 CET; 13min ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 1450 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS)
Process: 1009 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
Main PID: 2558 (slapd)
CGroup: /system.slice/slapd.service
ââ2558 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// -f /etc/openldap/slapd.conf

Feb 20 13:53:16 mail.xc.pl systemd[1]: Starting OpenLDAP Server Daemon...
Feb 20 13:53:16 mail.xc.pl check-config.sh[1009]: Warning: Usage of a configuration file is obsolete!
Feb 20 13:53:16 mail.xc.pl runuser[1042]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Feb 20 13:53:22 mail.xc.pl slapd[1450]: @(#) $OpenLDAP: slapd 2.4.40 (Nov 6 2016 01:21:28) $
mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/servers/slapd
Feb 20 13:53:22 mail.xc.pl systemd[1]: Started OpenLDAP Server Daemon.

Is there any log, which can tell why rejected or so? It is clean installation, without any modifications... where is the problem? tnx ...

**m.krzaczek** · 2017-02-20 20:41:52

m.krzaczek
Member
Offline

Registered: 2010-08-25
Posts: 66

Re: ldap not acccessible form lan

resolved:
from https://www.ostechnix.com/setup-ldap-server-centos-7/

firewall-cmd --permanent --add-port=389/tcp
firewall-cmd --reload

**m.krzaczek** · 2017-02-20 20:46:04

m.krzaczek
Member
Offline

Registered: 2010-08-25
Posts: 66

Re: ldap not acccessible form lan

now it looks this:

[root@mail ~]# firewall-cmd --list-all
iredmail (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: http https imap imaps pop3 pop3s smtp ssh submission
ports: 389/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

**ZhangHuangbin** · 2017-02-20 20:53:45

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,787

Re: ldap not acccessible form lan

Thanks for sharing.

Dec 29, 2023: iRedMail-1.6.8 has been released.

[ Closed ] ldap not acccessible form lan

Posts: 8

1 Topic by m.krzaczek 2017-02-10 22:37:12

Topic: ldap not acccessible form lan

2 Reply by ZhangHuangbin 2017-02-11 21:21:25

Re: ldap not acccessible form lan

3 Reply by m.krzaczek 2017-02-13 17:17:16

Re: ldap not acccessible form lan

4 Reply by ZhangHuangbin 2017-02-13 21:50:41

Re: ldap not acccessible form lan

5 Reply by m.krzaczek 2017-02-20 20:10:54

Re: ldap not acccessible form lan

6 Reply by m.krzaczek 2017-02-20 20:41:52

Re: ldap not acccessible form lan

7 Reply by m.krzaczek 2017-02-20 20:46:04

Re: ldap not acccessible form lan

8 Reply by ZhangHuangbin 2017-02-20 20:53:45

Re: ldap not acccessible form lan

Posts: 8