[SAC] LDAP?

Jason_Birch · February 24, 2008, 7:42am

Hi,

I cannot successfully authenticate on Trac, www, etc using my OSGeo ID. Also, doing a search in the ldap web tool does not show me (or anyone else I can think of).

Something haywire with LDAP?

I'd enter a ticket, but...

Jason

Martin_Spott · February 24, 2008, 9:54am

On Sat, Feb 23, 2008 at 11:42:16PM -0800, Jason Birch wrote:

Something haywire with LDAP?

Hmmm, I can confirm that LDAP on 'ldap.osgeo.org' behaves quite nicely.
Man, we already have 968 user entries in the directory ....

Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------

Martin_Spott · February 24, 2008, 12:11pm

On Sun, Feb 24, 2008 at 10:54:04AM +0100, Martin Spott wrote:

Hmmm, I can confirm that LDAP on 'ldap.osgeo.org' behaves quite nicely.
Man, we already have 968 user entries in the directory ....

Apparently there's some 'iptables' issue on 'osgeo1'. The LDAP service
on 'osgeo1' behaves quite nicely, with and without SSL, on the
'localhost' interface, but some filter rules prevent LDAP/SSL access
from external machines.
These filter rules have not been changed recently, but 'osgeo1' had a
reboot approx. 6 hours ago which likela has activated some rules that
probably are already several weeks old,

Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------

Martin_Spott · February 24, 2008, 12:22pm

On Sun, Feb 24, 2008 at 01:11:33PM +0100, Martin Spott wrote:

Apparently there's some 'iptables' issue on 'osgeo1'. The LDAP service
on 'osgeo1' behaves quite nicely, with and without SSL, on the
'localhost' interface, but some filter rules prevent LDAP/SSL access
from external machines.
These filter rules have not been changed recently, but 'osgeo1' had a
reboot approx. 6 hours ago which likela has activated some rules that
probably are already several weeks old,

Ok, this should be fixed, at least temporarily. Please have a closer
look at:

/etc/sysconfig/iptables-custom/LDAP

and see if the fix is appropriate,

Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------

Tyler_Mitchell1 · February 24, 2008, 4:46pm

On 24-Feb-08, at 4:11 AM, Martin Spott wrote:

These filter rules have not been changed recently, but 'osgeo1' had a
reboot approx. 6 hours ago

PEER1 finally got the one disk replaced, after having me schedule a third time for them to do the work. I wonder if it will help file performance?

Tyler

Jason_Birch · February 24, 2008, 5:27pm

Sorry, Howard fixed my problem (via IRC) and I went to sleep without remembering to email a follow-up.

I'm guessing that LDAP doesn't come up properly after a reboot?

Jason

________________________________

From: Martin Spott
Subject: Re: [SAC] LDAP?

Hmmm, I can confirm that LDAP on 'ldap.osgeo.org' behaves quite nicely.
Man, we already have 968 user entries in the directory ....