Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Cannot connect to LDAP from a client machine

  1. #1
    rcholcomb is offline Junior Member
    Join Date
    Dec 2005
    Posts
    8
    Rep Power
    9

    Default Cannot connect to LDAP from a client machine

    All,

    I am running Zimbra 5.07 Open Source on Ubuntu 8.04 (using the custom release that is 'stickied' in this forum). I can't access my LDAP server from client machines. Here's some additional information.

    Everything seems to be running fine:

    Code:
    zimbra@myhost:~$ zmcontrol status
    Host myhost.domain.com
    	antispam                Running
    	antivirus               Running
    	ldap                    Running
    	logger                  Running
    	mailbox                 Running
    	mta                     Running
    	snmp                    Running
    	spell                   Running
    	stats                   Running
    If I run nmap from my Zimbra server, I see that the ldap port (389) is opened:

    Code:
    root@myhost:~# nmap 127.0.0.1
    
    Starting Nmap 4.53 ( http://insecure.org ) at 2008-08-04 16:35 PDT
    Interesting ports on myhost (127.0.0.1):
    Not shown: 1697 closed ports
    PORT     STATE SERVICE
    22/tcp   open  ssh
    25/tcp   open  smtp
    53/tcp   open  domain
    80/tcp   open  http
    110/tcp  open  pop3
    139/tcp  open  netbios-ssn
    143/tcp  open  imap
    389/tcp  open  ldap
    445/tcp  open  microsoft-ds
    465/tcp  open  smtps
    631/tcp  open  ipp
    953/tcp  open  rndc
    993/tcp  open  imaps
    995/tcp  open  pop3s
    3306/tcp open  mysql
    5901/tcp open  vnc-1
    6001/tcp open  X11:1
    However, if I do this from a remote machine, port 389 is not open:

    Code:
    zimbra@Server01:~$ nmap 192.168.3.5        
    
    Starting Nmap 4.53 ( http://insecure.org ) at 2008-08-04 17:02 PDT
    Interesting ports on myhost.domain.com (192.168.3.5):
    Not shown: 1701 closed ports
    PORT     STATE SERVICE
    22/tcp   open  ssh
    25/tcp   open  smtp
    53/tcp   open  domain
    80/tcp   open  http
    110/tcp  open  pop3
    139/tcp  open  netbios-ssn
    143/tcp  open  imap
    445/tcp  open  microsoft-ds
    465/tcp  open  smtps
    993/tcp  open  imaps
    995/tcp  open  pop3s
    5901/tcp open  vnc-1
    6001/tcp open  X11:1

    There isn't a firewall active on the Zimbra machine.

    Any suggestions about why I cannot access the LDAP port from a client machine? Why does it seem to be hidden? Does LDAP bind to a specific IP address? How can I get it to bind to its actual IP address and not just localhost?

    Thanks.

    Rob
    Last edited by rcholcomb; 08-04-2008 at 05:03 PM.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by rcholcomb View Post
    There isn't a firewall active on the Zimbra machine.
    There's something blocking it unless theer has been a change to the IP that it's listening on. It should be listening on your LAN IP, I can connect to my Zimbra LDAP from any other machine. I'd also suggest you try a telnet or an ldapsearch to see if it really isn't listening. Unfortunately, that isn't a Zimbra build so I don't know if anything has been changed in it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Code:
    netstat -an | grep 389
    so we can see which IP it is bound on.

  4. #4
    rcholcomb is offline Junior Member
    Join Date
    Dec 2005
    Posts
    8
    Rep Power
    9

    Default

    When I attempt to connect to port 389 using telnet, I get a connection refused message:

    Code:
    ~ telnet 192.168.3.5 389
    Trying 192.168.3.5...
    telnet: connect to address 192.168.3.5: Connection refused
    telnet: Unable to connect to remote host
    When I run 'netstat -an | grep 389' on the local machine I see this information:

    Code:
    root@Server01:~# netstat -an | grep 389
    tcp        0      0 127.0.0.1:389           0.0.0.0:*               LISTEN     
    tcp        0      0 127.0.0.1:48854         127.0.0.1:389           ESTABLISHED
    tcp        0      0 127.0.0.1:389           127.0.0.1:51398         ESTABLISHED
    tcp        0      0 127.0.0.1:49395         127.0.0.1:389           ESTABLISHED
    tcp        0      0 127.0.0.1:389           127.0.0.1:48854         ESTABLISHED
    tcp        0      0 127.0.0.1:389           127.0.0.1:48886         ESTABLISHED
    tcp        0      0 127.0.0.1:51398         127.0.0.1:389           ESTABLISHED
    tcp        0      0 127.0.0.1:51372         127.0.0.1:389           ESTABLISHED
    tcp        0      0 127.0.0.1:389           127.0.0.1:49399         ESTABLISHED
    tcp        0      0 127.0.0.1:389           127.0.0.1:51374         ESTABLISHED
    tcp        0      0 127.0.0.1:389           127.0.0.1:49397         ESTABLISHED
    tcp        0      0 127.0.0.1:51374         127.0.0.1:389           ESTABLISHED
    tcp        0      0 127.0.0.1:389           127.0.0.1:51372         ESTABLISHED
    tcp        0      0 127.0.0.1:389           127.0.0.1:51370         ESTABLISHED
    tcp        0      0 127.0.0.1:48886         127.0.0.1:389           ESTABLISHED
    tcp        0      0 127.0.0.1:389           127.0.0.1:49395         ESTABLISHED
    tcp        0      0 127.0.0.1:49397         127.0.0.1:389           ESTABLISHED
    tcp        0      0 127.0.0.1:49367         127.0.0.1:389           ESTABLISHED
    tcp        0      0 127.0.0.1:49399         127.0.0.1:389           ESTABLISHED
    tcp        0      0 127.0.0.1:389           127.0.0.1:49367         ESTABLISHED
    tcp        0      0 127.0.0.1:51370         127.0.0.1:389           ESTABLISHED
    unix  2      [ ]         DGRAM                    3890303
    Thanks for your help!

    Rob

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Is this running in a vserver (and if so, what is it) or on real hardware?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    rcholcomb is offline Junior Member
    Join Date
    Dec 2005
    Posts
    8
    Rep Power
    9

    Default

    It is real hardware -- a Dell server running Ubuntu 8.04.

  7. #7
    rcholcomb is offline Junior Member
    Join Date
    Dec 2005
    Posts
    8
    Rep Power
    9

    Default

    Any thoughts?

  8. #8
    santosh_rao99 is offline Zimbra Employee
    Join Date
    May 2008
    Posts
    3
    Rep Power
    6

    Default

    From the netstat it seems its only listening on loopback interface.
    Can you send us the contents of /etc/hosts
    and
    zmlocalconfig | grep -i ldap

  9. #9
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    I seem to be in the exact same situation here...trying to setup the Zimbra server to act as an authentication source and cant connect to the LDAP service from an external client. My /etc/hosts looks like:
    Code:
    127.0.0.1       localhost
    127.0.1.1       email.pyxislab.com      email
    192.168.1.6     email.pyxislab.com      email
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    and the output of zmlocalconfig | grep -i ldap is:
    Code:
    ldap_amavis_password = *
    ldap_bind_url =
    ldap_cache_account_maxage = 15
    ldap_cache_account_maxsize = 20000
    ldap_cache_cos_maxage = 15
    ldap_cache_cos_maxsize = 100
    ldap_cache_domain_maxage = 15
    ldap_cache_domain_maxsize = 100
    ldap_cache_group_maxage = 15
    ldap_cache_group_maxsize = 200
    ldap_cache_reverseproxylookup_domain_maxage = 15
    ldap_cache_reverseproxylookup_domain_maxsize = 100
    ldap_cache_reverseproxylookup_server_maxage = 15
    ldap_cache_reverseproxylookup_server_maxsize = 100
    ldap_cache_server_maxage = 15
    ldap_cache_server_maxsize = 100
    ldap_cache_timezone_maxsize = 100
    ldap_cache_zimlet_maxage = 15
    ldap_cache_zimlet_maxsize = 100
    ldap_connect_pool_debug = false
    ldap_connect_pool_initsize = 1
    ldap_connect_pool_master = false
    ldap_connect_pool_maxsize = 50
    ldap_connect_pool_prefsize = 0
    ldap_connect_pool_timeout = 120000
    ldap_connect_timeout = 30000
    ldap_deref_aliases = always
    ldap_host = email.pyxislab.com
    ldap_is_master = true
    ldap_log_level = 49152
    ldap_master_url = ldap://email.pyxislab.com:389
    ldap_nginx_password = *
    ldap_port = 389
    ldap_postfix_password = *
    ldap_read_timeout = 30000
    ldap_replication_password = *
    ldap_require_tls = false
    ldap_root_password = *
    ldap_starttls_supported = 1
    ldap_url = ldap://email.pyxislab.com:389
    postfix_sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
    postfix_transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
    postfix_virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
    postfix_virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
    postfix_virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
    postfix_virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
    zimbra_class_provisioning = com.zimbra.cs.account.ldap.LdapProvisioning
    zimbra_ldap_password = *
    zimbra_ldap_user = zimbra
    zimbra_ldap_userdn = uid=zimbra,cn=admins,cn=zimbra
    zimbra_zmprov_default_to_ldap = FALSE
    Port 389 is bound to address 127.0.1.1 on my machine as well and I think that just removing the 127.0.1.1 line would fix my issue...but can't test until tonight.

  10. #10
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Ok verified that that has fixed it for me at least.
    Port 389 is now accessible from other machines and correctly bound to the internal IP address of the server instead of a loopback address and the Zimbra services have no issues starting up.

    rcholcomb try commenting out the line that sets 127.0.1.1 to your hostname in your /etc/hosts file.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. zmclamdctl is not running after upgrade
    By Darren in forum Installation
    Replies: 24
    Last Post: 10-10-2008, 09:10 AM
  2. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  3. server dropped connection
    By ferra in forum Installation
    Replies: 20
    Last Post: 10-06-2008, 04:32 PM
  4. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 11:11 PM
  5. Can't send or receive mails from Zimbra
    By ppurama in forum Administrators
    Replies: 4
    Last Post: 11-14-2005, 10:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •