Opened 17 years ago

Closed 17 years ago

#44 closed defect (fixed)

iptables masking www.osgeo.org binding to ldap server

Reported by: warmerdam Owned by: hobu
Priority: blocker Milestone:
Component: SysAdmin Keywords: ldap
Cc:

Description

Howard,

I think your recent iptables change has made it so that I can't bind to the ldap server using www.osgeo.org instead of localhost.

For instance, the following hangs due to the failure:

http://www.osgeo.org/cgi-bin/ldap_web_search.py

I have changed the Trac notification logic to use "localhost" as a temporary work around, but the ldap search and user creation are broken for now.

Change History (1)

comment:1 by hobu, 17 years ago

Resolution: fixed
Status: newclosed

We needed INPUT rules for our LDAP. Updated /etc/sysconfig/iptables-custom/LDAP as follows: 

*filter
-I INPUT -p tcp -s 66.223.95.242/29 --dport 389 -j ACCEPT
-I INPUT -p tcp -s 198.202.74.1/24 --dport 636 -j ACCEPT
-A OUTPUT -p tcp --dport 389 -j ACCEPT
-A OUTPUT -p tcp --dport 636 -j ACCEPT
COMMIT
Note: See TracTickets for help on using tickets.