[Pkg-openldap-devel] Bug#584133: slapd: Fails to lookup client hostname in hosts.allow and rejects connection

Peter A. McGill petermcgill at goco.net
Tue Jun 1 15:45:25 UTC 2010 

Package: slapd
Version: 2.4.11-1+lenny1
Severity: normal


When attempting to connect to slapd with an ldap client, the connection
is refused. But if I add a slapd: 172.21. entry to hosts.allow the
problem is fixed. However hosts.allow already contains this matching
entry ALL: .goco.net  sshd matches this line fine allowing me to login,
but slapd does not. DNS forward and reverse mapping tested and working.

hosts.allow:
ALL: 127.
ALL: .goco.net
identd: ALL

hosts.deny:
ALL: ALL

resolf.conf:
nameserver 127.0.0.1

ldapsearch -x
ldap_result: Can't contact LDAP server (-1)

syslog:
Jun  1 10:23:18 aragorn slapd[4443]: >>> slap_listener(ldap:///)
Jun  1 10:23:18 aragorn slapd[4443]: daemon: listen=9, new connection on 
17
Jun  1 10:23:18 aragorn slapd[4443]: fd=17 DENIED from unknown 
(172.21.3.65)
Jun  1 10:23:18 aragorn slapd[4443]: daemon: closing 17


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-etchnhalf.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages slapd depends on:
ii  adduser           3.110                  add and remove users and groups
ii  coreutils         6.10-6                 The GNU core utilities
ii  debconf [debconf- 1.5.24                 Debian configuration management sy
ii  libc6             2.7-18lenny2           GNU C Library: Shared libraries
ii  libdb4.2          4.2.52+dfsg-5          Berkeley v4.2 Database Libraries [
ii  libgnutls26       2.4.2-6+lenny2         the GNU TLS library - runtime libr
ii  libldap-2.4-2     2.4.11-1+lenny1        OpenLDAP libraries
ii  libltdl3          1.5.26-4+lenny1        A system independent dlopen wrappe
ii  libperl5.10       5.10.0-19lenny2        Shared Perl library
ii  libsasl2-2        2.1.22.dfsg1-23+lenny1 Cyrus SASL - authentication abstra
ii  libslp1           1.2.1-7.5              OpenSLP libraries
ii  libwrap0          7.6.q-16               Wietse Venema's TCP wrappers libra
ii  perl [libmime-bas 5.10.0-19lenny2        Larry Wall's Practical Extraction 
ii  psmisc            22.6-1                 Utilities that use the proc filesy
ii  unixodbc          2.2.11-16              ODBC tools libraries

Versions of packages slapd recommends:
pn  libsasl2-modules              <none>     (no description available)

Versions of packages slapd suggests:
ii  ldap-utils               2.4.11-1+lenny1 OpenLDAP utilities

-- debconf information:
  slapd/password_mismatch:
  slapd/tlsciphersuite:
  slapd/invalid_config: true
  shared/organization: london.goco.net
  slapd/upgrade_slapcat_failure:
  slapd/slurpd_obsolete:
  slapd/backend: HDB
  slapd/dump_database: when needed
  slapd/allow_ldap_v2: false
  slapd/no_configuration: false
  slapd/move_old_database: true
  slapd/suffix_change: false
  slapd/dump_database_destdir: /var/backups/slapd-VERSION
  slapd/purge_database: false
  slapd/domain: london.goco.net

More information about the Pkg-openldap-devel mailing list