tcp_wrappers with LDAP
Server Training - Server Management

Modify tcp_wrappers
If you are using tcp_wrappers, which you should be, you will need to provide an entry so that your slapd server is available.

Lesson 5 / Lesson 7


Edit tcp_wrappers /etc/hosts.allow

SLAPD:  ALL

Once you test an tcp_wrappers is working then you can add specific IP Addresses and subnets for /etc/hosts.allow so that you can increase security.
SLAPD:  127.0.0.1 12.32.34.32

You can allow an entire subnet by leaving a "dot" at the end for example this will allow all machines on a subnet:

SLAPD:  127.0.0.1  192.168.3.

Whatever you do be sure to allow the localhost which is 127.0.0.1.

Edit /etc/hosts.deny

ALL:    ALL

What that does is deny everything except what you allow in the /etc/hosts.allow.

 Firewall Set Up

Make sure you have allowed port 389 tcp on your firewall.  Here is an example of the lokkit firewall which is the default.

LDAP firewall

Start the LDAP Server
# /etc/init.d/slapd start

Verify that the server started by checking port 389 which is the default port.   You should see the system listening on the port 389.

netstat -aunt
You should see the port listening like so.
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN

 

Copyright by CyberMontana Inc.
Cannot be reproduced without written permission.  Box 1262 Trout Creek, MT 59874