Welcome to the Linux Foundation Forum!

CentOS-7 openLDAP with php

Options
sndlt
sndlt Posts: 8
in Red Hat Enterprise

I'm trying to deploy openLDAP on CentOS-7 using WebMin and phpLDAPadmin GUI tools. However, after downloading and configuring them, I can't access the GUI web from a different host but only via "http://localhost/ldapadmin" or "http://localhost/phpldapadmin" on the local host that has openLDAP, phpLDAP installed. Following are my conf files and IPtable.

[part of /etc/phpldapadmin/config.php]

$servers->setValue('login','attr','dn');

// servers->setValue('login','attr','uid');

[/etc/httpd/conf.d/phpldapadmin.conf]

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs

Alias /ldapadmin /usr/share/phpldapadmin/htdocs





# Apache 2.4

Require local





# Apache 2.2

Order Deny,Allow

Deny from all

Allow from 127.0.0.1 172.16.0.0/16

Allow from ::1



[/etc/sysconfig/iptables]

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT

-A INPUT -i eth0 -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

-A INPUT -i eth0 -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

-A INPUT -p udp -m udp --dport 53 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT

-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT -s 172.16.0.0/16

-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT -s 172.16.0.0/16

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Generated by webmin

*mangle

:FORWARD ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed

# Generated by webmin

*nat

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed

I also see this in the log:

Hmm, my devices are all in 172.16.0.0/16 but then I also tried allow all

172.16.1.33 - - [05/Apr/2015:08:05:56 -0700] "GET /favicon.ico htp/1.1" 400 62 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"

172.16.1.46 - - [06/Apr/2015:15:30:08 -0700] "GET / htp/1.1" 400 51 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"

172.16.1.46 - - [06/Apr/2015:15:30:08 -0700] "GET /favicon.ico htp/1.1" 400 62 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"

172.16.1.46 - - [07/Apr/2015:10:59:39 -0700] "GET / htp/1.1" 500 3065 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin htp/1.1" 301 235 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/ htp/1.1" 200 4782 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/css/default/style.css htp/1.1" 200 15643 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/jscalendar/calendar-blue.css htp/1.1" 200 4830 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/ajax_functions.js htp/1.1" 200 7205 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/jscalendar/calendar.js htp/1.1" 200 49185 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/logo-small.png htp/1.1" 200 7053 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/forum-big.png htp/1.1" 200 738 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/request-feature-big.png htp/1.1" 200 1095 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/layersmenu-browser_detection.js htp/1.1" 200 2624 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/ajax_tree.js htp/1.1" 200 4544 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/plus.png htp/1.1" 200 102 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/bug-big.png htp/1.1" 200 928 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/login.png htp/1.1" 200 654 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

"/var/log/htpd/access_log" 177L, 36093C

[Wed Apr 08 17:07:23.511773 2015] [mpm_prefork:notice] [pid 28432] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 Phusion_Passenger/5.0.5 configured -- resuming normal operations

[Wed Apr 08 17:07:23.511838 2015] [core:notice] [pid 28432] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

[Wed Apr 08 17:07:24.284215 2015] [authz_core:error] [pid 28480] [client 172.16.1.46:54976] AH01630: client denied by server configuration: /usr/share/phpldapadmin/htdocs

[Wed Apr 08 17:07:26.487246 2015] [authz_core:error] [pid 28480] [client 172.16.1.46:54976] AH01630: client denied by server configuration: /usr/share/phpldapadmin/htdocs

[Wed Apr 08 17:07:29.231132 2015] [authz_core:error] [pid 28480] [client 172.16.1.46:54976] AH01630: client denied by server configuration: /usr/share/phpldapadmin/htdocs

[Wed Apr 08 17:12:01.617880 2015] [autoindex:error] [pid 29441] [client ::1:49795] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive

~

Help appreciated on accessing this. Which port does ldapadmin/phpldapamin use anyways? Now I'm getting "You don't have permission to access /ldapadmin on this server." Thanks.

Categories

Upcoming Training