Welcome to the Linux Foundation Forum!

CentOS-7 openLDAP with php

Options
Posts: 8
in Red Hat Enterprise

I'm trying to deploy openLDAP on CentOS-7 using WebMin and phpLDAPadmin GUI tools. However, after downloading and configuring them, I can't access the GUI web from a different host but only via "http://localhost/ldapadmin" or "http://localhost/phpldapadmin" on the local host that has openLDAP, phpLDAP installed. Following are my conf files and IPtable.

[part of /etc/phpldapadmin/config.php]

$servers->setValue('login','attr','dn');

// servers->setValue('login','attr','uid');

[/etc/httpd/conf.d/phpldapadmin.conf]

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs

Alias /ldapadmin /usr/share/phpldapadmin/htdocs





# Apache 2.4

Require local





# Apache 2.2

Order Deny,Allow

Deny from all

Allow from 127.0.0.1 172.16.0.0/16

Allow from ::1



[/etc/sysconfig/iptables]

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT

-A INPUT -i eth0 -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

-A INPUT -i eth0 -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

-A INPUT -p udp -m udp --dport 53 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT

-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT -s 172.16.0.0/16

-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT -s 172.16.0.0/16

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Generated by webmin

*mangle

:FORWARD ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed

# Generated by webmin

*nat

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed

I also see this in the log:

Hmm, my devices are all in 172.16.0.0/16 but then I also tried allow all

172.16.1.33 - - [05/Apr/2015:08:05:56 -0700] "GET /favicon.ico htp/1.1" 400 62 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"

172.16.1.46 - - [06/Apr/2015:15:30:08 -0700] "GET / htp/1.1" 400 51 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"

172.16.1.46 - - [06/Apr/2015:15:30:08 -0700] "GET /favicon.ico htp/1.1" 400 62 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"

172.16.1.46 - - [07/Apr/2015:10:59:39 -0700] "GET / htp/1.1" 500 3065 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin htp/1.1" 301 235 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/ htp/1.1" 200 4782 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/css/default/style.css htp/1.1" 200 15643 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/jscalendar/calendar-blue.css htp/1.1" 200 4830 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/ajax_functions.js htp/1.1" 200 7205 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/jscalendar/calendar.js htp/1.1" 200 49185 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/logo-small.png htp/1.1" 200 7053 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/forum-big.png htp/1.1" 200 738 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/request-feature-big.png htp/1.1" 200 1095 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/layersmenu-browser_detection.js htp/1.1" 200 2624 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/ajax_tree.js htp/1.1" 200 4544 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/plus.png htp/1.1" 200 102 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/bug-big.png htp/1.1" 200 928 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/login.png htp/1.1" 200 654 "htp://localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"

"/var/log/htpd/access_log" 177L, 36093C

[Wed Apr 08 17:07:23.511773 2015] [mpm_prefork:notice] [pid 28432] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 Phusion_Passenger/5.0.5 configured -- resuming normal operations

[Wed Apr 08 17:07:23.511838 2015] [core:notice] [pid 28432] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

[Wed Apr 08 17:07:24.284215 2015] [authz_core:error] [pid 28480] [client 172.16.1.46:54976] AH01630: client denied by server configuration: /usr/share/phpldapadmin/htdocs

[Wed Apr 08 17:07:26.487246 2015] [authz_core:error] [pid 28480] [client 172.16.1.46:54976] AH01630: client denied by server configuration: /usr/share/phpldapadmin/htdocs

[Wed Apr 08 17:07:29.231132 2015] [authz_core:error] [pid 28480] [client 172.16.1.46:54976] AH01630: client denied by server configuration: /usr/share/phpldapadmin/htdocs

[Wed Apr 08 17:12:01.617880 2015] [autoindex:error] [pid 29441] [client ::1:49795] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive

~

Help appreciated on accessing this. Which port does ldapadmin/phpldapamin use anyways? Now I'm getting "You don't have permission to access /ldapadmin on this server." Thanks.

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Quick Links

Categories

Upcoming Training