CentOS-7 openLDAP with php

S

Snd Lt

Guest
I'm trying to deploy openLDAP on CentOS-7 using WebMin and phLDAPadmin GUI tools. However, after downloading and configuring them, I can't access the GUI web from a different host but only via "htt://localhost/ldapadmin" or "htt://localhost/phldapadmin" on the local host that has openLDAP, phLDAP installed. Following are my conf files and IPtable. (replaced httpd with h)

[part of /etc/phldapadmin/config.ph]
$servers->setValue('login','attr','dn');
/ servers->setValue('login','attr','uid');

[/etc/hd/conf.d/phldapadmin.conf]
Alias /phldapadmin /usr/share/phldapadmin/htdocs
Alias /ldapadmin /usr/share/phldapadmin/htdocs

<Directory /usr/share/phldapadmin/htdocs>
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 172.16.0.0/16
Allow from ::1
</IfModule>
</Directory>


[/etc/sysconfig/iptables]
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT -s 172.16.0.0/16
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT -s 172.16.0.0/16
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:pREROUTING ACCEPT [0:0]
:pOSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:pREROUTING ACCEPT [0:0]
:pOSTROUTING ACCEPT [0:0]
COMMIT
# Completed

Help appreciated on accessing this. Which port does ldapadmin/phldapamin use anyways? Now I'm getting "You don't have permission to access /ldapadmin on this server." Thanks.
 


S

Snd Lt

Guest
I also see this in the log:
Hmm, my devices are all in 172.16.0.0/16 but then I also tried allow all

172.16.1.33 - - [05/Apr/2015:08:05:56 -0700] "GET /favicon.ico h/1.1" 400 62 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"
172.16.1.46 - - [06/Apr/2015:15:30:08 -0700] "GET / h/1.1" 400 51 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"
172.16.1.46 - - [06/Apr/2015:15:30:08 -0700] "GET /favicon.ico h/1.1" 400 62 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"
172.16.1.46 - - [07/Apr/2015:10:59:39 -0700] "GET / h/1.1" 500 3065 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin h/1.1" 301 235 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/ h/1.1" 200 4782 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/css/default/style.css h/1.1" 200 15643 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/jscalendar/calendar-blue.css h/1.1" 200 4830 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/ajax_functions.js h/1.1" 200 7205 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/jscalendar/calendar.js h/1.1" 200 49185 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/logo-small.png h/1.1" 200 7053 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/forum-big.png h/1.1" 200 738 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/request-feature-big.png h/1.1" 200 1095 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/layersmenu-browser_detection.js h/1.1" 200 2624 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/js/ajax_tree.js h/1.1" 200 4544 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/plus.png h/1.1" 200 102 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/bug-big.png h/1.1" 200 928 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
::1 - - [07/Apr/2015:15:29:27 -0700] "GET /ldapadmin/images/default/login.png h/1.1" 200 654 "h:/.localhost/ldapadmin/" "Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0"
"/var/log/hd/access_log" 177L, 36093C
 

Members online


Top