S
Snd Lt
Guest
I'm trying to deploy openLDAP on CentOS-7 using WebMin and phLDAPadmin GUI tools. However, after downloading and configuring them, I can't access the GUI web from a different host but only via "htt://localhost/ldapadmin" or "htt://localhost/phldapadmin" on the local host that has openLDAP, phLDAP installed. Following are my conf files and IPtable. (replaced httpd with h)
[part of /etc/phldapadmin/config.ph]
$servers->setValue('login','attr','dn');
/ servers->setValue('login','attr','uid');
[/etc/hd/conf.d/phldapadmin.conf]
Alias /phldapadmin /usr/share/phldapadmin/htdocs
Alias /ldapadmin /usr/share/phldapadmin/htdocs
<Directory /usr/share/phldapadmin/htdocs>
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 172.16.0.0/16
Allow from ::1
</IfModule>
</Directory>
[/etc/sysconfig/iptables]
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT -s 172.16.0.0/16
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT -s 172.16.0.0/16
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
REROUTING ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
REROUTING ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
COMMIT
# Completed
Help appreciated on accessing this. Which port does ldapadmin/phldapamin use anyways? Now I'm getting "You don't have permission to access /ldapadmin on this server." Thanks.
[part of /etc/phldapadmin/config.ph]
$servers->setValue('login','attr','dn');
/ servers->setValue('login','attr','uid');
[/etc/hd/conf.d/phldapadmin.conf]
Alias /phldapadmin /usr/share/phldapadmin/htdocs
Alias /ldapadmin /usr/share/phldapadmin/htdocs
<Directory /usr/share/phldapadmin/htdocs>
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 172.16.0.0/16
Allow from ::1
</IfModule>
</Directory>
[/etc/sysconfig/iptables]
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT -s 172.16.0.0/16
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT -s 172.16.0.0/16
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
REROUTING ACCEPT [0:0]OSTROUTING ACCEPT [0:0]COMMIT
# Completed
# Generated by webmin
*nat
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
REROUTING ACCEPT [0:0]OSTROUTING ACCEPT [0:0]COMMIT
# Completed
Help appreciated on accessing this. Which port does ldapadmin/phldapamin use anyways? Now I'm getting "You don't have permission to access /ldapadmin on this server." Thanks.
