Hello,
Here are the steps that I found helpful to diagnose the BDII LDAP problems.
Run netstat -l to see if the ports are listening. You should see at least
one port from the range 2171 - 2173 listening. These are ports that the
LDAP servers are listening on.
tcp 0 0 localhost.localdomain:2171 *:*
LISTEN
tcp 0 0 localhost.localdomain:2172 *:*
LISTEN
Try running an ldapsearch locally on both of these ports. For example, run
the following if you see 2171 and 2172 listed.
ldapsearch -h localhost -p 2171 -b mds-vo-name=local,o=grid -x
ldapsearch -h localhost -p 2172 -b mds-vo-name=local,o=grid -x
At least one of these should return ldap information. If neither one does,
then there's a problem that I don't know how to fix offhand.
If one of these returns ldap information try running the following
ldapsearch -h `hostname` -p 2170 -b mds-vo-name=local,o=grid -x
Which should return information. If this doesn't then I would go through
the following steps.
1) Make sure that bdii-fwd is running (ps aux | grep bdii-fwd)
2) Make sure that your hostname is logical
3) Check /opt/bdii/var/bdii.log since this is where most info goes
Sorry that I don't have more information, I just found it much easier to
debug when I knew how the BDII is different now.
Basically what bdii-fwd does is whenever a connection comes in on whatever
interface that Sys::Hostname resolves to on port 2170, it connects to an
LDAP port in the range 2171 - 2173 and does a straight dump from one port to
the other.
Ransom
On 8/9/05 1:09 AM, "Sajjad Asghar" <[log in to unmask]> wrote:
> Hi Maarten and Dani
>
> Both of the method did not work. I am facing same problem
>
> Regards
> Sajjad Asghar
>
> -----Original Message-----
> From: LHC Computer Grid - Rollout
> [mailto:[log in to unmask]] On Behalf Of Daniel Cano
> Sent: Monday, August 08, 2005 4:41 PM
> To: [log in to unmask]
> Subject: Re: [LCG-ROLLOUT] Can't contact LDAP server
>
> Hi,
> This problem may be related with the NAT rules for the firewall. Even if
>
> you don't have any NAT, the bdii service uses (I'm not expert in the
> inners of the bdii service) some that
> are started by the bdii service. I had the same problem, and what I did,
>
> and worked for me is:
>
> Stop the bdii service
>
> /etc/init.d/bdii stop
>
> Flush the NAT rules imposed by the service itself
>
> iptables -F -t nat
>
> Restart the service
>
> /etc/init.d/bdii start
>
> Hope it works
>
> Dani
>
> On Mon, 8 Aug 2005, Maarten Litmaath, CERN wrote:
>
>> On Mon, 8 Aug 2005, Sajjad Asghar wrote:
>>
>>> Hi
>>>
>>> Hi
>>>
>>> Iptables -L has returned following out put
>>>
> ------------------------------------------------------------------------
>>> [root@pcncp04 root]# iptables -L
>>> Chain INPUT (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> Chain FORWARD (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target prot opt source destination
>>>
>>>
> ------------------------------------------------------------------------
>>> ----
>>>
>>> While the out put returned by iptables -L -t nat is as
>>>
> ------------------------------------------------------------------------
>>> ----
>>> Chain PREROUTING (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> Chain POSTROUTING (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target prot opt source destination
>>>
> ------------------------------------------------------------------------
>>> ----
>>>
>>> Rebooting of machine also has not worked.
>>> I also have tried to scan the ports with nmap e.g.
>>> Scanning of port 2170 and 2135 has returned following
>>>
>>>
> ------------------------------------------------------------------------
>>> ----
>>> [root@pcncp04 root]# nmap pcncp04.ncp.edu.pk -p 2170
>>>
>>> Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
>>> Interesting ports on pcncp04.ncp.edu.pk (127.0.0.1):
>>> Port State Service
>>> 2170/tcp open unknown
>>>
>>> Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
>>>
> ------------------------------------------------------------------------
>>> ----
>>> But same command is returning different result when running it from
> a
>>> Different host on the same network
>>>
>>>
> ------------------------------------------------------------------------
>>> ----
>>> [root@pcncp22 root]# nmap pcncp04.ncp.edu.pk -p 2170
>>>
>>> Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
>>> The 1 scanned port on pcncp04.ncp.edu.pk (210.56.13.114) is: closed
>>>
>>> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
>>>
> ------------------------------------------------------------------------
>>> ----
>>>
>>> I have turned off all firewall services but still it is not working.
>>> Any idea how to solve this problem
>>
>> Another idea, though I do not see how it would explain your
> observations,
>> is to add the following to /etc/hosts.allow:
>>
>> slapd : 127.0.0.1
>>
--
Ransom Briggs
Graduate Research Assistant
Grid Research and educatiOn group @ Iowa (GROW)
Academic Technologies - Research Services
The University of Iowa
130 Lindquist Center S
Iowa City, IA 52242-1589
319/335-5596
http://www.uiowa.edu/~grow/
http://at.its.uiowa.edu/rs/
|