> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
>
>
> Who has an SL5 gLite3.2 site-bdii please?
>
We do.
> If you do what's in your hosts.allow/deny?
> Does slapd need ALL or something like that?
>
Nothing relating to the ldap server.
> (Our LCG subnet not firewalled above 1024 if that's relevant)
>
> I already found that selinux prevents SL5 bdii starting but got round
> it.
> But I can't connect to 2170 on our SL5 test-site-bdii from outside if
> tcpwrappers is active with a hosts.allow like an SL4 lcg-CE that
allows
> slapd: 127.0.0.1
>
Is that not rather the point? If you restrict it's availability to the
local machine you can't see it from outside? Surely the site-bdii is
supposed to be visible from anywhere, so it should be configured to
be visible from anywhere.
Am I missing something?
Ewan
|