> > Does slapd need ALL or something like that?
> Nothing relating to the ldap server.
> Is that not rather the point? If you restrict it's availability to the
> local machine you can't see it from outside?
The older Bristol service nodes (as inherited from Yves Coppens who built
them) all have slapd: 127.0.0.1 in /etc/hosts.allow, including lcgce01
which used to be lcg-CE + site-bdii but is now only site-bdii.
And they're all visible from outside.
But SL5 is a different animal apparently. selinux Enforcing won't allow
bdii to start (at least bdii 3.2.4 & 5), but can be setenforce 1 once it's
started. And yes it was that slapd line in hosts.allow that apparently
makes no diff on SL4 but is obeyed in SL5, so change it to slapd: ALL & it
Thanks all v much for help+advice.