Thursday, April 01, 2010

Où est le site bdii

Our upgrade to the SL5 gLite3.2 site bdii has been tormenting me of late as even although the BDII was installed, it was only returning data from a local ldapsearch.

It was listening on port 2170 and the bdii process was running. Then when you tried an ldapsearch from a local machine, it worked. Trying it from a external machine, it could not connect.

First thought was firewall but iptables was not working. Then what about campus firewall. Nope, nothing had changed there. I checked the configs from SL4 to SL5 and they were the same. I turned on logging for slapd and turned up the verbosity. You could then see the DENY's being made by slapd itself.

After much googling I tried slapd in /etc/hosts.allow and this worked! It looks like with the transition to SL5 there is a requirement to add the slapd service to hosts.allow. This looks to have been a bug with openldap in SL4.

With the site bdii upgraded the change over occurred yesterday.

No comments: