how to do a ldapsearch from a telnet session
in [Oracle]
|
Prev: V$DIAG_ALERT_EXT table
Next: DBMS_REPAIR.CHECK_OBJECT
From: Tim X on 27 Apr 2010 18:23 Shakespeare <whatsin(a)xs4all.nl> writes: > Op 27-4-2010 1:15, Tim X schreef: >> Shakespeare<whatsin(a)xs4all.nl> writes: >> >>> Op 26-4-2010 14:31, Tim X schreef: >>>> Shakespeare<whatsin(a)xs4all.nl> writes: >>>> >>>>> Op 26-4-2010 11:22, Carlos schreef: >>>>>> On Apr 26, 9:47 am, Shakespeare<what...(a)xs4all.nl> wrote: >>>>>>> Op 21-4-2010 20:39, kat schreef: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Hi, >>>>>>>> I'm trying to check the status of our OID (10.1.0.4) server running >>>>>>>> OEL 4 from another OEL server by passing a string (cn=mytestdb) and >>>>>>>> I'm hoping to receive an expected string back but I'm getting >>>>>>>> connection closed by foreign host. Is there a configuration change >>>>>>>> that has to be made to open up the access? >>>>>>> >>>>>>>> $> telnet oidserver 389 >>>>>>>> Trying 192.168.2.34... >>>>>>>> Connected to oidserver. >>>>>>>> Escape character is '^]'. >>>>>>>> ldapsearch "cn=mytestdb" >>>>>>>> Connection to oidserver closed by foreign host. >>>>>>>> $> >>>>>>> >>>>>>>> I'm able to successfully run ldapsearch "cn=mytestdb" directly on the >>>>>>>> oidserver. >>>>>>> >>>>>>>> Can someone help? >>>>>>> >>>>>>>> thanks. >>>>>>> >>>>>>> Your OID server is not running telnet on port 389, that is the port for >>>>>>> LDAP. Telnet should normally be running on the normal telnet port. >>>>>>> >>>>>>> But you don't need telnet at all to perform an ldap search on another >>>>>>> server. You can use ldapsearch on the second server with the target host >>>>>>> and target port as parameters, like: >>>>>>> ldapsearch -h<targethost> -p<targetport> -D cn=orcladmin -w<password> >>>>>>> -b<basedn> (cn=mytestdb) >>>>>>> >>>>>>> Shakespeare >>>>>> >>>>>> I respectfully disagree with the term 'normal telnet port' (which I >>>>>> presume Shakespeare assumes 23 ). >>>>>> >>>>>> Telnet establishes connection between any different ports (as per RFC >>>>>> 854), and only if intended as remote terminal access this protocol is >>>>>> assigned server port 23. >>>>>> >>>>>> Cheers. >>>>>> >>>>>> Carlos. >>>>> >>>>> >>>>> I stand corrected, Carlos is right here, as the server responds with >>>>> "connected to oidserver". Still, telnet is not needed here, so you could try >>>>> to perform ldapsearch directly. >>>>> >>>> >>>> It is possible the OP was a little confused/misled - thinking that you >>>> could interact with LDAP directly by issuing protocol commands in the >>>> same way that people sometimes use telnet to connect to port 25 to issue >>>> SMTP commands or port 80 and issue HTTP commands. I suspect that if you >>>> no the low level LDAP protocol, you posibly could do this, but I'm not >>>> familiar enough with the protocol spec to be sure. In any case, you >>>> would not be using ldapsearch and it would likely be a somewhat painful >>>> way to query the directory. There probalby is a basic key sequence you >>>> could enter to test and determine if an LDAP server is listening on that >>>> port - similar to issuing HELO to SMTP or a GET to HTTP. >>>> >>>> Tim >>> >>> Ldapbind is used for this. >>> >> >> I'm familiar with ldapsearch and I know that you perform an ldap bind to >> connect to an ldap server and that this is the standard way to test for >> existance/password (i.e. bind as that user with their password), but I'm >> not familiar with any ldapbind program/utility. There is no such utility >> on any of my systems or in the ldap-utils package that has ldapsearch. >> Are you saying that ldapbind is the protocol level command that you >> could use via telnet in a similar way to HELO for SMTP and GET for HTTP? >> >> If not, what would be the standard way of diagnosing network access problems >> with an LDAP server that would verify the server was contactable from >> various IPs without having to install ldap utilities on all the systems >> using those IPs? >> >> Tim >> > > ldapbind is a program, as is ldapsearch. It comes with (a.o.) Oracle Identity > Management and Oracle Application Server. I looked it up and it seems it is > indeed Oracle specific (but it can bind to other LDAP servers as well). I'm so > used to Oracle I sometimes tend to think these tools are generic.... Ldapbind > can test without having to pass a username and password. It just responds with > bind succeeded' (or something like that, I'm 'blessed' with a Dutch version). > It's not possible to just copy the .exe program to a machine, it needs a bunch > of oracle dll's. > > I don't know of any 'low level' command like HELO or GET. > > I tried to telnet my own Oracle LDAP server and indeed, I can open telnet on > port 389, but I don't get any response. It stops working as soon as I press a > key. > It seems openldap and other implementations respond to telnet on 389, but > oracle does not. > > I found a reference to using Oracle LDAP with telnet though. If you do not get > any errors, the LDAP server is listening (but it won't respond and it will > disconnect after a while) . If it's not, it will give a connection error > (could not connect to host). I even tried this on port 636 (the ssl port). It > just shows a cursor, but I'm not able to get out again. > > > Shakespeare > OK, thanks for clarification. Telnetig to the port at least tells you that you can access the server and it is listening. I guess if you want to test further , you need to either install some ldap utils, such as ldapsearch or you need to use something like perl (but you still need the perl ldap module installed). Tim -- tcross (at) rapttech dot com dot au |