Назад | Перейти на главную страницу

Как получить доступ с одного узла к другому с помощью ldapsearch на Vagrant?

Используя vagrant, были созданы два узла:

Vagrantfile

Vagrant.configure("2") do |config|
  config.vm.box = "centos/7"

  config.vm.define "node1" do |c|
    c.vm.hostname = "node1"
    c.vm.provider "virtualbox" do |v|
      v.memory = 2048
      v.cpus = 2
    end
    c.vm.network "private_network", ip: "192.168.1.41"
    c.vm.network "forwarded_port", guest: 443, host: 443
    c.vm.network "forwarded_port", guest: 80, host: 80
  end

  config.vm.define "node2" do |c|
    c.vm.hostname = "ipa.my.domain"
    c.vm.provider "virtualbox" do |v|
      v.memory = 2048
      v.cpus = 2
    end
    c.vm.network "private_network", ip: "192.168.1.42"
    c.vm.network "forwarded_port", guest: 389, host: 389
    c.vm.network "forwarded_port", guest: 636, host: 636
  end
end

Установлены FreeIPA по

yum install ipa-server bind-dyndb-ldap ipa-server-dns -y
ipa-server-install --setup-dns

Проверьте порты ldap на node2

[root@ipa ~]# netstat -tulpn | grep 389
tcp6       0      0 :::389                  :::*                    LISTEN      2229/ns-slapd
[root@ipa ~]# netstat -tulpn | grep 636
tcp6       0      0 :::636                  :::*                    LISTEN      2229/ns-slapd

Проверьте соединение telnet с узла 1

[root@node1 ~]# telnet -4 192.168.1.42 389
Trying 192.168.1.42...
Connected to 192.168.1.42.
Escape character is '^]'.

[root@node1 ~]# telnet -4 192.168.1.42 636
Trying 192.168.1.42...
Connected to 192.168.1.42.
Escape character is '^]'.

Можно бежать ldapsearch на узле 2

ldapsearch -x -H ldaps://ipa.my.domain:636 -D "cn=Directory Manager" -w password
(Get users correctly)

Однако нельзя запустить его на узле 1 для доступа к узлу 2.

[root@node1 ~]# yum -y install openldap-clients

[root@node1 ~]# ldapsearch -x -H ldap://192.168.1.42:389 -D "cn=Directory Manager" -w password
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

[root@node1 ~]# ldapsearch -x -H ldaps://192.168.1.42:636 -D "cn=Directory Manager" -w password
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Установленные службы на node2

[root@ipa ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful

Почему нельзя?