Re: how to do a ldapsearch from a telnet session

From: Shakespeare <whatsin_at_xs4all.nl>
Date: Tue, 27 Apr 2010 21:40:46 +0200
Message-ID: <4bd73dc7$0$22917$e4fe514c_at_news.xs4all.nl>



Op 27-4-2010 1:15, Tim X schreef:
> Shakespeare<whatsin_at_xs4all.nl> writes:
>
>> Op 26-4-2010 14:31, Tim X schreef:
>>> Shakespeare<whatsin_at_xs4all.nl> writes:
>>>
>>>> Op 26-4-2010 11:22, Carlos schreef:
>>>>> On Apr 26, 9:47 am, Shakespeare<what..._at_xs4all.nl> wrote:
>>>>>> Op 21-4-2010 20:39, kat schreef:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hi,
>>>>>>> I'm trying to check the status of our OID (10.1.0.4) server running
>>>>>>> OEL 4 from another OEL server by passing a string (cn=mytestdb) and
>>>>>>> I'm hoping to receive an expected string back but I'm getting
>>>>>>> connection closed by foreign host. Is there a configuration change
>>>>>>> that has to be made to open up the access?
>>>>>>
>>>>>>> $> telnet oidserver 389
>>>>>>> Trying 192.168.2.34...
>>>>>>> Connected to oidserver.
>>>>>>> Escape character is '^]'.
>>>>>>> ldapsearch "cn=mytestdb"
>>>>>>> Connection to oidserver closed by foreign host.
>>>>>>> $>
>>>>>>
>>>>>>> I'm able to successfully run ldapsearch "cn=mytestdb" directly on the
>>>>>>> oidserver.
>>>>>>
>>>>>>> Can someone help?
>>>>>>
>>>>>>> thanks.
>>>>>>
>>>>>> Your OID server is not running telnet on port 389, that is the port for
>>>>>> LDAP. Telnet should normally be running on the normal telnet port.
>>>>>>
>>>>>> But you don't need telnet at all to perform an ldap search on another
>>>>>> server. You can use ldapsearch on the second server with the target host
>>>>>> and target port as parameters, like:
>>>>>> ldapsearch -h<targethost> -p<targetport> -D cn=orcladmin -w<password>
>>>>>> -b<basedn> (cn=mytestdb)
>>>>>>
>>>>>> Shakespeare
>>>>>
>>>>> I respectfully disagree with the term 'normal telnet port' (which I
>>>>> presume Shakespeare assumes 23 ).
>>>>>
>>>>> Telnet establishes connection between any different ports (as per RFC
>>>>> 854), and only if intended as remote terminal access this protocol is
>>>>> assigned server port 23.
>>>>>
>>>>> Cheers.
>>>>>
>>>>> Carlos.
>>>>
>>>>
>>>> I stand corrected, Carlos is right here, as the server responds with
>>>> "connected to oidserver". Still, telnet is not needed here, so you could try
>>>> to perform ldapsearch directly.
>>>>
>>>
>>> It is possible the OP was a little confused/misled - thinking that you
>>> could interact with LDAP directly by issuing protocol commands in the
>>> same way that people sometimes use telnet to connect to port 25 to issue
>>> SMTP commands or port 80 and issue HTTP commands. I suspect that if you
>>> no the low level LDAP protocol, you posibly could do this, but I'm not
>>> familiar enough with the protocol spec to be sure. In any case, you
>>> would not be using ldapsearch and it would likely be a somewhat painful
>>> way to query the directory. There probalby is a basic key sequence you
>>> could enter to test and determine if an LDAP server is listening on that
>>> port - similar to issuing HELO to SMTP or a GET to HTTP.
>>>
>>> Tim
>>
>> Ldapbind is used for this.
>>
>
> I'm familiar with ldapsearch and I know that you perform an ldap bind to
> connect to an ldap server and that this is the standard way to test for
> existance/password (i.e. bind as that user with their password), but I'm
> not familiar with any ldapbind program/utility. There is no such utility
> on any of my systems or in the ldap-utils package that has ldapsearch.
> Are you saying that ldapbind is the protocol level command that you
> could use via telnet in a similar way to HELO for SMTP and GET for HTTP?
>
> If not, what would be the standard way of diagnosing network access problems
> with an LDAP server that would verify the server was contactable from
> various IPs without having to install ldap utilities on all the systems
> using those IPs?
>
> Tim
>

ldapbind is a program, as is ldapsearch. It comes with (a.o.) Oracle Identity Management and Oracle Application Server. I looked it up and it seems it is indeed Oracle specific (but it can bind to other LDAP servers as well). I'm so used to Oracle I sometimes tend to think these tools are generic.... Ldapbind can test without having to pass a username and password. It just responds with 'bind succeeded' (or something like that, I'm 'blessed' with a Dutch version). It's not possible to just copy the .exe program to a machine, it needs a bunch of oracle dll's.

I don't know of any 'low level' command like HELO or GET.

I tried to telnet my own Oracle LDAP server and indeed, I can open telnet on port 389, but I don't get any response. It stops working as soon as I press a key.
It seems openldap and other implementations respond to telnet on 389, but oracle does not.

I found a reference to using Oracle LDAP with telnet though. If you do not get any errors, the LDAP server is listening (but it won't respond and it will disconnect after a while) . If it's not, it will give a connection error (could not connect to host). I even tried this on port 636 (the ssl port). It just shows a cursor, but I'm not able to get out again.

Shakespeare Received on Tue Apr 27 2010 - 14:40:46 CDT

Original text of this message