Re: how to do a ldapsearch from a telnet session

From: Tim X <timx_at_nospam.dev.null>
Date: Wed, 28 Apr 2010 08:23:52 +1000
Message-ID: <87eii0edqf.fsf_at_rapttech.com.au>



Shakespeare <whatsin_at_xs4all.nl> writes:

> Op 27-4-2010 1:15, Tim X schreef:

>> Shakespeare<whatsin_at_xs4all.nl>  writes:
>>
>>> Op 26-4-2010 14:31, Tim X schreef:
>>>> Shakespeare<whatsin_at_xs4all.nl>   writes:
>>>>
>>>>> Op 26-4-2010 11:22, Carlos schreef:
>>>>>> On Apr 26, 9:47 am, Shakespeare<what..._at_xs4all.nl>    wrote:
>>>>>>> Op 21-4-2010 20:39, kat schreef:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Hi,
>>>>>>>> I'm trying to check the status of our OID (10.1.0.4) server running
>>>>>>>> OEL 4 from another OEL server by passing a string (cn=mytestdb) and
>>>>>>>> I'm hoping to receive an expected string back but I'm getting
>>>>>>>> connection closed by foreign host. Is there a configuration change
>>>>>>>> that has to be made to open up the access?
>>>>>>>
>>>>>>>> $>      telnet oidserver 389
>>>>>>>> Trying 192.168.2.34...
>>>>>>>> Connected to oidserver.
>>>>>>>> Escape character is '^]'.
>>>>>>>> ldapsearch "cn=mytestdb"
>>>>>>>> Connection to oidserver closed by foreign host.
>>>>>>>> $>
>>>>>>>
>>>>>>>> I'm able to successfully run ldapsearch "cn=mytestdb" directly on the
>>>>>>>> oidserver.
>>>>>>>
>>>>>>>> Can someone help?
>>>>>>>
>>>>>>>> thanks.
>>>>>>>
>>>>>>> Your OID server is not running telnet on port 389, that is the port for
>>>>>>> LDAP. Telnet should normally be running on the normal telnet port.
>>>>>>>
>>>>>>> But you  don't need telnet at all to perform an ldap search on another
>>>>>>> server. You can use ldapsearch on the second server with the target host
>>>>>>> and target port as parameters, like:
>>>>>>> ldapsearch -h<targethost>    -p<targetport>    -D cn=orcladmin -w<password>
>>>>>>> -b<basedn>    (cn=mytestdb)
>>>>>>>
>>>>>>> Shakespeare
>>>>>>
>>>>>> I respectfully disagree with the term 'normal telnet port' (which I
>>>>>> presume Shakespeare assumes 23 ).
>>>>>>
>>>>>> Telnet establishes connection between any different ports (as per RFC
>>>>>> 854), and only if intended as remote terminal access this protocol is
>>>>>> assigned server port 23.
>>>>>>
>>>>>> Cheers.
>>>>>>
>>>>>> Carlos.
>>>>>
>>>>>
>>>>> I stand corrected, Carlos is right here, as the server responds with
>>>>> "connected to oidserver". Still, telnet is not needed here, so you could try
>>>>> to perform ldapsearch directly.
>>>>>
>>>>
>>>> It is possible the OP was a little confused/misled - thinking that you
>>>> could interact with LDAP directly by issuing protocol commands in the
>>>> same way that people sometimes use telnet to connect to port 25 to issue
>>>> SMTP commands or port 80 and issue HTTP commands. I suspect that if you
>>>> no the low level LDAP protocol, you posibly could do this, but I'm not
>>>> familiar enough with the protocol spec to be sure. In any case, you
>>>> would not be using ldapsearch and it would likely be a somewhat painful
>>>> way to query the directory. There probalby is a basic key sequence you
>>>> could enter to test and determine if an LDAP server is listening on that
>>>> port - similar to issuing HELO to SMTP or a GET to HTTP.
>>>>
>>>> Tim
>>>
>>> Ldapbind is used for this.
>>>
>>
>> I'm familiar with ldapsearch and I know that you perform an ldap bind to
>> connect to an ldap server and that this is the standard way to test for
>> existance/password (i.e. bind as that user with their password), but I'm
>> not familiar with any ldapbind program/utility. There is no such utility
>> on any of my systems or in the ldap-utils package that has ldapsearch.
>> Are you saying that ldapbind is the protocol level command that you
>> could use via telnet in a similar way to HELO for SMTP and GET for HTTP?
>>
>> If not, what would be the standard way of diagnosing network access problems
>> with an LDAP server that would verify the server was contactable from
>> various IPs without having to install ldap utilities on all the systems
>> using those IPs?
>>
>> Tim
>>
>

> ldapbind is a program, as is ldapsearch. It comes with (a.o.) Oracle Identity
> Management and Oracle Application Server. I looked it up and it seems it is
> indeed Oracle specific (but it can bind to other LDAP servers as well). I'm so
> used to Oracle I sometimes tend to think these tools are generic.... Ldapbind
> can test without having to pass a username and password. It just responds with
> bind succeeded' (or something like that, I'm 'blessed' with a Dutch version).
> It's not possible to just copy the .exe program to a machine, it needs a bunch
> of oracle dll's.
>

> I don't know of any 'low level' command like HELO or GET.
>

> I tried to telnet my own Oracle LDAP server and indeed, I can open telnet on
> port 389, but I don't get any response. It stops working as soon as I press a
> key.
> It seems openldap and other implementations respond to telnet on 389, but
> oracle does not.
>

> I found a reference to using Oracle LDAP with telnet though. If you do not get
> any errors, the LDAP server is listening (but it won't respond and it will
> disconnect after a while) . If it's not, it will give a connection error
> (could not connect to host). I even tried this on port 636 (the ssl port). It
> just shows a cursor, but I'm not able to get out again.
>
>

> Shakespeare

>

OK, thanks for clarification.

Telnetig to the port at least tells you that you can access the server and it is listening. I guess if you want to test further , you need to either install some ldap utils, such as ldapsearch or you need to use something like perl (but you still need the perl ldap module installed).

Tim

-- 
tcross (at) rapttech dot com dot au
Received on Tue Apr 27 2010 - 17:23:52 CDT

Original text of this message