how to do a ldapsearch from a telnet session
in [Oracle]
|
Prev: V$DIAG_ALERT_EXT table
Next: DBMS_REPAIR.CHECK_OBJECT
From: Tim X on 26 Apr 2010 08:31 Shakespeare <whatsin(a)xs4all.nl> writes: > Op 26-4-2010 11:22, Carlos schreef: >> On Apr 26, 9:47 am, Shakespeare<what...(a)xs4all.nl> wrote: >>> Op 21-4-2010 20:39, kat schreef: >>> >>> >>> >>>> Hi, >>>> I'm trying to check the status of our OID (10.1.0.4) server running >>>> OEL 4 from another OEL server by passing a string (cn=mytestdb) and >>>> I'm hoping to receive an expected string back but I'm getting >>>> connection closed by foreign host. Is there a configuration change >>>> that has to be made to open up the access? >>> >>>> $> telnet oidserver 389 >>>> Trying 192.168.2.34... >>>> Connected to oidserver. >>>> Escape character is '^]'. >>>> ldapsearch "cn=mytestdb" >>>> Connection to oidserver closed by foreign host. >>>> $> >>> >>>> I'm able to successfully run ldapsearch "cn=mytestdb" directly on the >>>> oidserver. >>> >>>> Can someone help? >>> >>>> thanks. >>> >>> Your OID server is not running telnet on port 389, that is the port for >>> LDAP. Telnet should normally be running on the normal telnet port. >>> >>> But you don't need telnet at all to perform an ldap search on another >>> server. You can use ldapsearch on the second server with the target host >>> and target port as parameters, like: >>> ldapsearch -h<targethost> -p<targetport> -D cn=orcladmin -w<password> >>> -b<basedn> (cn=mytestdb) >>> >>> Shakespeare >> >> I respectfully disagree with the term 'normal telnet port' (which I >> presume Shakespeare assumes 23 ). >> >> Telnet establishes connection between any different ports (as per RFC >> 854), and only if intended as remote terminal access this protocol is >> assigned server port 23. >> >> Cheers. >> >> Carlos. > > > I stand corrected, Carlos is right here, as the server responds with > "connected to oidserver". Still, telnet is not needed here, so you could try > to perform ldapsearch directly. > It is possible the OP was a little confused/misled - thinking that you could interact with LDAP directly by issuing protocol commands in the same way that people sometimes use telnet to connect to port 25 to issue SMTP commands or port 80 and issue HTTP commands. I suspect that if you no the low level LDAP protocol, you posibly could do this, but I'm not familiar enough with the protocol spec to be sure. In any case, you would not be using ldapsearch and it would likely be a somewhat painful way to query the directory. There probalby is a basic key sequence you could enter to test and determine if an LDAP server is listening on that port - similar to issuing HELO to SMTP or a GET to HTTP. Tim -- tcross (at) rapttech dot com dot au
From: Shakespeare on 26 Apr 2010 12:04 Op 26-4-2010 14:31, Tim X schreef: > Shakespeare<whatsin(a)xs4all.nl> writes: > >> Op 26-4-2010 11:22, Carlos schreef: >>> On Apr 26, 9:47 am, Shakespeare<what...(a)xs4all.nl> wrote: >>>> Op 21-4-2010 20:39, kat schreef: >>>> >>>> >>>> >>>>> Hi, >>>>> I'm trying to check the status of our OID (10.1.0.4) server running >>>>> OEL 4 from another OEL server by passing a string (cn=mytestdb) and >>>>> I'm hoping to receive an expected string back but I'm getting >>>>> connection closed by foreign host. Is there a configuration change >>>>> that has to be made to open up the access? >>>> >>>>> $> telnet oidserver 389 >>>>> Trying 192.168.2.34... >>>>> Connected to oidserver. >>>>> Escape character is '^]'. >>>>> ldapsearch "cn=mytestdb" >>>>> Connection to oidserver closed by foreign host. >>>>> $> >>>> >>>>> I'm able to successfully run ldapsearch "cn=mytestdb" directly on the >>>>> oidserver. >>>> >>>>> Can someone help? >>>> >>>>> thanks. >>>> >>>> Your OID server is not running telnet on port 389, that is the port for >>>> LDAP. Telnet should normally be running on the normal telnet port. >>>> >>>> But you don't need telnet at all to perform an ldap search on another >>>> server. You can use ldapsearch on the second server with the target host >>>> and target port as parameters, like: >>>> ldapsearch -h<targethost> -p<targetport> -D cn=orcladmin -w<password> >>>> -b<basedn> (cn=mytestdb) >>>> >>>> Shakespeare >>> >>> I respectfully disagree with the term 'normal telnet port' (which I >>> presume Shakespeare assumes 23 ). >>> >>> Telnet establishes connection between any different ports (as per RFC >>> 854), and only if intended as remote terminal access this protocol is >>> assigned server port 23. >>> >>> Cheers. >>> >>> Carlos. >> >> >> I stand corrected, Carlos is right here, as the server responds with >> "connected to oidserver". Still, telnet is not needed here, so you could try >> to perform ldapsearch directly. >> > > It is possible the OP was a little confused/misled - thinking that you > could interact with LDAP directly by issuing protocol commands in the > same way that people sometimes use telnet to connect to port 25 to issue > SMTP commands or port 80 and issue HTTP commands. I suspect that if you > no the low level LDAP protocol, you posibly could do this, but I'm not > familiar enough with the protocol spec to be sure. In any case, you > would not be using ldapsearch and it would likely be a somewhat painful > way to query the directory. There probalby is a basic key sequence you > could enter to test and determine if an LDAP server is listening on that > port - similar to issuing HELO to SMTP or a GET to HTTP. > > Tim Ldapbind is used for this. Shakespeare
From: Tim X on 26 Apr 2010 19:15 Shakespeare <whatsin(a)xs4all.nl> writes: > Op 26-4-2010 14:31, Tim X schreef: >> Shakespeare<whatsin(a)xs4all.nl> writes: >> >>> Op 26-4-2010 11:22, Carlos schreef: >>>> On Apr 26, 9:47 am, Shakespeare<what...(a)xs4all.nl> wrote: >>>>> Op 21-4-2010 20:39, kat schreef: >>>>> >>>>> >>>>> >>>>>> Hi, >>>>>> I'm trying to check the status of our OID (10.1.0.4) server running >>>>>> OEL 4 from another OEL server by passing a string (cn=mytestdb) and >>>>>> I'm hoping to receive an expected string back but I'm getting >>>>>> connection closed by foreign host. Is there a configuration change >>>>>> that has to be made to open up the access? >>>>> >>>>>> $> telnet oidserver 389 >>>>>> Trying 192.168.2.34... >>>>>> Connected to oidserver. >>>>>> Escape character is '^]'. >>>>>> ldapsearch "cn=mytestdb" >>>>>> Connection to oidserver closed by foreign host. >>>>>> $> >>>>> >>>>>> I'm able to successfully run ldapsearch "cn=mytestdb" directly on the >>>>>> oidserver. >>>>> >>>>>> Can someone help? >>>>> >>>>>> thanks. >>>>> >>>>> Your OID server is not running telnet on port 389, that is the port for >>>>> LDAP. Telnet should normally be running on the normal telnet port. >>>>> >>>>> But you don't need telnet at all to perform an ldap search on another >>>>> server. You can use ldapsearch on the second server with the target host >>>>> and target port as parameters, like: >>>>> ldapsearch -h<targethost> -p<targetport> -D cn=orcladmin -w<password> >>>>> -b<basedn> (cn=mytestdb) >>>>> >>>>> Shakespeare >>>> >>>> I respectfully disagree with the term 'normal telnet port' (which I >>>> presume Shakespeare assumes 23 ). >>>> >>>> Telnet establishes connection between any different ports (as per RFC >>>> 854), and only if intended as remote terminal access this protocol is >>>> assigned server port 23. >>>> >>>> Cheers. >>>> >>>> Carlos. >>> >>> >>> I stand corrected, Carlos is right here, as the server responds with >>> "connected to oidserver". Still, telnet is not needed here, so you could try >>> to perform ldapsearch directly. >>> >> >> It is possible the OP was a little confused/misled - thinking that you >> could interact with LDAP directly by issuing protocol commands in the >> same way that people sometimes use telnet to connect to port 25 to issue >> SMTP commands or port 80 and issue HTTP commands. I suspect that if you >> no the low level LDAP protocol, you posibly could do this, but I'm not >> familiar enough with the protocol spec to be sure. In any case, you >> would not be using ldapsearch and it would likely be a somewhat painful >> way to query the directory. There probalby is a basic key sequence you >> could enter to test and determine if an LDAP server is listening on that >> port - similar to issuing HELO to SMTP or a GET to HTTP. >> >> Tim > > Ldapbind is used for this. > I'm familiar with ldapsearch and I know that you perform an ldap bind to connect to an ldap server and that this is the standard way to test for existance/password (i.e. bind as that user with their password), but I'm not familiar with any ldapbind program/utility. There is no such utility on any of my systems or in the ldap-utils package that has ldapsearch. Are you saying that ldapbind is the protocol level command that you could use via telnet in a similar way to HELO for SMTP and GET for HTTP? If not, what would be the standard way of diagnosing network access problems with an LDAP server that would verify the server was contactable from various IPs without having to install ldap utilities on all the systems using those IPs? Tim -- tcross (at) rapttech dot com dot au
From: Shakespeare on 27 Apr 2010 15:40 Op 27-4-2010 1:15, Tim X schreef: > Shakespeare<whatsin(a)xs4all.nl> writes: > >> Op 26-4-2010 14:31, Tim X schreef: >>> Shakespeare<whatsin(a)xs4all.nl> writes: >>> >>>> Op 26-4-2010 11:22, Carlos schreef: >>>>> On Apr 26, 9:47 am, Shakespeare<what...(a)xs4all.nl> wrote: >>>>>> Op 21-4-2010 20:39, kat schreef: >>>>>> >>>>>> >>>>>> >>>>>>> Hi, >>>>>>> I'm trying to check the status of our OID (10.1.0.4) server running >>>>>>> OEL 4 from another OEL server by passing a string (cn=mytestdb) and >>>>>>> I'm hoping to receive an expected string back but I'm getting >>>>>>> connection closed by foreign host. Is there a configuration change >>>>>>> that has to be made to open up the access? >>>>>> >>>>>>> $> telnet oidserver 389 >>>>>>> Trying 192.168.2.34... >>>>>>> Connected to oidserver. >>>>>>> Escape character is '^]'. >>>>>>> ldapsearch "cn=mytestdb" >>>>>>> Connection to oidserver closed by foreign host. >>>>>>> $> >>>>>> >>>>>>> I'm able to successfully run ldapsearch "cn=mytestdb" directly on the >>>>>>> oidserver. >>>>>> >>>>>>> Can someone help? >>>>>> >>>>>>> thanks. >>>>>> >>>>>> Your OID server is not running telnet on port 389, that is the port for >>>>>> LDAP. Telnet should normally be running on the normal telnet port. >>>>>> >>>>>> But you don't need telnet at all to perform an ldap search on another >>>>>> server. You can use ldapsearch on the second server with the target host >>>>>> and target port as parameters, like: >>>>>> ldapsearch -h<targethost> -p<targetport> -D cn=orcladmin -w<password> >>>>>> -b<basedn> (cn=mytestdb) >>>>>> >>>>>> Shakespeare >>>>> >>>>> I respectfully disagree with the term 'normal telnet port' (which I >>>>> presume Shakespeare assumes 23 ). >>>>> >>>>> Telnet establishes connection between any different ports (as per RFC >>>>> 854), and only if intended as remote terminal access this protocol is >>>>> assigned server port 23. >>>>> >>>>> Cheers. >>>>> >>>>> Carlos. >>>> >>>> >>>> I stand corrected, Carlos is right here, as the server responds with >>>> "connected to oidserver". Still, telnet is not needed here, so you could try >>>> to perform ldapsearch directly. >>>> >>> >>> It is possible the OP was a little confused/misled - thinking that you >>> could interact with LDAP directly by issuing protocol commands in the >>> same way that people sometimes use telnet to connect to port 25 to issue >>> SMTP commands or port 80 and issue HTTP commands. I suspect that if you >>> no the low level LDAP protocol, you posibly could do this, but I'm not >>> familiar enough with the protocol spec to be sure. In any case, you >>> would not be using ldapsearch and it would likely be a somewhat painful >>> way to query the directory. There probalby is a basic key sequence you >>> could enter to test and determine if an LDAP server is listening on that >>> port - similar to issuing HELO to SMTP or a GET to HTTP. >>> >>> Tim >> >> Ldapbind is used for this. >> > > I'm familiar with ldapsearch and I know that you perform an ldap bind to > connect to an ldap server and that this is the standard way to test for > existance/password (i.e. bind as that user with their password), but I'm > not familiar with any ldapbind program/utility. There is no such utility > on any of my systems or in the ldap-utils package that has ldapsearch. > Are you saying that ldapbind is the protocol level command that you > could use via telnet in a similar way to HELO for SMTP and GET for HTTP? > > If not, what would be the standard way of diagnosing network access problems > with an LDAP server that would verify the server was contactable from > various IPs without having to install ldap utilities on all the systems > using those IPs? > > Tim > ldapbind is a program, as is ldapsearch. It comes with (a.o.) Oracle Identity Management and Oracle Application Server. I looked it up and it seems it is indeed Oracle specific (but it can bind to other LDAP servers as well). I'm so used to Oracle I sometimes tend to think these tools are generic.... Ldapbind can test without having to pass a username and password. It just responds with 'bind succeeded' (or something like that, I'm 'blessed' with a Dutch version). It's not possible to just copy the .exe program to a machine, it needs a bunch of oracle dll's. I don't know of any 'low level' command like HELO or GET. I tried to telnet my own Oracle LDAP server and indeed, I can open telnet on port 389, but I don't get any response. It stops working as soon as I press a key. It seems openldap and other implementations respond to telnet on 389, but oracle does not. I found a reference to using Oracle LDAP with telnet though. If you do not get any errors, the LDAP server is listening (but it won't respond and it will disconnect after a while) . If it's not, it will give a connection error (could not connect to host). I even tried this on port 636 (the ssl port). It just shows a cursor, but I'm not able to get out again. Shakespeare
From: Shakespeare on 27 Apr 2010 16:10
Op 27-4-2010 21:40, Shakespeare schreef: > Op 27-4-2010 1:15, Tim X schreef: >> Shakespeare<whatsin(a)xs4all.nl> writes: >> >>> Op 26-4-2010 14:31, Tim X schreef: >>>> Shakespeare<whatsin(a)xs4all.nl> writes: >>>> >>>>> Op 26-4-2010 11:22, Carlos schreef: >>>>>> On Apr 26, 9:47 am, Shakespeare<what...(a)xs4all.nl> wrote: >>>>>>> Op 21-4-2010 20:39, kat schreef: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Hi, >>>>>>>> I'm trying to check the status of our OID (10.1.0.4) server running >>>>>>>> OEL 4 from another OEL server by passing a string (cn=mytestdb) and >>>>>>>> I'm hoping to receive an expected string back but I'm getting >>>>>>>> connection closed by foreign host. Is there a configuration change >>>>>>>> that has to be made to open up the access? >>>>>>> >>>>>>>> $> telnet oidserver 389 >>>>>>>> Trying 192.168.2.34... >>>>>>>> Connected to oidserver. >>>>>>>> Escape character is '^]'. >>>>>>>> ldapsearch "cn=mytestdb" >>>>>>>> Connection to oidserver closed by foreign host. >>>>>>>> $> >>>>>>> >>>>>>>> I'm able to successfully run ldapsearch "cn=mytestdb" directly >>>>>>>> on the >>>>>>>> oidserver. >>>>>>> >>>>>>>> Can someone help? >>>>>>> >>>>>>>> thanks. >>>>>>> >>>>>>> Your OID server is not running telnet on port 389, that is the >>>>>>> port for >>>>>>> LDAP. Telnet should normally be running on the normal telnet port. >>>>>>> >>>>>>> But you don't need telnet at all to perform an ldap search on >>>>>>> another >>>>>>> server. You can use ldapsearch on the second server with the >>>>>>> target host >>>>>>> and target port as parameters, like: >>>>>>> ldapsearch -h<targethost> -p<targetport> -D cn=orcladmin >>>>>>> -w<password> >>>>>>> -b<basedn> (cn=mytestdb) >>>>>>> >>>>>>> Shakespeare >>>>>> >>>>>> I respectfully disagree with the term 'normal telnet port' (which I >>>>>> presume Shakespeare assumes 23 ). >>>>>> >>>>>> Telnet establishes connection between any different ports (as per RFC >>>>>> 854), and only if intended as remote terminal access this protocol is >>>>>> assigned server port 23. >>>>>> >>>>>> Cheers. >>>>>> >>>>>> Carlos. >>>>> >>>>> >>>>> I stand corrected, Carlos is right here, as the server responds with >>>>> "connected to oidserver". Still, telnet is not needed here, so you >>>>> could try >>>>> to perform ldapsearch directly. >>>>> >>>> >>>> It is possible the OP was a little confused/misled - thinking that you >>>> could interact with LDAP directly by issuing protocol commands in the >>>> same way that people sometimes use telnet to connect to port 25 to >>>> issue >>>> SMTP commands or port 80 and issue HTTP commands. I suspect that if you >>>> no the low level LDAP protocol, you posibly could do this, but I'm not >>>> familiar enough with the protocol spec to be sure. In any case, you >>>> would not be using ldapsearch and it would likely be a somewhat painful >>>> way to query the directory. There probalby is a basic key sequence you >>>> could enter to test and determine if an LDAP server is listening on >>>> that >>>> port - similar to issuing HELO to SMTP or a GET to HTTP. >>>> >>>> Tim >>> >>> Ldapbind is used for this. >>> >> >> I'm familiar with ldapsearch and I know that you perform an ldap bind to >> connect to an ldap server and that this is the standard way to test for >> existance/password (i.e. bind as that user with their password), but I'm >> not familiar with any ldapbind program/utility. There is no such utility >> on any of my systems or in the ldap-utils package that has ldapsearch. >> Are you saying that ldapbind is the protocol level command that you >> could use via telnet in a similar way to HELO for SMTP and GET for HTTP? >> >> If not, what would be the standard way of diagnosing network access >> problems >> with an LDAP server that would verify the server was contactable from >> various IPs without having to install ldap utilities on all the systems >> using those IPs? >> >> Tim >> > > ldapbind is a program, as is ldapsearch. It comes with (a.o.) Oracle > Identity Management and Oracle Application Server. I looked it up and it > seems it is indeed Oracle specific (but it can bind to other LDAP > servers as well). I'm so used to Oracle I sometimes tend to think these > tools are generic.... Ldapbind can test without having to pass a > username and password. It just responds with 'bind succeeded' (or > something like that, I'm 'blessed' with a Dutch version). It's not > possible to just copy the .exe program to a machine, it needs a bunch of > oracle dll's. > > I don't know of any 'low level' command like HELO or GET. > > I tried to telnet my own Oracle LDAP server and indeed, I can open > telnet on port 389, but I don't get any response. It stops working as > soon as I press a key. > It seems openldap and other implementations respond to telnet on 389, > but oracle does not. > > I found a reference to using Oracle LDAP with telnet though. If you do > not get any errors, the LDAP server is listening (but it won't respond > and it will disconnect after a while) . If it's not, it will give a > connection error (could not connect to host). I even tried this on port > 636 (the ssl port). It just shows a cursor, but I'm not able to get out > again. > > > Shakespeare > Well, just tried it on Linux, and get the same responses as OP did. Can connect, but can not issue any command. The mere fact that the server is responding to telnet on port 389 is showing LDAP is running. If not, it won't respond at all. Shalespeare |