LDAP server to client communications

From: kevinL <kevinL@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 31 Jan 2006 04:45:27 -0800

I am using AD for authorization to access some apache directories via
mod_auth_ldap and that is working well. LDAP queries which originate from
the client (apache) host succeed because the statefull firewall handles the
tcp connection response, no prob.

Periodically, I see the AD DC/LDAP server (which holds all FSMO roles in
this test forest/domain) try to send small packets to the apache server in
the 33,000 range. Other than LDAP, there is no reason for the LDAP server to
communicate with the server running apache.

The ?:

Do I need to figure out a way to allow the LDAP server to periodically
contact the server running apache and is there any way to isolate a port
range for such communications so I am not leaving a huge range of ports open?

kevinL
.

Follow-Ups:
- Re: LDAP server to client communications
  - From: Lee Flight

Prev by Date: RE: Certificate Authority is also a DC, want to demote?
Next by Date: Re: Active Directory Folders
Previous by thread: Re: GP Question
Next by thread: Re: LDAP server to client communications
Index(es):
- Date
- Thread

Relevant Pages

Re: LDAP Authentication from Linux
... doesn't the LDAP module in Apache require a secure connection on most recent Linux systems? ... Moving the ldap45457 user into the same OU as the rest of my normal users, and then changing apache to the below, and also adding "List Contents" Read permissions to that OU, as per what I read here for anonymous access. ... user marsh authentication failed; ...
(microsoft.public.windows.server.sbs)
Sudden "Cant contact LDAP server" errors
... I'm running a Ubuntu Apache server which serves up only SVN and TRAC sites. ... All the SVN and TRAC repos use LDAP to authenticate, and the LDAP server is a Windows Active Directory server on the same network. ... When this happens, you *can* happily do an ldap-search from the terminal and get valid results, and other boxes which authenticate against the AD server all work fine during this time. ...
(Ubuntu)
Debian and Apache2 nested group ldap support
... I would like to ask a question about an LDAP + Apache2 related ... The apache packages installed: ... Server - high speed threaded mod ... Invalid command 'AuthLDAPSubGroupClass', perhaps misspelled or defined ...
(Debian-User)
A night with threads and gdb
... I was struggling in the effort to get apache ... searching for users in the ldap database. ... Later on I realized that sendmail wasn't using authentication, ... I guess that when started up without -X, one process dies and the ...
(freebsd-questions)
[VulnWatch] Digital Armaments: Apache auth_ldap module Multiple Format Strings Vulnerability
... Apache auth_ldap module Multiple Format Strings Vulnerability ... popular web server. ... It also has support for LDAP over SSL, ... permissions while still using LDAP for authentication. ...
(VulnWatch)