这是我的带有调试功能的 ldapsearch 命令(我屏蔽了我的真实 IP 地址):
$ sudo /usr/local/bin/ldapsearch -H ldap://99.99.99.99 -b dc=my-domain,dc=com -x -d -1
ldap_url_parse_ext(ldap://99.99.99.99)
ldap_create
ldap_url_parse_ext(ldap://99.99.99.99:389/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 99.99.99.99:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 99.99.99.99:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect errno: 110
ldap_close_socket: 3
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
但是,运行起来sudo /usr/local/bin/ldapsearch -H ldap://localhost -b dc=my-domain,dc=com -x
一切正常。我也这样做了netstat -plane | grep ":389"
,并得到了以下打印输出:
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 0 521074687 20249/slapd
tcp6 0 0 :::389 :::* LISTEN 0 521074688 20249/slapd
这是我的iptables -L -v
输出:
Chain INPUT (policy ACCEPT 10M packets, 938M bytes)
pkts bytes target prot opt in out source destination
1349 294K ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 10M packets, 982M bytes)
pkts bytes target prot opt in out source destination
答案1
事实证明,在机器本身上无法测试这样的外部连接(某种环回问题)。从另一台机器测试连接工作正常。