LDAP connections only work on local subnet
I have a problem when connecting to an LDAP server that I can't explain.
My client (an apache webserver running woody) and 2 ldap servers (A and B) are
located on network 1.
A third LDAP server (C) is located on another network, that is connected with
a firewall. Connectivity to that server is ok (I can browse our intranet
that's hosted on it).
I can connect to LDAP server A and B, but not to C. The strange thing is that
it doesn't even try. When I see what packets are being sent (tethereal log
included), I can see that connecting to either A or B results in LDAP packets
being sent over the wire.
However, when connecting to LDAP server C, nothing happens. Not a single
packet is sent.
Here is what it looks like on the command line and in the tethereal log. I
changed the ip addresses. Zarquon's ip address is 10.10.10.9
zarquon:/var/www# ldapsearch -h 10.10.10.2
ldap_sasl_interactive_bind_s: No such attribute
zarquon:/var/www# ldapsearch -h 10.10.10.3
ldap_sasl_interactive_bind_s: Unknown authentication method
zarquon:/var/www# ldapsearch -h 10.100.20.2
ldap_sasl_interactive_bind_s: Can't contact LDAP server
(after a few seconds)
Here is the tethereal log (ugly due to the wrapping):
0.000000 10.10.10.9 -> 10.10.10.2 TCP 36155 > ldap [SYN] Seq=3581423164
Ack=0 Win=5840 Len=0
0.001394 10.10.10.2 -> 10.10.10.9 TCP ldap > 36155 [SYN, ACK]
Seq=1572044337 Ack=3581423165 Win=65535 Len=0
0.001450 10.10.10.9 -> 10.10.10.2 TCP 36155 > ldap [ACK] Seq=3581423165
Ack=1572044338 Win=5840 Len=0
3.440429 10.10.10.9 -> 10.10.10.3 TCP 36156 > ldap [SYN] Seq=3575832241
Ack=0 Win=5840 Len=0
3.440739 10.10.10.3 -> 10.10.10.9 TCP ldap > 36156 [SYN, ACK]
Seq=3841658316 Ack=3575832242 Win=17520 Len=0
3.440806 10.10.10.9 -> 10.10.10.3 TCP 36156 > ldap [ACK] Seq=3575832242
Ack=3841658317 Win=5840 Len=0
For the connection to LDAP server C, there's nothing.
Is there a logical explanation for this, or is it something I did (can't
Any pointers will be welcome as if they where Sir Lancelot in the castle of
This e-mail and any attached files are confidential and may be legally privileged. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this communication is strictly prohibited. If you have received this transmission in error please notify A.S.T.R.I.D. nv/sa immediately and then delete this e-mail.