Bug 49124
| Summary: | Startup script prevents openldap from binding to a specific port | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Graham Leggett <minfrin> |
| Component: | openldap | Assignee: | Jay Fenlason <fenlason> |
| Status: | CLOSED CANTFIX | QA Contact: | Aaron Brown <abrown> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | CC: | jfeeney |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-10-18 16:11:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I have impression that if you create /etc/sysconfig/ldap with SLAPD_oPTIONS='-h "<new default>"' content, the port will be overriden (I do not have my test box at hand but this at least worked for the -u option). As I understand it additional -h options specify additional IP and ports to bind to. This means that by default when TLS is enabled openldap will bind to all insecure and secure ports, as well as any more ports you define. Ideally there should be both an $OPTIONS and $TLSOPTIONS variable to distinguish between the two different server behaviors set inside /etc/sysconfig/ldap. Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Red Hat apologizes that these issues have not been resolved yet. We do want to make sure that no important bugs slip through the cracks. Please check if this issue is still present in a current Fedora Core release. If so, please change the product and version to match, and check the box indicating that the requested information has been provided. Note that any bug still open against Red Hat Linux on will be closed as 'CANTFIX' on September 30, 2006. Thanks again for your help. Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Closing as CANTFIX. |
From Bugzilla Helper: User-Agent: Mozilla/4.73 [en] (X11; I; Linux 2.4.6 ppc) Description of problem: When TLS is enabled in the openldap config, the startup script at /etc/rc.d/init.d/ldap forces slapd to bind to port 389 and 636 on all interfaces - if you only want it to bind to port 636 on a particular interface, this is not possible without changing the startup scripts and making upgrading difficult. How reproducible: Always Steps to Reproduce: In /etc/rc.d/init.d/ldap the logic goes like this: echo -n $"Starting slapd: " if grep -q ^TLS /etc/openldap/slapd.conf ; then daemon ${slapd} -u ldap -h '"ldap:/// ldaps:///"' $OPTIONS $SLAPD_OPTIONS RETVAL=$? else daemon ${slapd} -u ldap $OPTIONS $SLAPD_OPTIONS RETVAL=$? fi Expected Results: There should be a clean way to override the "ldap:/// ldaps:///" default. Additional info: