This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 49124 - Startup script prevents openldap from binding to a specific port
Startup script prevents openldap from binding to a specific port
Status: CLOSED CANTFIX
Product: Red Hat Linux
Classification: Retired
Component: openldap (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-14 10:21 EDT by Graham Leggett
Modified: 2014-08-31 19:24 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-18 12:11:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Graham Leggett 2001-07-14 10:21:34 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.73 [en] (X11; I; Linux 2.4.6 ppc)

Description of problem:
When TLS is enabled in the openldap config, the startup script at
/etc/rc.d/init.d/ldap forces slapd to bind to port 389 and 636 on all
interfaces - if you only want it to bind to port 636 on a particular
interface, this is not possible without changing the startup scripts and
making upgrading difficult.

How reproducible:
Always

Steps to Reproduce:
In /etc/rc.d/init.d/ldap the logic goes like this:
 
        echo -n $"Starting slapd: "
        if grep -q ^TLS /etc/openldap/slapd.conf ; then
            daemon ${slapd} -u ldap -h '"ldap:/// ldaps:///"' $OPTIONS
$SLAPD_OPTIONS
            RETVAL=$?
        else
            daemon ${slapd} -u ldap $OPTIONS $SLAPD_OPTIONS
            RETVAL=$?
        fi



Expected Results:  There should be a clean way to override the "ldap:///
ldaps:///" default.

Additional info:
Comment 1 Pawel Salek 2001-08-13 06:02:55 EDT
I have impression that if you create /etc/sysconfig/ldap with
SLAPD_oPTIONS='-h "<new default>"'
content, the port will be overriden (I do not have my test box at hand but this
at least worked for the -u option).
Comment 2 Graham Leggett 2001-08-13 10:44:04 EDT
As I understand it additional -h options specify additional IP and ports to bind
to. This means that by default when TLS is enabled openldap will bind to all
insecure and secure ports, as well as any more ports you define.

Ideally there should be both an $OPTIONS and $TLSOPTIONS variable to distinguish
between the two different server behaviors set inside /etc/sysconfig/ldap.
Comment 3 Bill Nottingham 2006-08-07 14:48:45 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Comment 4 Bill Nottingham 2006-10-18 12:11:25 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.