From Bugzilla Helper: User-Agent: Mozilla/4.73 [en] (X11; I; Linux 2.4.6 ppc) Description of problem: When TLS is enabled in the openldap config, the startup script at /etc/rc.d/init.d/ldap forces slapd to bind to port 389 and 636 on all interfaces - if you only want it to bind to port 636 on a particular interface, this is not possible without changing the startup scripts and making upgrading difficult. How reproducible: Always Steps to Reproduce: In /etc/rc.d/init.d/ldap the logic goes like this: echo -n $"Starting slapd: " if grep -q ^TLS /etc/openldap/slapd.conf ; then daemon ${slapd} -u ldap -h '"ldap:/// ldaps:///"' $OPTIONS $SLAPD_OPTIONS RETVAL=$? else daemon ${slapd} -u ldap $OPTIONS $SLAPD_OPTIONS RETVAL=$? fi Expected Results: There should be a clean way to override the "ldap:/// ldaps:///" default. Additional info:
I have impression that if you create /etc/sysconfig/ldap with SLAPD_oPTIONS='-h "<new default>"' content, the port will be overriden (I do not have my test box at hand but this at least worked for the -u option).
As I understand it additional -h options specify additional IP and ports to bind to. This means that by default when TLS is enabled openldap will bind to all insecure and secure ports, as well as any more ports you define. Ideally there should be both an $OPTIONS and $TLSOPTIONS variable to distinguish between the two different server behaviors set inside /etc/sysconfig/ldap.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Red Hat apologizes that these issues have not been resolved yet. We do want to make sure that no important bugs slip through the cracks. Please check if this issue is still present in a current Fedora Core release. If so, please change the product and version to match, and check the box indicating that the requested information has been provided. Note that any bug still open against Red Hat Linux on will be closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Closing as CANTFIX.