Cloning for RHEL5.9 since a customer is hitting this bug on RHEL5. +++ This bug was initially created as a clone of Bug #790687 +++ To avoid port conflicts with services such as CUPS or IMAP openldap should be using portreserve for reserving respective ports within range 600 - 1023. According to /etc/services openldap might be using port(s) withing this range. Typical changes required: Given a SysV service package that uses a particular port, (say, krb5_prop/tcp - 754): 1) Create a file named after the service, for example 'krb5_prop', which contains: krb5_prop/tcp 2) In the spec, install this file in /etc/portreserve, i.e., /etc/portreserve/krb5_prop 3) In the spec, add 'Requires: portreserve' to the package that provides the server. 4) In the init script, in the start() stanza, add: [ -x /sbin/portrelease ] && /sbin/portrelease krb5_prop &>/dev/null || : before starting the daemon. Some background can be found in bug 103401. --- Additional comment from jvcelak on 2012-02-21 08:29:09 EST --- (In reply to comment #5) > What ports are we talking about? Ports to which openldap server connect to > answer client its queries? About the server ports clients connect to. In this case 389/tcp+udp and 636/tcp+udp. And 636 is in within the range. --- Additional comment from jvcelak on 2012-02-22 07:01:21 EST --- Committed to Git: http://pkgs.devel.redhat.com/cgit/rpms/openldap/commit/?h=rhel-6.3&id=9557ae7
Ups, I just realized that portreserve is not available on RHEL5. Therefore the port reserve conflict cannot be fixed this way. @Devel, pls, close this bug if you can't find other way how to avoid the conflict.
Unfortunately no easy way to do this without portreserve. I haven't found any reference to this problem in RHEL5 even with other components. I can only suggest not to use ldaps port (636). Use ldap port (389) which is out of the affected range. And enforce StartTLS by server. See 'require', 'security', and 'sasl-secprops' options in sldap.conf. SSF is the setting you are looking for. Closing.