ClearFoundation Tracker - ClearOS
View Issue Details
0021751ClearOSapp-openldap-directory - Directory Serverpublic2018-10-09 09:362019-07-24 15:14
NickH 
NickH 
normalfeaturealways
closedsuspended 
7.5.0 
 
0021751: Allow publish policies to optionally include ldap://
From time to time we get customer requests to have slapd listen on port 389. If we publish a policy we only allow slapd to listen on ldaps:// (tcp:636). There are two ways round this.
1 - edit /etc/sysconfig/slapd and use a custom policy
2 - edit the unit file /usr/libexec/openldap/prestart.sh

1 has the advantage that it will survive any openldap upgrade and the disadvantage that, if you specify a LAN IP such as ldaps://192.168.0.1, [^] then if your LAN IP changes, slapd will refuse to start. It also taked you outside the webconfig as "custom" is not an available option there.
2 had the advantages that it will survive a LAN IP change and does not go outside the webconfig, and the disadvantage that it may get overwritten by an openldap update.

I don't believe it will be too difficult to add a couple more options to the webconfig something like:
    Local Networks (without SSL)
    All Networks (without SSL)

and make the necessary adjustments to /usr/libexec/openldap/prestart.sh
No tags attached.
Issue History
2018-10-09 09:36NickHNew Issue
2018-10-09 09:40user2Statusnew => confirmed
2018-10-09 09:41user2Product Version7.5.0 Updates => 7.5.0
2018-10-09 10:46NickHNote Added: 0008131
2019-07-24 15:14NickHNote Added: 0012241
2019-07-24 15:14NickHStatusconfirmed => closed
2019-07-24 15:14NickHAssigned To => NickH
2019-07-24 15:14NickHResolutionopen => suspended

Notes
(0008131)
NickH   
2018-10-09 10:46   
Just clarifying, if you add ldap:// options, if they are selected they should also publish ldaps:// rather than do it instead of.
(0012241)
NickH   
2019-07-24 15:14   
Migrated to https://gitlab.com/clearos/clearfoundation/app-openldap/issues/7 [^]