ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0021751ClearOSapp-openldap-directory - Directory Serverpublic2018-10-09 09:362018-10-09 10:46
ReporterNickH 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version7.5.0 
Target VersionFixed in Version 
Summary0021751: Allow publish policies to optionally include ldap://
DescriptionFrom time to time we get customer requests to have slapd listen on port 389. If we publish a policy we only allow slapd to listen on ldaps:// (tcp:636). There are two ways round this.
1 - edit /etc/sysconfig/slapd and use a custom policy
2 - edit the unit file /usr/libexec/openldap/prestart.sh

1 has the advantage that it will survive any openldap upgrade and the disadvantage that, if you specify a LAN IP such as ldaps://192.168.0.1, [^] then if your LAN IP changes, slapd will refuse to start. It also taked you outside the webconfig as "custom" is not an available option there.
2 had the advantages that it will survive a LAN IP change and does not go outside the webconfig, and the disadvantage that it may get overwritten by an openldap update.

I don't believe it will be too difficult to add a couple more options to the webconfig something like:
    Local Networks (without SSL)
    All Networks (without SSL)

and make the necessary adjustments to /usr/libexec/openldap/prestart.sh
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0008131)
NickH (developer)
2018-10-09 10:46

Just clarifying, if you add ldap:// options, if they are selected they should also publish ldaps:// rather than do it instead of.

- Issue History
Date Modified Username Field Change
2018-10-09 09:36 NickH New Issue
2018-10-09 09:40 pbaldwin Status new => confirmed
2018-10-09 09:41 pbaldwin Product Version 7.5.0 Updates => 7.5.0
2018-10-09 10:46 NickH Note Added: 0008131