在用yum安装的Centos上更改OpenLdap的端口

时间:2015-07-31 10:18:07

标签: centos openldap centos7

我正在尝试更改openldap的默认端口(对openldap不太熟悉,所以我可能会做错误的操作)。

目前我正在通过CentOS 7.1.1503上的yum软件包管理器安装它,如下所示:

yum install openldap-servers

安装'openldap-servers'后,我可以通过调用服务slapd start启动openldap服务器

然而,当我尝试通过编辑/ etc / sysconfig / slapd来更改端口时,例如通过将SLAPD_URLS更改为以下内容:     #OpenLDAP服务器配置     #有关其他信息,请参阅'man slapd'

(stackoverflow)[joe@joeyoung.io stackoverflow]# python identify_tmp_tables.py
The following DDL is a TMP table:
CREATE TABLE EXNAME.EXTABLE_TMP ( CONTRIBUTOR_ID VARCHAR2(32) NOT NULL, AFFILIATION_TYPE VARCHAR2(10) NOT NULL, SEQ_NUMBER NUMBER(2) NOT NULL, PRIMARY KEY (CONTRIBUTOR_ID,AFFILIATION_TYPE,SEQ_NUMBER));

(参见SLAPD_URLS =“ldapi:/// ldap://127.0.0.1:3421 /”)..

无法启动

# Where the server will run (-h option)
# - ldapi:/// is required for on-the-fly configuration using client tools
#   (use SASL with EXTERNAL mechanism for authentication)
# - default: ldapi:/// ldap:///
# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:///
SLAPD_URLS="ldapi:/// ldap://127.0.0.1:3421/"

# Any custom options
#SLAPD_OPTIONS=""

# Keytab location for GSSAPI Kerberos authentication
#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"

ps我也禁用了firewalld

1 个答案:

答案 0 :(得分:0)

当我运行journalctl -xn时提供了解决方案,基本上说:

SELinux阻止/ usr / sbin / slapd从tcp_socket端口9312上的name_bind访问。

                                   *****  Plugin bind_ports (92.2 confidence) suggests   ************************

                                   If you want to allow /usr/sbin/slapd to bind to network port 9312
                                   Then you need to modify the port type.
                                   Do
                                   # semanage port -a -t ldap_port_t -p tcp 9312

                                   *****  Plugin catchall_boolean (7.83 confidence) suggests   ******************

                                   If you want to allow nis to enabled
                                   Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
                                   You can read 'None' man page for more details.
                                   Do
                                   setsebool -P nis_enabled 1

                                   *****  Plugin catchall (1.41 confidence) suggests   **************************

                                   If you believe that slapd should be allowed name_bind access on the port 9312 tcp_socket by default.
                                   Then you should report this as a bug.
                                   You can generate a local policy module to allow this access.
                                   Do
                                   allow this access for now by executing:
                                   # grep slapd /var/log/audit/audit.log | audit2allow -M mypol
                                   # semodule -i mypol.pp
相关问题
最新问题