Lately I have taken a small personal interest in LDAP, and OpenDS in particular.
The Directory concept is startlingly easy to grasp, while the finer points of actually working with a directory are a little harder. I decided it might be cool to toss together a little rails app to work with LDAP. First though, I have been getting a little more familiar with the command line tools.
If you install OpenDS as a regular user in Linux, it makes the default port 1389, instead of the typical 389.
To change that, use dsconfig to change the port.
dsconfig -h directory.urcompany.com -D cn=Directory\ Manager -w password -X -n \
set-connection-handler-prop --handler-name "LDAP Connection Handler" --set listen-port:389
If you set the port for OpenDS to 389, it means that you must run OpenDS as root. Or your regular user must have the privileges to open ports under 1024, which requires afaik specific configuration on Linux. May be you could explain how you do configure the “regular user” ?
Regards
Ludo
Ludo,
I hadn’t gotten that far yet :). Currently, since this for testing. My initial idea was to use setuid root.
After you posted I thought I’d poke around, but I can’t figure out what I’d need to actually make setuid root since making the OpenDS.jar or the start-ds script won’t really work.
If someone has an idea, I’d like to hear it.
So after some hacking around with the other admins here, we have decided to try some iptables rules.
We made the Directory server owned by a regular user, and let it attach to an unprivileged port, and then tossed this into iptables:
iptables -t nat -A PREROUTING -p tcp --dport 389 -j REDIRECT --to-port 1389
iptables -t nat -A OUTPUT -p tcp --dport 389 -j REDIRECT --to-ports 1389
I am not sure how much I like that, but it’s a fix for now.