ldap proxy as non-root on port 636


is there a way to have the netiq ldap proxy running as a non-root user still binding port 636? I'm trying to set this up via systemd with a .socket file, but so far without success. Really would like to avoid having ldap proxy running as root.

Would be greatful for any hints.

Best regards
  • I am not an LDAP Proxy expert, but normally you cannot run non-root things
    and get them to bind ports lower than 1024; the easy and usual workaround
    is to use the NetFilter (controlled by iptables) firewall to map the
    external TCP port (636) to whatever port you like where the service is
    listening (e.g. 1636). I have not used systemd sockets to to do the same
    thing, but doing what I mentioned with SUSE's SUSEfirewall2 is really easy
    and probably worty trying as it does work on SLE 12 with systemd.

    An example can be found in this Technical Information Document (TID) for
    the Sentinel product which has the same need at times:


    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.