cgottschalch Absent Member.
Absent Member.
1880 views

ldap proxy as non-root on port 636

Hi,

is there a way to have the netiq ldap proxy running as a non-root user still binding port 636? I'm trying to set this up via systemd with a .socket file, but so far without success. Really would like to avoid having ldap proxy running as root.

Would be greatful for any hints.

Best regards
Chris
0 Likes
1 Reply
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: ldap proxy as non-root on port 636

I am not an LDAP Proxy expert, but normally you cannot run non-root things
and get them to bind ports lower than 1024; the easy and usual workaround
is to use the NetFilter (controlled by iptables) firewall to map the
external TCP port (636) to whatever port you like where the service is
listening (e.g. 1636). I have not used systemd sockets to to do the same
thing, but doing what I mentioned with SUSE's SUSEfirewall2 is really easy
and probably worty trying as it does work on SLE 12 with systemd.

An example can be found in this Technical Information Document (TID) for
the Sentinel product which has the same need at times:

https://www.netiq.com/support/kb/doc.php?id=3493251


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.