在用yum安装的Centos上更改OpenLdap的端口-Java 学习之路

-1

我正在尝试更改openldap的默认端口（对openldap不太熟悉，所以我可能会做错误的事情） .

目前我通过CentOS 7.1.1503上的yum软件包管理器安装它，如下所示：

yum安装openldap-servers

安装'openldap-servers'后，我可以通过调用slapd start服务来启动openldap服务器

但是当我尝试通过编辑/ etc / sysconfig / slapd来更改端口时，例如通过将SLAPD_URLS更改为以下内容：#OpenLDAP服务器配置＃参见'man slapd'以获取更多信息

# Where the server will run (-h option)
# - ldapi:/// is required for on-the-fly configuration using client tools
#   (use SASL with EXTERNAL mechanism for authentication)
# - default: ldapi:/// ldap:///
# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:///
SLAPD_URLS="ldapi:/// ldap://127.0.0.1:3421/"

# Any custom options
#SLAPD_OPTIONS=""

# Keytab location for GSSAPI Kerberos authentication
#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"

（参见SLAPD_URLS =“ldapi：/// ldap：//127.0.0.1：3421 /”）..

它没有开始

service slapd start
Redirecting to /bin/systemctl start  slapd.service
Job for slapd.service failed. See 'systemctl status slapd.service' and 'journalctl -xn' for details.



service slapd status
Redirecting to /bin/systemctl status  slapd.service
slapd.service - OpenLDAP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled)
   Active: failed (Result: exit-code) since Fri 2015-07-31 07:49:06 EDT; 10s ago
     Docs: man:slapd
           man:slapd-config
           man:slapd-hdb
           man:slapd-mdb
           file:///usr/share/doc/openldap-servers/guide.html
  Process: 41704 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
  Process: 41675 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
 Main PID: 34363 (code=exited, status=0/SUCCESS)

Jul 31 07:49:06 osboxes runuser[41691]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes runuser[41693]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes runuser[41695]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes runuser[41697]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes runuser[41699]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes runuser[41701]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jul 31 07:49:06 osboxes slapd[41704]: @(#) $OpenLDAP: slapd 2.4.39 (Mar  6 2015 04:35:49) $
                                              mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/servers/slapd
Jul 31 07:49:06 osboxes systemd[1]: slapd.service: control process exited, code=exited status=1
Jul 31 07:49:06 osboxes systemd[1]: Failed to start OpenLDAP Server Daemon.
Jul 31 07:49:06 osboxes systemd[1]: Unit slapd.service entered failed state.

ps我也禁用了firewalld

1 回答

当我运行journalctl -xn时提供了解决方案，基本上说：

SELinux阻止/ usr / sbin / slapd从tcp_socket端口9312上的name_bind访问 .

*****  Plugin bind_ports (92.2 confidence) suggests   ************************

                                   If you want to allow /usr/sbin/slapd to bind to network port 9312
                                   Then you need to modify the port type.
                                   Do
                                   # semanage port -a -t ldap_port_t -p tcp 9312

                                   *****  Plugin catchall_boolean (7.83 confidence) suggests   ******************

                                   If you want to allow nis to enabled
                                   Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
                                   You can read 'None' man page for more details.
                                   Do
                                   setsebool -P nis_enabled 1

                                   *****  Plugin catchall (1.41 confidence) suggests   **************************

                                   If you believe that slapd should be allowed name_bind access on the port 9312 tcp_socket by default.
                                   Then you should report this as a bug.
                                   You can generate a local policy module to allow this access.
                                   Do
                                   allow this access for now by executing:
                                   # grep slapd /var/log/audit/audit.log | audit2allow -M mypol
                                   # semodule -i mypol.pp

回复于 2024-05-05T18:29:32+08:00

在用yum安装的Centos上更改OpenLdap的端口

1 回答

相关问题