[ClearOS_6] Make ldap service listen to all IP

In ClearOS We can set Ldap service listen to all interface by setting Publish Policy option to All Networks, but maybe for security concern the service was not for ldap but ldaps (SSL ldap protocol) which listen in port 636.

Because there is an application that will be using ClearOS ldap as authentication backend cannot using ldaps (as it’s been hardcoded from ¬†vendor) so we need to force ldap (port 389) service to listen in all IP.

So here’s the steps.

  • Edit init service for slapd
vi /etc/init.d/slapd
  • Go to line number 72 then add following lines.
for ip in $AUTOMAGIC_LANIPS; do
      harg="$harg ldap://$ip"
done
  • Save and exit, then restart slapd service to apply the changes
service slapd restart
  • Make sure the modified file will not replaced if there is update for package openldap-servers (do as your own risk)
vi /etc/yum.conf
  • Under section [main]¬†add following line
exclude=openldap-servers
  • make sure ldap service port are listening to all available IP.
netstat -tnap | grep LISTEN | grep 389

 

Advertisements