directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Custine" <ccust...@apache.org>
Subject Re: [ApacheDS 1.5.1] try to start default partition on Linux with port 389
Date Fri, 05 Oct 2007 15:46:50 GMT
Hi Markus,
You have a couple of options and which one to use depends on what level of
security you want.  If you are OK with running the server as root, then you
simply add change the RUN_AS_USER variable in the /etc/init.d/apacheds
script.  After looking at your question I realized that this is not easily
changed on a per instance basis so I have added an issue to Jira to make
this more flexible in a future release.  If you change it here, all
instances will run as the same userid.

https://issues.apache.org/jira/browse/DIRSERVER-1084

The second option is to use iptables to route the ports.  This is by far
more secure since you can still run the server on any port as an
unprivileged user and receive requests on port 389.  Here are the full
iptables commands to test from the command line (you may have to change the
eth0 interface name).  The second command is only necessary if you have
clients running locally that you want to redirect on localhost, the first
one handles the public interface.

iptables -t nat -A PREROUTING -p tcp --dport 389 -i eth0 -j REDIRECT
--to-port 10389
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 389 -j REDIRECT
--to-port 10389

I hope this helps, and let us know if you have any issues with this.  This
would make a good FAQ item so I will try to add this to some docs.

Thanks,
Chris

On 10/5/07, Markus Pohle <apacheds.users@webunity.de> wrote:
>
>
> Hi List Member,
>
> I installed ApacheDS in Version 1.5.1 on Linux (CentOS 4.3) with Sun
> JDK in Version 1.5.0_10. I used the rpm package to install ApacheDS.
>
> Right after installation I configured the server.xml for the default
> partition, that can be found under the following path:
> /var/lib/apacheds/default/conf/
>
> I configured my own partition and switched the ldap port from 10389 to
> 389 and then tried to start ApacheDS with this command:
> [root@apacheds2 conf]# /etc/init.d/apacheds start default
> Starting Apache Directory Server - default...
>
> What I get is this in the logfiles under /var/log/apacheds/default
> [17:02:23] ERROR
> [org.apache.directory.server.jndi.ServerContextFactory] - Failed to
> bind an LDAP service (389) to the service registry.
> java.net.SocketException: Permission denied
>          at sun.nio.ch.Net.bind(Native Method)
>          at
> sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119)
>          at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java
> :59)
>          at
> org.apache.mina.transport.socket.nio.SocketAcceptor.registerNew(
> SocketAcceptor.java:365)
>          at
> org.apache.mina.transport.socket.nio.SocketAcceptor.access$900(
> SocketAcceptor.java:55)
>          at
> org.apache.mina.transport.socket.nio.SocketAcceptor$Worker.run(
> SocketAcceptor.java:224)
>          at
> org.apache.mina.util.NamePreservingRunnable.run(
> NamePreservingRunnable.java:39)
>          at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
> ThreadPoolExecutor.java:650)
>          at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
> :675)
>          at java.lang.Thread.run(Thread.java:595)
> [17:02:23] ERROR [org.apache.directory.daemon.Bootstrapper] - Failed
> on null.init(InstallationLayout, String[])
> org.apache.directory.shared.ldap.exception.LdapConfigurationException:
> Failed to bind an LDAP service (389) to the service registry. [Root
> exception is java.n
> et.SocketException: Permission denied]
>          at
> org.apache.directory.server.jndi.ServerContextFactory.startLDAP0(
> ServerContextFactory.java:577)
>          at
> org.apache.directory.server.jndi.ServerContextFactory.startLDAP(
> ServerContextFactory.java:511)
>          at
> org.apache.directory.server.jndi.ServerContextFactory.afterStartup(
> ServerContextFactory.java:306)
>          at
> org.apache.directory.server.core.DefaultDirectoryService.startup(
> DefaultDirectoryService.java:266)
>          at
>
> org.apache.directory.server.core.jndi.AbstractContextFactory.getInitialContext
> (AbstractContextFactory.java:124)
>
>
> I think (or better I am sure) this is because all ports lower than
> 1024 behave to the root user and the script from /etc/init.d/apacheds
> tries to start the default partition als apacheds user - and this user
> is not allowed to bind port 389.
>
> Can anybody please help me with that?
> TIA
> Markus Pohle
>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message