directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Custine" <ccust...@apache.org>
Subject Re: [ApacheDS 1.5.1] try to start default partition on Linux with port 389
Date Fri, 05 Oct 2007 15:53:39 GMT
The problem with Java is that we can't change effective userid after the
startup phase where we allocate the privileged ports as root.  For the time
being, the startup wrapper seems to be making it difficult to change this on
a per instance basis but it can be done for the entire server installation
as I outlined on my other reponse.  I will look at a way to make this easier
to run as root on a per instance basis, but I also happen to think running
as root is a universally bad idea and I will document how to make this work
on Linux installs with iptables.

Chris

On 10/5/07, Alex Karasulu <akarasulu@apache.org> wrote:
>
> Oh and forget about Kerberos and changepasswd which at this point can only
> run on default ports.
> These will not run at all so I would say this is a very critical issue
> which
> must be fixed asap.
>
> Alex
>
> On 10/5/07, Alex Karasulu <akarasulu@apache.org> wrote:
> >
> > Hi Markus,
> >
> > Yes you're right about this being a permission issue.  Good catch!  I
> > don't know what it
> > would take to enable a non-root user to bind to a port below 1024 but we
> > have to figure
> > this one out to modify the installer.
> >
> > Could you push a JIRA issue about this and we'll make sure we nip this
> in
> > the bud on
> > the next release.
> >
> > This is a high priority issue since it prevents using the server on 389
> > and probably on 636
> > with LDAPS.
> >
> > Alex
> >
> > On 10/5/07, Markus Pohle <apacheds.users@webunity.de> wrote:
> > >
> > >
> > > Hi List Member,
> > >
> > > I installed ApacheDS in Version 1.5.1 on Linux (CentOS 4.3) with Sun
> > > JDK in Version 1.5.0_10. I used the rpm package to install ApacheDS.
> > >
> > > Right after installation I configured the server.xml for the default
> > > partition, that can be found under the following path:
> > > /var/lib/apacheds/default/conf/
> > >
> > > I configured my own partition and switched the ldap port from 10389 to
> > > 389 and then tried to start ApacheDS with this command:
> > > [root@apacheds2 conf]# /etc/init.d/apacheds start default
> > > Starting Apache Directory Server - default...
> > >
> > > What I get is this in the logfiles under /var/log/apacheds/default
> > > [17:02:23] ERROR
> > > [org.apache.directory.server.jndi.ServerContextFactory ] - Failed to
> > > bind an LDAP service (389) to the service registry.
> > > java.net.SocketException: Permission denied
> > >          at sun.nio.ch.Net.bind(Native Method)
> > >          at
> > > sun.nio.ch.ServerSocketChannelImpl.bind (ServerSocketChannelImpl.java
> > > :119)
> > >          at sun.nio.ch.ServerSocketAdaptor.bind(
> ServerSocketAdaptor.java
> > > :59)
> > >          at
> > > org.apache.mina.transport.socket.nio.SocketAcceptor.registerNew(
> > > SocketAcceptor.java:365)
> > >          at
> > > org.apache.mina.transport.socket.nio.SocketAcceptor.access$900(
> > > SocketAcceptor.java:55)
> > >          at
> > > org.apache.mina.transport.socket.nio.SocketAcceptor$Worker.run(
> > > SocketAcceptor.java:224)
> > >          at
> > > org.apache.mina.util.NamePreservingRunnable.run(
> > > NamePreservingRunnable.java:39)
> > >          at
> > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
> > > ThreadPoolExecutor.java:650)
> > >          at
> > > java.util.concurrent.ThreadPoolExecutor$Worker.run (
> > > ThreadPoolExecutor.java:675)
> > >          at java.lang.Thread.run(Thread.java:595)
> > > [17:02:23] ERROR [org.apache.directory.daemon.Bootstrapper] - Failed
> > > on null.init(InstallationLayout, String[])
> > > org.apache.directory.shared.ldap.exception.LdapConfigurationException:
> > > Failed to bind an LDAP service (389) to the service registry. [Root
> > > exception is java.n
> > > et.SocketException: Permission denied]
> > >          at
> > > org.apache.directory.server.jndi.ServerContextFactory.startLDAP0(
> > > ServerContextFactory.java:577)
> > >          at
> > > org.apache.directory.server.jndi.ServerContextFactory.startLDAP(
> > > ServerContextFactory.java:511)
> > >          at
> > > org.apache.directory.server.jndi.ServerContextFactory.afterStartup (
> > > ServerContextFactory.java:306)
> > >          at
> > > org.apache.directory.server.core.DefaultDirectoryService.startup(
> > > DefaultDirectoryService.java:266)
> > >          at
> > >
> > >
> org.apache.directory.server.core.jndi.AbstractContextFactory.getInitialContext
> (
> > > AbstractContextFactory.java:124)
> > >
> > >
> > > I think (or better I am sure) this is because all ports lower than
> > > 1024 behave to the root user and the script from /etc/init.d/apacheds
> > > tries to start the default partition als apacheds user - and this user
> > > is not allowed to bind port 389.
> > >
> > > Can anybody please help me with that?
> > > TIA
> > > Markus Pohle
> > >
> > >
> > >
> > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message