directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [ApacheDS 1.5.1] try to start default partition on Linux with port 389
Date Fri, 05 Oct 2007 15:45:32 GMT
Oh and forget about Kerberos and changepasswd which at this point can only
run on default ports.
These will not run at all so I would say this is a very critical issue which
must be fixed asap.

Alex

On 10/5/07, Alex Karasulu <akarasulu@apache.org> wrote:
>
> Hi Markus,
>
> Yes you're right about this being a permission issue.  Good catch!  I
> don't know what it
> would take to enable a non-root user to bind to a port below 1024 but we
> have to figure
> this one out to modify the installer.
>
> Could you push a JIRA issue about this and we'll make sure we nip this in
> the bud on
> the next release.
>
> This is a high priority issue since it prevents using the server on 389
> and probably on 636
> with LDAPS.
>
> Alex
>
> On 10/5/07, Markus Pohle <apacheds.users@webunity.de> wrote:
> >
> >
> > Hi List Member,
> >
> > I installed ApacheDS in Version 1.5.1 on Linux (CentOS 4.3) with Sun
> > JDK in Version 1.5.0_10. I used the rpm package to install ApacheDS.
> >
> > Right after installation I configured the server.xml for the default
> > partition, that can be found under the following path:
> > /var/lib/apacheds/default/conf/
> >
> > I configured my own partition and switched the ldap port from 10389 to
> > 389 and then tried to start ApacheDS with this command:
> > [root@apacheds2 conf]# /etc/init.d/apacheds start default
> > Starting Apache Directory Server - default...
> >
> > What I get is this in the logfiles under /var/log/apacheds/default
> > [17:02:23] ERROR
> > [org.apache.directory.server.jndi.ServerContextFactory ] - Failed to
> > bind an LDAP service (389) to the service registry.
> > java.net.SocketException: Permission denied
> >          at sun.nio.ch.Net.bind(Native Method)
> >          at
> > sun.nio.ch.ServerSocketChannelImpl.bind (ServerSocketChannelImpl.java
> > :119)
> >          at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java
> > :59)
> >          at
> > org.apache.mina.transport.socket.nio.SocketAcceptor.registerNew(
> > SocketAcceptor.java:365)
> >          at
> > org.apache.mina.transport.socket.nio.SocketAcceptor.access$900(
> > SocketAcceptor.java:55)
> >          at
> > org.apache.mina.transport.socket.nio.SocketAcceptor$Worker.run(
> > SocketAcceptor.java:224)
> >          at
> > org.apache.mina.util.NamePreservingRunnable.run(
> > NamePreservingRunnable.java:39)
> >          at
> > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
> > ThreadPoolExecutor.java:650)
> >          at
> > java.util.concurrent.ThreadPoolExecutor$Worker.run (
> > ThreadPoolExecutor.java:675)
> >          at java.lang.Thread.run(Thread.java:595)
> > [17:02:23] ERROR [org.apache.directory.daemon.Bootstrapper] - Failed
> > on null.init(InstallationLayout, String[])
> > org.apache.directory.shared.ldap.exception.LdapConfigurationException :
> > Failed to bind an LDAP service (389) to the service registry. [Root
> > exception is java.n
> > et.SocketException: Permission denied]
> >          at
> > org.apache.directory.server.jndi.ServerContextFactory.startLDAP0(
> > ServerContextFactory.java:577)
> >          at
> > org.apache.directory.server.jndi.ServerContextFactory.startLDAP(
> > ServerContextFactory.java:511)
> >          at
> > org.apache.directory.server.jndi.ServerContextFactory.afterStartup (
> > ServerContextFactory.java:306)
> >          at
> > org.apache.directory.server.core.DefaultDirectoryService.startup(
> > DefaultDirectoryService.java:266)
> >          at
> >
> > org.apache.directory.server.core.jndi.AbstractContextFactory.getInitialContext(
> > AbstractContextFactory.java:124)
> >
> >
> > I think (or better I am sure) this is because all ports lower than
> > 1024 behave to the root user and the script from /etc/init.d/apacheds
> > tries to start the default partition als apacheds user - and this user
> > is not allowed to bind port 389.
> >
> > Can anybody please help me with that?
> > TIA
> > Markus Pohle
> >
> >
> >
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message