389-DS to work for only 636 port?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ajeet S Raina wrote:
> I installed the fresh 389 -DS on my machine. I too ran setupssl2.sh 
> and configured https:// for Management Console.
> But if i try running:
>
> # netstat -pant | grep 389
> tcp        0      0 :::389                      
> :::*                        LISTEN      10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:55256 
> <http://10.14.37.91:55256>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.146:1777 
> <http://10.14.37.146:1777>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:44009 
> <http://10.14.37.91:44009>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.53.10:1192 
> <http://10.14.53.10:1192>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.146:3651 
> <http://10.14.37.146:3651>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:37322 
> <http://10.14.37.91:37322>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.210.53.152:2810 
> <http://10.210.53.152:2810>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.146:3650 
> <http://10.14.37.146:3650>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.47.22:43948 
> <http://10.14.47.22:43948>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.146:1778 
> <http://10.14.37.146:1778>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.53.34:2679 
> <http://10.14.53.34:2679>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:51965 
> <http://10.14.37.91:51965>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:37359 
> <http://10.14.37.91:37359>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.47.22:39271 
> <http://10.14.47.22:39271>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.53.21:3212 
> <http://10.14.53.21:3212>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:37377 
> <http://10.14.37.91:37377>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:37379 
> <http://10.14.37.91:37379>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:44003 
> <http://10.14.37.91:44003>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.53.34:2681 
> <http://10.14.53.34:2681>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.53.21:2926 
> <http://10.14.53.21:2926>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:37380 
> <http://10.14.37.91:37380>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:37381 
> <http://10.14.37.91:37381>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:37365 
> <http://10.14.37.91:37365>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.37.91:44006 
> <http://10.14.37.91:44006>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.53.152:2806 
> <http://10.14.53.152:2806>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.53.120:1991 
> <http://10.14.53.120:1991>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.14.47.24:389 
> <http://10.14.47.24:389>     ::ffff:10.14.53.21:3034 
> <http://10.14.53.21:3034>    ESTABLISHED 10756/ns-slapd
>
> #netstat -pant | grep 636
> [root at 389-supplier ~]# netstat -pant | grep :636
> tcp        0      0 :::636                      
> :::*                        LISTEN      10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.120:1771 
> <http://10.210.53.120:1771>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.120:1770 
> <http://10.210.53.120:1770>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.209.37.146:3648 
> <http://10.209.37.146:3648>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.209.37.146:3649 
> <http://10.209.37.146:3649>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.34:2677 
> <http://10.210.53.34:2677>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.21:3202 
> <http://10.210.53.21:3202>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.34:2676 
> <http://10.210.53.34:2676>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.21:3203 
> <http://10.210.53.21:3203>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.152:2787 
> <http://10.210.53.152:2787>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.152:2802 
> <http://10.210.53.152:2802>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.21:2940 
> <http://10.210.53.21:2940>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.209.37.146:1774 
> <http://10.209.37.146:1774>   ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.10:1205 
> <http://10.210.53.10:1205>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.21:2939 
> <http://10.210.53.21:2939>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.210.53.10:1204 
> <http://10.210.53.10:1204>    ESTABLISHED 10756/ns-slapd
> tcp        0      0 ::ffff:10.209.47.24:636 
> <http://10.209.47.24:636>     ::ffff:10.209.37.146:1773 
> <http://10.209.37.146:1773>   ESTABLISHED 10756/ns-slapd
>
>
> How can I make it work for only 636 port?
The easy way is to
shutdown the server
edit dse.ldif - change nsslapd-port: 0
start up the server

However, current versions of 389 give you a lot of flexibility in how to 
handle secure connections.  For example, you may want to allow the 
startTLS operation which starts an encrypted channel on port 389.  You 
can restrict connections to require startTLS or other encryption methods 
(e.g. SASL/GSSAPI with minssf > somevalue).

See http://directory.fedoraproject.org/wiki/Roadmap
Add require secure binds switch
Access based on the security strength of the connection
Ability to shut off anonymous access

>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux